From 06b6660a7e8891c6e1c47815cf50ee5b2ef5f270 Mon Sep 17 00:00:00 2001
From: ArthurHoaro <arthur@hoa.ro>
Date: Sat, 25 Jul 2015 13:15:47 +0200
Subject: Avoid Full Path Disclosure error on session error.

  * Add a function to validate session ID.
  * Generate a new session ID if an invalid token is passed.
---
 tests/UtilsTest.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'tests/UtilsTest.php')

diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php
index 28e15f5a..e39ce6be 100644
--- a/tests/UtilsTest.php
+++ b/tests/UtilsTest.php
@@ -150,5 +150,22 @@ class UtilsTest extends PHPUnit_Framework_TestCase
     {
         checkPHPVersion('5.3', '5.2');
     }
+
+    /**
+     * Test is_session_id_valid with a valid ID.
+     */
+    public function testIsSessionIdValid()
+    {
+        $this->assertTrue(is_session_id_valid('123456789012345678901234567890az'));
+    }
+
+    /**
+     * Test is_session_id_valid with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(is_session_id_valid(''));
+        $this->assertFalse(is_session_id_valid(array()));
+        $this->assertFalse(is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI='));
+    }
 }
-?>
-- 
cgit v1.2.3