/
SessionTest.php
65 lines (51 loc) · 1.54 KB
/
SessionTest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?php
namespace Gongo\MercifulPolluter\Test;
use \PHPUnit_Framework_TestCase;
use Gongo\MercifulPolluter\Session;
/**
* @runTestsInSeparateProcesses
*/
class SessionTest extends PHPUnit_Framework_TestCase
{
private $object = null;
protected function setUp()
{
$this->object = new Session;
}
public function testPollute()
{
session_start();
$_SESSION['userId'] = '1234';
$_SESSION['userName'] = 'Jack';
$this->object->pollute();
global $userId, $userName;
$this->assertEquals($_SESSION['userId'], $userId);
$this->assertEquals($_SESSION['userName'], $userName);
// Reference global to session
$userId = '99999';
$this->assertEquals('99999', $_SESSION['userId']);
}
/**
* @expectedException PHPUnit_Framework_Error_Warning
* @expectedExceptionMessage The session not yet started (Ignoring)
*/
public function testPolluteSessionNotStarted()
{
$this->object->pollute();
}
/**
* @see https://github.com/gongo/merciful-polluter/issues/2
*/
public function testPolluteSpecifiedBlacklist()
{
session_start();
$_SESSION['_GET'] = '1234';
$_SESSION['_POST'] = array('userId', 'Evil');
$_SESSION['userId'] = 'Jack';
$this->object->pollute();
$this->assertNotEquals($_SESSION['_GET'], $_GET);
$this->assertNotEquals($_SESSION['_POST'], $_POST);
global $userId;
$this->assertEquals('Jack', $userId);
}
}