2 namespace TYPO3\CMS\Felogin\Tests\Unit\Controller;
50 $this->testTableName =
'sys_domain';
51 $this->testHostName =
'hostname.tld';
52 $this->testSitePath =
'/';
53 $this->accessibleFixture = $this->getAccessibleMock(\TYPO3\CMS\Felogin\Controller\FrontendLoginController::class, array(
'dummy'));
54 $this->accessibleFixture->cObj = $this->getMock(\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::class);
55 $this->accessibleFixture->_set(
'frontendController', $this->getMock(\TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::class, array(), array(),
'',
false));
65 $_SERVER[
'ORIG_PATH_INFO'] = $_SERVER[
'PATH_INFO'] = $_SERVER[
'ORIG_SCRIPT_NAME'] = $_SERVER[
'SCRIPT_NAME'] = $this->testSitePath . TYPO3_mainDir;
74 $db = $this->getMock(\TYPO3\CMS\Core\Database\DatabaseConnection::class, array(
'exec_SELECTgetRows'));
76 ->expects($this->any())
77 ->method(
'exec_SELECTgetRows')
78 ->will($this->returnCallback(array($this,
'getDomainRecordsCallback')));
79 $this->accessibleFixture->_set(
'databaseConnection', $db);
94 if ($table !== $this->testTableName) {
98 array(
'domainName' =>
'domainhostname.tld'),
99 array(
'domainName' =>
'otherhostname.tld/path'),
100 array(
'domainName' =>
'sub.domainhostname.tld/path/')
117 $this->assertEquals(\TYPO3\CMS\Core\Utility\
GeneralUtility::getIndpEnv(
'TYPO3_SITE_URL'), (
'http://' . $this->testHostName) . $this->testSitePath);
125 $this->testHostName =
'somenewhostname.com';
126 $this->testSitePath =
'/somenewpath/';
136 $this->testHostName =
'somenewhostname.com';
137 $this->testSitePath =
'/somenewpath/';
139 $this->assertEquals(\TYPO3\CMS\Core\Utility\
GeneralUtility::getIndpEnv(
'TYPO3_SITE_URL'), (
'http://' . $this->testHostName) . $this->testSitePath);
150 'absolute URL, hostname not in sys_domain, trailing slash' => array(
'http://badhost.tld/'),
151 'absolute URL, hostname not in sys_domain, no trailing slash' => array(
'http://badhost.tld'),
152 'absolute URL, subdomain in sys_domain, but main domain not, trailing slash' => array(
'http://domainhostname.tld.badhost.tld/'),
153 'absolute URL, subdomain in sys_domain, but main domain not, no trailing slash' => array(
'http://domainhostname.tld.badhost.tld'),
154 'non http absolute URL 1' => array(
'its://domainhostname.tld/itunes/'),
155 'non http absolute URL 2' => array(
'ftp://domainhostname.tld/download/'),
156 'XSS attempt 1' => array(
'javascript:alert(123)'),
157 'XSS attempt 2' => array(
'" onmouseover="alert(123)"'),
158 'invalid URL, HTML break out attempt' => array(
'" >blabuubb'),
159 'invalid URL, UNC path' => array(
'\\\\foo\\bar\\'),
160 'invalid URL, backslashes in path' => array(
'http://domainhostname.tld\\bla\\blupp'),
161 'invalid URL, linefeed in path' => array(
'http://domainhostname.tld/bla/blupp' . LF),
162 'invalid URL, only one slash after scheme' => array(
'http:/domainhostname.tld/bla/blupp'),
163 'invalid URL, illegal chars' => array(
'http://(<>domainhostname).tld/bla/blupp'),
175 $this->assertEquals(
'', $this->accessibleFixture->_call(
'validateRedirectUrl',
$url));
186 'sane absolute URL' => array(
'http://domainhostname.tld/'),
187 'sane absolute URL with script' => array(
'http://domainhostname.tld/index.php?id=1'),
188 'sane absolute URL with realurl' => array(
'http://domainhostname.tld/foo/bar/foo.html'),
189 'sane absolute URL with homedir' => array(
'http://domainhostname.tld/~user/'),
190 'sane absolute URL with some strange chars encoded' => array(
'http://domainhostname.tld/~user/a%cc%88o%cc%88%c3%9fa%cc%82/foo.html'),
191 'sane absolute URL (domain record with path)' => array(
'http://otherhostname.tld/path/'),
192 'sane absolute URL with script (domain record with path)' => array(
'http://otherhostname.tld/path/index.php?id=1'),
193 'sane absolute URL with realurl (domain record with path)' => array(
'http://otherhostname.tld/path/foo/bar/foo.html'),
194 'sane absolute URL (domain record with path and slash)' => array(
'http://sub.domainhostname.tld/path/'),
195 'sane absolute URL with script (domain record with path slash)' => array(
'http://sub.domainhostname.tld/path/index.php?id=1'),
196 'sane absolute URL with realurl (domain record with path slash)' => array(
'http://sub.domainhostname.tld/path/foo/bar/foo.html'),
197 'relative URL, no leading slash 1' => array(
'index.php?id=1'),
198 'relative URL, no leading slash 2' => array(
'foo/bar/index.php?id=2'),
199 'relative URL, leading slash, no realurl' => array(
