Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php declare(strict_types=1); /** * This file is part of CodeIgniter 4 framework. * ..
Decoded Output download
<?php
declare(strict_types=1);
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <[email protected]>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Security\Exceptions\SecurityException;
use CodeIgniter\Test\CIUnitTestCase;
use Config\App;
use Config\Services;
use PHPUnit\Framework\Attributes\Group;
use PHPUnit\Framework\Attributes\PreserveGlobalState;
use PHPUnit\Framework\Attributes\RunInSeparateProcess;
/**
* This test suite has been created separately from
* TestCaseTest because it messes with output
* buffering from PHPUnit, and the individual
* test cases need to be run as separate processes.
*
* @internal
*/
#[Group('SeparateProcess')]
final class ResponseSendTest extends CIUnitTestCase
{
/**
* These need to be run as a separate process, since phpunit
* has already captured the "normal" output, and we will get
* a "Cannot modify headers" message if we try to change
* headers or cookies now.
*
* Furthermore, these tests needs to flush the output buffering
* that might be in progress, and start our own output buffer
* capture.
*
* The tests includes a basic sanity check, to make sure that
* the body we thought would be sent actually was.
*/
#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testHeadersMissingDate(): void
{
// Workaround for errors on PHPUnit 10 and PHP 8.3.
// See https://github.com/sebastianbergmann/phpunit/issues/5403#issuecomment-1906810619
restore_error_handler();
$response = new Response(new App());
$response->pretend(false);
$body = 'Hello';
$response->setBody($body);
$response->setCookie('foo', 'bar');
$this->assertTrue($response->hasCookie('foo'));
$this->assertTrue($response->hasCookie('foo', 'bar'));
// Drop the date header, to make sure it gets put back in
$response->removeHeader('Date');
// send it
ob_start();
$response->send();
if (ob_get_level() > 0) {
ob_end_clean();
}
// and what actually got sent?
$this->assertHeaderEmitted('Date:');
}
/**
* This test does not test that CSP is handled properly -
* it makes sure that sending gives CSP a chance to do its thing.
*/
#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testHeadersWithCSP(): void
{
// Workaround for errors on PHPUnit 10 and PHP 8.3.
// See https://github.com/sebastianbergmann/phpunit/issues/5403#issuecomment-1906810619
restore_error_handler();
$this->resetFactories();
$this->resetServices();
$config = config('App');
$config->CSPEnabled = true;
$response = new Response($config);
$response->pretend(false);
$body = 'Hello';
$response->setBody($body);
$response->setCookie('foo', 'bar');
$this->assertTrue($response->hasCookie('foo'));
$this->assertTrue($response->hasCookie('foo', 'bar'));
// send it
ob_start();
$response->send();
if (ob_get_level() > 0) {
ob_end_clean();
}
// and what actually got sent?; test both ways
$this->assertHeaderEmitted('Content-Security-Policy:');
}
/**
* Make sure cookies are set by RedirectResponse this way
*
* @see https://github.com/codeigniter4/CodeIgniter4/issues/1393
*/
#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testRedirectResponseCookies(): void
{
// Workaround for errors on PHPUnit 10 and PHP 8.3.
// See https://github.com/sebastianbergmann/phpunit/issues/5403#issuecomment-1906810619
restore_error_handler();
$loginTime = time();
$response = new Response(new App());
$response->pretend(false);
$routes = service('routes');
$routes->add('user/login', 'Auth::verify', ['as' => 'login']);
$answer1 = $response->redirect('/login')
->setCookie('foo', 'bar', YEAR)
->setCookie('login_time', (string) $loginTime, YEAR);
$this->assertTrue($answer1->hasCookie('foo', 'bar'));
$this->assertTrue($answer1->hasCookie('login_time'));
$response->setBody('Hello');
// send it
ob_start();
$response->send();
if (ob_get_level() > 0) {
ob_end_clean();
}
// and what actually got sent?
$this->assertHeaderEmitted('Set-Cookie: foo=bar;');
$this->assertHeaderEmitted('Set-Cookie: login_time');
}
/**
* Make sure secure cookies are not sent with HTTP request
*/
public function testDoNotSendUnSecureCookie(): void
{
$this->expectException(SecurityException::class);
$this->expectExceptionMessage('Attempted to send a secure cookie over a non-secure connection.');
$request = $this->createMock(IncomingRequest::class);
$request->method('isSecure')->willReturn(false);
Services::injectMock('request', $request);
$response = new Response(new App());
$response->pretend(false);
$body = 'Hello';
$response->setBody($body);
$response->setCookie(
'foo',
'bar',
'',
'',
'/',
'',
true
);
// send it
$response->send();
}
}
?>Did this file decode correctly?
