Skip to content

Commit

Permalink
Fixed regression in IntegrationTestCase where urls with query strings…
Browse files Browse the repository at this point in the history 
… failed security checks
  • Loading branch information
@jeremyharris
jeremyharris committed Mar 22, 2018
1 parent 7184c26 commit 0ab421b
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 3 deletions.
12 changes: 9 additions & 3 deletions src/TestSuite/IntegrationTestCase.php
View file
Expand Up @@ -22,6 +22,7 @@ class_alias('PHPUnit_Exception', 'PHPUnit\Exception');

use Cake\Core\Configure;
use Cake\Database\Exception as DatabaseException;
use Cake\Http\ServerRequest;
use Cake\Http\Session;
use Cake\Routing\Router;
use Cake\TestSuite\Stub\TestExceptionRenderer;
Expand Down Expand Up @@ -658,14 +659,19 @@ protected function _addTokens($url, $data)
*/
protected function _url($url)
{
$url = Router::url($url);
// re-create URL in ServerRequest's context so
// query strings are encoded as expected
$request = new ServerRequest(['url' => Router::url($url)]);
$url = $request->getRequestTarget();

$query = '';

$path = parse_url($url, PHP_URL_PATH);
if (strpos($url, '?') !== false) {
list($url, $query) = explode('?', $url, 2);
$query = parse_url($url, PHP_URL_QUERY);
}

return [$url, $query];
return [$path, $query];
}

/**
Expand Down
29 changes: 29 additions & 0 deletions tests/TestCase/TestSuite/IntegrationTestCaseTest.php
View file
Expand Up @@ -1094,4 +1094,33 @@ public function testDisableErrorHandlerMiddleware()
$this->disableErrorHandlerMiddleware();
$this->get('/foo');
}

/**
* tests getting a secure action while passing a query string
*
* @return void
* @dataProvider methodsProvider
*/
public function testSecureWithQueryString($method)
{
$this->enableSecurityToken();
$this->{$method}('/posts/securePost/?ids[]=1&ids[]=2');
$this->assertResponseOk();
}

/**
* data provider for HTTP methods
*
* @return array
*/
public function methodsProvider()
{
return [
'GET' => ['get'],
'POST' => ['post'],
'PATCH' => ['patch'],
'PUT' => ['put'],
'DELETE' => ['delete'],
];
}
}

0 comments on commit 0ab421b

Please sign in to comment.