aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2015-07-25 13:15:47 +0200
committerArthurHoaro <arthur@hoa.ro>2015-08-22 10:10:55 +0200
commit06b6660a7e8891c6e1c47815cf50ee5b2ef5f270 (patch)
treeb496ead047ccedb898c1917ee98d95c9cbde179c /tests
parentd7efade5d651ec60a05a86baa53f99188ad5d72c (diff)
downloadShaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.gz
Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.tar.zst
Shaarli-06b6660a7e8891c6e1c47815cf50ee5b2ef5f270.zip
Avoid Full Path Disclosure error on session error.
* Add a function to validate session ID. * Generate a new session ID if an invalid token is passed.
Diffstat (limited to 'tests')
-rw-r--r--tests/UtilsTest.php19
1 files changed, 18 insertions, 1 deletions
diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php
index 28e15f5a..e39ce6be 100644
--- a/tests/UtilsTest.php
+++ b/tests/UtilsTest.php
@@ -150,5 +150,22 @@ class UtilsTest extends PHPUnit_Framework_TestCase
150 { 150 {
151 checkPHPVersion('5.3', '5.2'); 151 checkPHPVersion('5.3', '5.2');
152 } 152 }
153
154 /**
155 * Test is_session_id_valid with a valid ID.
156 */
157 public function testIsSessionIdValid()
158 {
159 $this->assertTrue(is_session_id_valid('123456789012345678901234567890az'));
160 }
161
162 /**
163 * Test is_session_id_valid with invalid IDs.
164 */
165 public function testIsSessionIdInvalid()
166 {
167 $this->assertFalse(is_session_id_valid(''));
168 $this->assertFalse(is_session_id_valid(array()));
169 $this->assertFalse(is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI='));
170 }
153} 171}
154?>