function RequestSanitizerTest::testRequestSanitization
Tests RequestSanitizer class.
@dataProvider providerTestRequestSanitization
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request to sanitize.
array $expected: An array of expected request parameters after sanitization. The possible keys are 'cookies', 'query', 'request' which correspond to the parameter bags names on the request object. These values are also used to test the PHP globals post sanitization.
array|null $expected_errors: An array of expected errors. If set to NULL then error logging is disabled.
array $whitelist: An array of keys to whitelist and not sanitize.
File
- 
              core/tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php, line 53 
Class
- RequestSanitizerTest
- Tests RequestSanitizer class.
Namespace
Drupal\Tests\Core\SecurityCode
public function testRequestSanitization(Request $request, array $expected = [], array $expected_errors = NULL, array $whitelist = []) {
  // Set up globals.
  $_GET = $request->query
    ->all();
  $_POST = $request->request
    ->all();
  $_COOKIE = $request->cookies
    ->all();
  $_REQUEST = array_merge($request->query
    ->all(), $request->request
    ->all());
  $request->server
    ->set('QUERY_STRING', http_build_query($request->query
    ->all()));
  $_SERVER['QUERY_STRING'] = $request->server
    ->get('QUERY_STRING');
  $request = RequestSanitizer::sanitize($request, $whitelist, is_null($expected_errors) ? FALSE : TRUE);
  // Normalize the expected data.
  $expected += [
    'cookies' => [],
    'query' => [],
    'request' => [],
  ];
  $expected_query_string = http_build_query($expected['query']);
  // Test the request.
  $this->assertEquals($expected['cookies'], $request->cookies
    ->all());
  $this->assertEquals($expected['query'], $request->query
    ->all());
  $this->assertEquals($expected['request'], $request->request
    ->all());
  $this->assertTrue($request->attributes
    ->get(RequestSanitizer::SANITIZED));
  // The request object normalizes the request query string.
  $this->assertEquals(Request::normalizeQueryString($expected_query_string), $request->getQueryString());
  // Test PHP globals.
  $this->assertEquals($expected['cookies'], $_COOKIE);
  $this->assertEquals($expected['query'], $_GET);
  $this->assertEquals($expected['request'], $_POST);
  $expected_request = array_merge($expected['query'], $expected['request']);
  $this->assertEquals($expected_request, $_REQUEST);
  $this->assertEquals($expected_query_string, $_SERVER['QUERY_STRING']);
  // Ensure any expected errors have been triggered.
  if (!empty($expected_errors)) {
    foreach ($expected_errors as $expected_error) {
      $this->assertError($expected_error, E_USER_NOTICE);
    }
  }
  else {
    $this->assertEquals([], $this->errors);
  }
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.
