Skip to content

Commit f541bdc

Browse files
markstorymarkstory
committed
Fix tests for PHP7.2 session_id problems.
session_id() can't be set after stdout has been written to. Fixate the session id to a non-empty value during bootstrap to make tests possible.
1 parent 45eeb56 commit f541bdc

File tree

3 files changed

+27
-23
lines changed

3 files changed

+27
-23
lines changed

tests/TestCase/Controller/Component/SecurityComponentTest.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,6 @@ class SecurityComponentTest extends TestCase
156156
public function setUp()
157157
{
158158
parent::setUp();
159-
session_id('cli');
160159

161160
$this->server = $_SERVER;
162161
$session = new Session();

tests/TestCase/View/Helper/FormHelperTest.php

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,6 @@ class FormHelperTest extends TestCase
141141
public function setUp()
142142
{
143143
parent::setUp();
144-
session_id('');
145144

146145
Configure::write('Config.language', 'eng');
147146
Configure::write('App.base', '');
@@ -1133,8 +1132,11 @@ public function testValidateHashNoModel()
11331132
{
11341133
$this->Form->request->params['_Token'] = 'foo';
11351134

1136-
$result = $this->Form->secure(['anything']);
1137-
$this->assertRegExp('/b9731869b9915e3dee6250db1a1fad464371fb94/', $result);
1135+
$fields = ['anything'];
1136+
$result = $this->Form->secure($fields);
1137+
1138+
$hash = hash_hmac('sha1', serialize($fields) . session_id(), Security::salt());
1139+
$this->assertContains($hash, $result);
11381140
}
11391141

11401142
/**
@@ -1165,7 +1167,7 @@ public function testFormSecurityFields()
11651167
$this->Form->request->params['_Token'] = 'testKey';
11661168
$result = $this->Form->secure($fields);
11671169

1168-
$hash = hash_hmac('sha1', serialize($fields), Security::salt());
1170+
$hash = hash_hmac('sha1', serialize($fields) . session_id(), Security::salt());
11691171
$hash .= ':' . 'Model.valid';
11701172
$hash = urlencode($hash);
11711173
$tokenDebug = urlencode(json_encode([
@@ -1213,7 +1215,7 @@ public function testFormSecurityFieldsNoDebugMode()
12131215
$this->Form->request->params['_Token'] = 'testKey';
12141216
$result = $this->Form->secure($fields);
12151217

1216-
$hash = hash_hmac('sha1', serialize($fields), Security::salt());
1218+
$hash = hash_hmac('sha1', serialize($fields) . session_id(), Security::salt());
12171219
$hash .= ':' . 'Model.valid';
12181220
$hash = urlencode($hash);
12191221
$expected = [
@@ -1406,9 +1408,8 @@ public function testFormSecurityMultipleFields()
14061408
];
14071409
$result = $this->Form->secure($fields);
14081410

1409-
$hash = '51e3b55a6edd82020b3f29c9ae200e14bbeb7ee5%3AModel.0.hidden%7CModel.0.valid';
1410-
$hash = '16e544e04f6d3007231e3e23f8f73427a53272d4%3AModel.0.hidden%7CModel.0.valid';
1411-
$hash .= '%7CModel.1.hidden%7CModel.1.valid';
1411+
$hash = '8670192c3f040bf58680479060b4755b7a5c3596' .
1412+
'%3AModel.0.hidden%7CModel.0.valid%7CModel.1.hidden%7CModel.1.valid';
14121413
$tokenDebug = urlencode(json_encode([
14131414
'',
14141415
$fields,
@@ -1608,7 +1609,7 @@ public function testFormSecurityMultipleControlFields()
16081609
$this->Form->control('Addresses.1.primary', ['type' => 'checkbox']);
16091610

16101611
$result = $this->Form->secure($this->Form->fields);
1611-
$hash = '587942c6810603a6d5a07a394316dda455580227%3AAddresses.0.id%7CAddresses.1.id';
1612+
$hash = 'a4fe49bde94894a01375e7aa2873ea8114a96471%3AAddresses.0.id%7CAddresses.1.id';
16121613
$tokenDebug = urlencode(json_encode([
16131614
'/articles/add',
16141615
[
@@ -1705,7 +1706,7 @@ public function testFormSecurityMultipleControlDisabledFields()
17051706
$this->Form->text('Addresses.1.phone');
17061707

17071708
$result = $this->Form->secure($this->Form->fields);
1708-
$hash = '8db4b5f1a912dfafd9c264964df7aa598ea322c0%3AAddresses.0.id%7CAddresses.1.id';
1709+
$hash = '43c4db25e4162c5e4edd9dea51f5f9d9d92215ec%3AAddresses.0.id%7CAddresses.1.id';
17091710
$tokenDebug = urlencode(json_encode([
17101711
'/articles/add',
17111712
[
@@ -1783,7 +1784,7 @@ public function testFormSecurityControlUnlockedFields()
17831784

17841785
$result = $this->Form->secure($expected, ['data-foo' => 'bar']);
17851786

1786-
$hash = 'cdc8fa2dd2aa2804c12cd17279c39747f1c57354%3AAddresses.id';
1787+
$hash = 'f98315a7d5515e5ae32e35f7d680207c085fae69%3AAddresses.id';
17871788
$tokenDebug = urlencode(json_encode([
17881789
'/articles/add',
17891790
[
@@ -1857,7 +1858,7 @@ public function testFormSecurityControlUnlockedFieldsDebugSecurityTrue()
18571858
$this->assertEquals($expected, $result);
18581859
$result = $this->Form->secure($expected, ['data-foo' => 'bar', 'debugSecurity' => true]);
18591860