'/index.php?id=1'),
200 'relative URL, leading slash, realurl' => array(
'/de/service/imprint.html'),
212 $this->assertEquals(
$url, $this->accessibleFixture->_call(
'validateRedirectUrl',
$url));
223 'absolute URL, missing subdirectory' => array(
'http://hostname.tld/'),
224 'absolute URL, wrong subdirectory' => array(
'http://hostname.tld/hacker/index.php'),
225 'absolute URL, correct subdirectory, no trailing slash' => array(
'http://hostname.tld/subdir'),
226 'absolute URL, correct subdirectory of sys_domain record, no trailing slash' => array(
'http://otherhostname.tld/path'),
227 'absolute URL, correct subdirectory of sys_domain record, no trailing slash, subdomain' => array(
'http://sub.domainhostname.tld/path'),
228 'relative URL, leading slash, no path' => array(
'/index.php?id=1'),
229 'relative URL, leading slash, wrong path' => array(
'/de/sub/site.html'),
230 'relative URL, leading slash, slash only' => array(
'/'),
241 $this->testSitePath =
'/subdir/';
244 $this->assertEquals(
'', $this->accessibleFixture->_call(
'validateRedirectUrl',
$url));
255 'absolute URL, correct subdirectory' => array(
'http://hostname.tld/subdir/'),
256 'absolute URL, correct subdirectory, realurl' => array(
'http://hostname.tld/subdir/de/imprint.html'),
257 'absolute URL, correct subdirectory, no realurl' => array(
'http://hostname.tld/subdir/index.php?id=10'),
258 'absolute URL, correct subdirectory of sys_domain record' => array(
'http://otherhostname.tld/path/'),
259 'absolute URL, correct subdirectory of sys_domain record, subdomain' => array(
'http://sub.domainhostname.tld/path/'),
260 'relative URL, no leading slash, realurl' => array(
'de/service/imprint.html'),
261 'relative URL, no leading slash, no realurl' => array(
'index.php?id=1'),
262 'relative nested URL, no leading slash, no realurl' => array(
'foo/bar/index.php?id=2')
273 $this->testSitePath =
'/subdir/';
276 $this->assertEquals(
$url, $this->accessibleFixture->_call(
'validateRedirectUrl',
$url));
290 'special get var id is not preserved' => array(
297 'simple additional parameter is not preserved if not specified in preservedGETvars' => array(
305 'all params except ignored ones are preserved if preservedGETvars is set to "all"' => array(
312 'tx_felogin_pi1' => array(
317 '&special1=23&special2[foo]=bar',
319 'preserve single parameter' => array(
326 'preserve whole parameter array' => array(
329 'tx_someext' => array(
337 '&L=3&tx_someext[foo]=simple&tx_someext[bar][baz]=simple',
339 'preserve part of sub array' => array(
342 'tx_someext' => array(
350 '&L=3&tx_someext[bar][baz]=simple',
352 'preserve keys on different levels' => array(
355 'no-preserve' =>
'whatever',
366 'L,tx_ext2,tx_ext3[bar]',
367 '&L=3&tx_ext2[foo]=simple&tx_ext3[bar][baz]=simple',
369 'preserved value that does not exist in get' => array(
374 'url params are encoded' => array(
375 array(
'tx_ext1' =>
'param with spaces and \\ %<>& /'),
377 '&tx_ext1=param%20with%20spaces%20and%20%5C%20%25%3C%3E%26%20%2F'
393 $this->accessibleFixture->conf[
'preserveGETvars'] = $preserveVars;
394 $this->assertSame($expected, $this->accessibleFixture->_call(
'getPreserveGetVars'));
410 'url https, current host http' => array(
413 'https://example.com/foo.html'
415 'url http, current host https' => array(
418 'http://example.com/foo.html'
420 'url https, current host https' => array(
423 'https://example.com/foo.html'
425 'url http, current host http' => array(
428 'http://example.com/foo.html'
442 $_SERVER[
'HTTP_HOST'] = $host;
443 $_SERVER[
'HTTPS'] = $https;
444 $this->assertTrue($this->accessibleFixture->_call(
'isInCurrentDomain',
$url));
453 'simple difference' => array(
455 'http://typo3.org/foo.html'
457 'subdomain different' => array(
459 'http://foo.example.com/bar.html'
472 $_SERVER[
'HTTP_HOST'] = $host;
473 $this->assertFalse($this->accessibleFixture->_call(
'isInCurrentDomain',
$url));
479 public function processRedirectReferrerDomainsMatchesDomains()
482 'redirectMode' =>
'refererDomains',
483 'domains' =>
'example.com'
486 $this->accessibleFixture->_set(
'conf', $conf);
487 $this->accessibleFixture->_set(
'logintype',
'login');
488 $this->accessibleFixture->_set(
'referer',
'http://www.example.com/snafu');
490 $tsfe = $this->accessibleFixture->_get(
'frontendController');
491 $tsfe->loginUser =
true;
492 $this->assertSame(array(
'http://www.example.com/snafu'), $this->accessibleFixture->_call(
'processRedirect'));