Avoid Full Path Disclosure error on session error.

* Add a function to validate session ID. * Generate a new session ID if an invalid token is passed.
author: ArthurHoaro <arthur@hoa.ro> 2015-07-25 13:15:47 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2015-08-22 10:10:55 +0200
commit: 06b6660a7e8891c6e1c47815cf50ee5b2ef5f270 (patch)
tree: b496ead047ccedb898c1917ee98d95c9cbde179c /tests/UtilsTest.php
parent: d7efade5d651ec60a05a86baa53f99188ad5d72c (diff)
download: Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.gz
Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.zst
Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.zip
1 files changed, 18 insertions, 1 deletions
diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php
index 28e15f5a..e39ce6be 100644
--- a/tests/UtilsTest.php
+++ b/tests/UtilsTest.php
@@ -150,5 +150,22 @@ class UtilsTest extends PHPUnit_Framework_TestCase
    {
        checkPHPVersion('5.3', '5.2');
    }
+    /**
+     * Test is_session_id_valid with a valid ID.
+     */
+    public function testIsSessionIdValid()
+    {
+        $this->assertTrue(is_session_id_valid('123456789012345678901234567890az'));
+    }
+    /**
+     * Test is_session_id_valid with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(is_session_id_valid(''));
+        $this->assertFalse(is_session_id_valid(array()));
+        $this->assertFalse(is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI='));
+    }
 }
-?>
author	ArthurHoaro <arthur@hoa.ro>	2015-07-25 13:15:47 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2015-08-22 10:10:55 +0200
commit	06b6660a7e8891c6e1c47815cf50ee5b2ef5f270 (patch)
tree	b496ead047ccedb898c1917ee98d95c9cbde179c /tests/UtilsTest.php
parent	d7efade5d651ec60a05a86baa53f99188ad5d72c (diff)
download	Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.gz Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.zst Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.zip

diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php index 28e15f5a..e39ce6be 100644 --- a/tests/UtilsTest.php +++ b/tests/UtilsTest.php
@@ -150,5 +150,22 @@ class UtilsTest extends PHPUnit_Framework_TestCase
150	{	150	{
151	checkPHPVersion('5.3', '5.2');	151	checkPHPVersion('5.3', '5.2');
152	}	152	}
		153
		154	/**
		155	* Test is_session_id_valid with a valid ID.
		156	*/
		157	public function testIsSessionIdValid()
		158	{
		159	$this->assertTrue(is_session_id_valid('123456789012345678901234567890az'));
		160	}
		161
		162	/**
		163	* Test is_session_id_valid with invalid IDs.
		164	*/
		165	public function testIsSessionIdInvalid()
		166	{
		167	$this->assertFalse(is_session_id_valid(''));
		168	$this->assertFalse(is_session_id_valid(array()));
		169	$this->assertFalse(is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI='));
		170	}
153	}	171	}
154	?>