1860-
$hash = 'cdc8fa2dd2aa2804c12cd17279c39747f1c57354%3AAddresses.id';
1861+
$hash = 'f98315a7d5515e5ae32e35f7d680207c085fae69%3AAddresses.id';
18611862
$tokenDebug = urlencode(json_encode([
18621863
'/articles/add',
18631864
[
@@ -1932,7 +1933,7 @@ public function testFormSecurityControlUnlockedFieldsDebugSecurityDebugFalse()
19321933
Configure::write('debug', false);
19331934
$result = $this->Form->secure($expected, ['data-foo' => 'bar', 'debugSecurity' => true]);
19341935

1935-
$hash = 'cdc8fa2dd2aa2804c12cd17279c39747f1c57354%3AAddresses.id';
1936+
$hash = 'f98315a7d5515e5ae32e35f7d680207c085fae69%3AAddresses.id';
19361937
$expected = [
19371938
'div' => ['style' => 'display:none;'],
19381939
['input' => [
@@ -1985,8 +1986,7 @@ public function testFormSecurityControlUnlockedFieldsDebugSecurityFalse()
19851986
$this->assertEquals($expected, $result);
19861987

19871988
$result = $this->Form->secure($expected, ['data-foo' => 'bar', 'debugSecurity' => false]);
1988-
1989-
$hash = 'cdc8fa2dd2aa2804c12cd17279c39747f1c57354%3AAddresses.id';
1989+
$hash = 'f98315a7d5515e5ae32e35f7d680207c085fae69%3AAddresses.id';
19901990

19911991
$expected = [
19921992
'div' => ['style' => 'display:none;'],
@@ -2480,7 +2480,7 @@ public function testSecuredFormUrlIgnoresHost()
24802480
{
24812481
$this->Form->request->params['_Token'] = ['key' => 'testKey'];
24822482

2483-
$expected = '8312b8faa7e74c6f36e05c8d188eda58b39fab20%3A';
2483+
$expected = '2548654895b160d724042ed269a2a863fd9d66ee%3A';
24842484
$this->Form->create($this->article, [
24852485
'url' => ['controller' => 'articles', 'action' => 'view', 1, '?' => ['page' => 1]]
24862486
]);
@@ -2511,7 +2511,7 @@ public function testSecuredFormUrlHasHtmlAndIdentifier()
25112511
{
25122512
$this->Form->request->params['_Token'] = ['key' => 'testKey'];
25132513

2514-
$expected = '93acdc2336947d62cf057a17275264c1fecc2443%3A';
2514+
$expected = '0a913f45b887b4d9cc2650ef1edc50183896959c%3A';
25152515
$this->Form->create($this->article, [
25162516
'url' => [
25172517
'controller' => 'articles',
@@ -5578,8 +5578,8 @@ public function testSelectMultipleCheckboxSecurity()
55785578
$this->assertEquals(['Model.multi_field'], $this->Form->fields);
55795579

55805580
$result = $this->Form->secure($this->Form->fields);
5581-
$key = '3cecbba5b65c8792d963b0498c67741466e61d47%3A';
5582-
$this->assertRegExp('/"' . $key . '"/', $result);
5581+
$key = '8af36fb34e6f2ef8ba0eb473bb4365ec232f3fe5%3A';
5582+
$this->assertContains('"' . $key . '"', $result);
55835583
}
55845584

55855585
/**
@@ -7613,7 +7613,7 @@ public function testPostLinkWithData()
76137613
*/
76147614
public function testPostLinkSecurityHash()
76157615
{
7616-
$hash = hash_hmac('sha1', '/posts/delete/1' . serialize(['id' => '1']), Security::getSalt());
7616+
$hash = hash_hmac('sha1', '/posts/delete/1' . serialize(['id' => '1']) . session_id(), Security::getSalt());
76177617
$hash .= '%3Aid';
76187618
$this->Form->request->params['_Token']['key'] = 'test';
76197619

@@ -7666,7 +7666,7 @@ public function testPostLinkSecurityHash()
76667666
*/
76677667
public function testPostLinkSecurityHashBlockMode()
76687668
{
7669-
$hash = hash_hmac('sha1', '/posts/delete/1' . serialize([]), Security::getSalt());
7669+
$hash = hash_hmac('sha1', '/posts/delete/1' . serialize([]) . session_id(), Security::getSalt());
76707670
$hash .= '%3A';
76717671
$this->Form->request->params['_Token']['key'] = 'test';
76727672

@@ -7690,7 +7690,7 @@ public function testPostLinkSecurityHashBlockMode()
76907690
public function testPostLinkSecurityHashNoDebugMode()
76917691
{
76927692
Configure::write('debug', false);
7693-
$hash = hash_hmac('sha1', '/posts/delete/1' . serialize(['id' => '1']), Security::getSalt());
7693+
$hash = hash_hmac('sha1', '/posts/delete/1' . serialize(['id' => '1']) . session_id(), Security::getSalt());
76947694
$hash .= '%3Aid';
76957695
$this->Form->request->params['_Token']['key'] = 'test';
76967696

tests/bootstrap.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,3 +139,8 @@ class_alias('PHPUnit_Framework_Error', 'PHPUnit\Framework\Error\Error');
139139
class_alias('PHPUnit_Framework_Error_Warning', 'PHPUnit\Framework\Error\Warning');
140140
class_alias('PHPUnit_Framework_ExpectationFailedException', 'PHPUnit\Framework\ExpectationFailedException');
141141
}
142+
143+
// Fixate sessionid early on, as php7.2+
144+
// does not allow the sessionid to be set after stdout
145+
// has been written to.
146+
session_id('cli');

0 commit comments

Comments
 (0)