Permalink
Browse files

fix(ajax): iframe-based submissions can again be recognized as XHR re…

…quests

We were relying on this behavior so we return it to 1.x behavior and add tests
for this and the other Request methods.

Fixes #8735
  • Loading branch information...
mrclay committed Mar 4, 2016
1 parent 58127a4 commit c25962a02d29ad00f304918c29f44f05e76186b6
Showing with 53 additions and 1 deletion.
  1. +12 −1 engine/classes/Elgg/Http/Request.php
  2. +41 −0 engine/tests/phpunit/Elgg/Http/RequestTest.php
@@ -108,13 +108,24 @@ public function getClientIp() {
// try one more
$ip_addresses = $this->server->get('HTTP_X_REAL_IP');
if ($ip_addresses) {
return array_pop(explode(',', $ip_addresses));
$ip_addresses = explode(',', $ip_addresses);
return array_pop($ip_addresses);
}
}
return $ip;
}
/**
* {@inheritdoc}
*/
public function isXmlHttpRequest() {
return (strtolower($this->headers->get('X-Requested-With')) === 'xmlhttprequest'
|| $this->query->get('X-Requested-With') === 'XMLHttpRequest'
|| $this->request->get('X-Requested-With') === 'XMLHttpRequest');
// GET/POST check is necessary for jQuery.form and other iframe-based "ajax". #8735
}
/**
* Strip slashes if magic quotes is on
*
@@ -0,0 +1,41 @@
<?php
namespace Elgg\Http;
use PHPUnit_Framework_TestCase as TestCase;
class RequestTest extends TestCase {
public function testCanDetectElggPath() {
$req = new Request([
'__elgg_uri' => '/foo/bar/',
]);
$this->assertEquals(['foo', 'bar'], $req->getUrlSegments());
}
public function testClientIpChecksXRealIp() {
$req = new Request();
$req->server->set('HTTP_X_REAL_IP', '127.0.0.1');
$this->assertEquals('127.0.0.1', $req->getClientIp());
}
public function testDetectsMixedCaseXhrHeader() {
$req = new Request();
$req->headers->set('X-Requested-With', 'xmlhttprequest');
$this->assertTrue($req->isXmlHttpRequest());
}
public function testDetectsXhrFromGet() {
$req = new Request([
'X-Requested-With' => 'XMLHttpRequest',
]);
$this->assertTrue($req->isXmlHttpRequest());
}
public function testDetectsXhrFromPost() {
$req = new Request([], [
'X-Requested-With' => 'XMLHttpRequest',
]);
$this->assertTrue($req->isXmlHttpRequest());
}
}

0 comments on commit c25962a

Please sign in to comment.