function RequestSanitizerTest::testRequestSanitization

Same name in other branches
  1. 7.x modules/simpletest/tests/request_sanitizer.test \RequestSanitizerTest::testRequestSanitization()
  2. 9 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testRequestSanitization()
  3. 8.9.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testRequestSanitization()
  4. 11.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testRequestSanitization()

Tests RequestSanitizer class.

@dataProvider providerTestRequestSanitization

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request to sanitize.

array $expected: An array of expected request parameters after sanitization. The possible keys are 'cookies', 'query', 'request' which correspond to the parameter bags names on the request object. These values are also used to test the PHP globals post sanitization.

array|null $expected_errors: An array of expected errors. If set to NULL then error logging is disabled.

array $whitelist: An array of keys to whitelist and not sanitize.

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 55

Class

RequestSanitizerTest
Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function testRequestSanitization(Request $request, array $expected = [], ?array $expected_errors = NULL, array $whitelist = []) : void {
    // Set up globals.
    $_GET = $request->query
        ->all();
    $_POST = $request->request
        ->all();
    $_COOKIE = $request->cookies
        ->all();
    $_REQUEST = array_merge($request->query
        ->all(), $request->request
        ->all());
    $request->server
        ->set('QUERY_STRING', http_build_query($request->query
        ->all()));
    $_SERVER['QUERY_STRING'] = $request->server
        ->get('QUERY_STRING');
    $request = RequestSanitizer::sanitize($request, $whitelist, is_null($expected_errors) ? FALSE : TRUE);
    // Normalize the expected data.
    $expected += [
        'cookies' => [],
        'query' => [],
        'request' => [],
    ];
    $expected_query_string = http_build_query($expected['query']);
    // Test the request.
    $this->assertEquals($expected['cookies'], $request->cookies
        ->all());
    $this->assertEquals($expected['query'], $request->query
        ->all());
    $this->assertEquals($expected['request'], $request->request
        ->all());
    $this->assertTrue($request->attributes
        ->get(RequestSanitizer::SANITIZED));
    // The request object normalizes the request query string.
    $this->assertEquals(Request::normalizeQueryString($expected_query_string), $request->getQueryString());
    // Test PHP globals.
    $this->assertEquals($expected['cookies'], $_COOKIE);
    $this->assertEquals($expected['query'], $_GET);
    $this->assertEquals($expected['request'], $_POST);
    $expected_request = array_merge($expected['query'], $expected['request']);
    $this->assertEquals($expected_request, $_REQUEST);
    $this->assertEquals($expected_query_string, $_SERVER['QUERY_STRING']);
    // Ensure any expected errors have been triggered.
    if (!empty($expected_errors)) {
        foreach ($expected_errors as $expected_error) {
            $this->assertError($expected_error, E_USER_NOTICE);
        }
    }
    else {
        $this->assertEquals([], $this->errors);
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.