function RequestSanitizerTest::testSanitizedDestinationPost

Same name in other branches
  1. 8.9.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationPost()
  2. 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationPost()
  3. 11.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationPost()

Tests unacceptable destinations are removed from GET requests.

@dataProvider providerTestSanitizedDestinations

Parameters

string $destination: The destination string to test.

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 274

Class

RequestSanitizerTest
Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function testSanitizedDestinationPost($destination) {
    // Set up a POST request.
    $request = $this->createRequestForTesting([], [
        'destination' => $destination,
    ]);
    $request = RequestSanitizer::sanitize($request, [], TRUE);
    $this->assertNull($request->request
        ->get('destination', NULL));
    $this->assertNull($request->query
        ->get('destination', NULL));
    $this->assertArrayNotHasKey('destination', $_POST);
    $this->assertArrayNotHasKey('destination', $_REQUEST);
    $this->assertArrayNotHasKey('destination', $_GET);
    $this->assertError('Potentially unsafe destination removed from request parameter bag because it points to an external URL.', E_USER_NOTICE);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.