diff options
author | ArthurHoaro <arthur@hoa.ro> | 2015-07-25 13:15:47 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2015-08-22 10:10:55 +0200 |
commit | 06b6660a7e8891c6e1c47815cf50ee5b2ef5f270 (patch) | |
tree | b496ead047ccedb898c1917ee98d95c9cbde179c /tests | |
parent | d7efade5d651ec60a05a86baa53f99188ad5d72c (diff) | |
download | Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.gz Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.zst Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.zip |
Avoid Full Path Disclosure error on session error.
* Add a function to validate session ID.
* Generate a new session ID if an invalid token is passed.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/UtilsTest.php | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php index 28e15f5a..e39ce6be 100644 --- a/tests/UtilsTest.php +++ b/tests/UtilsTest.php | |||
@@ -150,5 +150,22 @@ class UtilsTest extends PHPUnit_Framework_TestCase | |||
150 | { | 150 | { |
151 | checkPHPVersion('5.3', '5.2'); | 151 | checkPHPVersion('5.3', '5.2'); |
152 | } | 152 | } |
153 | |||
154 | /** | ||
155 | * Test is_session_id_valid with a valid ID. | ||
156 | */ | ||
157 | public function testIsSessionIdValid() | ||
158 | { | ||
159 | $this->assertTrue(is_session_id_valid('123456789012345678901234567890az')); | ||
160 | } | ||
161 | |||
162 | /** | ||
163 | * Test is_session_id_valid with invalid IDs. | ||
164 | */ | ||
165 | public function testIsSessionIdInvalid() | ||
166 | { | ||
167 | $this->assertFalse(is_session_id_valid('')); | ||
168 | $this->assertFalse(is_session_id_valid(array())); | ||
169 | $this->assertFalse(is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')); | ||
170 | } | ||
153 | } | 171 | } |
154 | ?> | ||