Original Code
<?php
declare(strict_types=1);
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <[email protected]>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Security\Exceptions\SecurityException;
use CodeIgniter\Test\CIUnitTestCase;
use Config\App;
use Config\Services;
use PHPUnit\Framework\Attributes\Group;
use PHPUnit\Framework\Attributes\PreserveGlobalState;
use PHPUnit\Framework\Attributes\RunInSeparateProcess;
/**
* This test suite has been created separately from
* TestCaseTest because it messes with output
* buffering from PHPUnit, and the individual
* test cases need to be run as separate processes.
*
* @internal
*/
#[Group('SeparateProcess')]
final class ResponseSendTest extends CIUnitTestCase
{
/**
* These need to be run as a separate process, since phpunit
* has already captured the "normal" output, and we will get
* a "Cannot modify headers" message if we try to change
* headers or cookies now.
*
* Furthermore, these tests needs to flush the output buffering
* that might be in progress, and start our own output buffer
* capture.
*
* The tests includes a basic sanity check, to make sure that
* the body we thought would be sent actually was.
*/
#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testHeadersMissingDate(): void
{
// Workaround for errors on PHPUnit 10 and PHP 8.3.
// See https://github.com/sebastianbergmann/phpunit/issues/5403#issuecomment-1906810619
restore_error_handler();
$response = new Response(new App());
$response->pretend(false);
$body = 'Hello';
$response->setBody($body);
$response->setCookie('foo', 'bar');
$this->assertTrue($response->hasCookie('foo'));
$this->assertTrue($response->hasCookie('foo', 'bar'));
// Drop the date header, to make sure it gets put back in
$response->removeHeader('Date');
// send it
ob_start();
$response->send();
if (ob_get_level() > 0) {
ob_end_clean();
}
// and what actually got sent?
$this->assertHeaderEmitted('Date:');
}
/**
* This test does not test that CSP is handled properly -
* it makes sure that sending gives CSP a chance to do its thing.
*/
#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testHeadersWithCSP(): void
{
// Workaround for errors on PHPUnit 10 and PHP 8.3.
// See https://github.com/sebastianbergmann/phpunit/issues/5403#issuecomment-1906810619
restore_error_handler();
$this->resetFactories();
$this->resetServices();
$config = config('App');
$config->CSPEnabled = true;
$response = new Response($config);
$response->pretend(false);
$body = 'Hello';
$response->setBody($body);
$response->setCookie('foo', 'bar');
$this->assertTrue($response->hasCookie('foo'));
$this->assertTrue($response->hasCookie('foo', 'bar'));
// send it
ob_start();
$response->send();
if (ob_get_level() > 0) {
ob_end_clean();
}
// and what actually got sent?; test both ways
$this->assertHeaderEmitted('Content-Security-Policy:');
}
/**
* Make sure cookies are set by RedirectResponse this way
*
* @see https://github.com/codeigniter4/CodeIgniter4/issues/1393
*/
#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testRedirectResponseCookies(): void
{
// Workaround for errors on PHPUnit 10 and PHP 8.3.
// See https://github.com/sebastianbergmann/phpunit/issues/5403#issuecomment-1906810619
restore_error_handler();
$loginTime = time();
$response = new Response(new App());
$response->pretend(false);
$routes = service('routes');
$routes->add('user/login', 'Auth::verify', ['as' => 'login']);
$answer1 = $response->redirect('/login')
->setCookie('foo', 'bar', YEAR)
->setCookie('login_time', (string) $loginTime, YEAR);
$this->assertTrue($answer1->hasCookie('foo', 'bar'));
$this->assertTrue($answer1->hasCookie('login_time'));
$response->setBody('Hello');
// send it
ob_start();
$response->send();
if (ob_get_level() > 0) {
ob_end_clean();
}
// and what actually got sent?
$this->assertHeaderEmitted('Set-Cookie: foo=bar;');
$this->assertHeaderEmitted('Set-Cookie: login_time');
}
/**
* Make sure secure cookies are not sent with HTTP request
*/
public function testDoNotSendUnSecureCookie(): void
{
$this->expectException(SecurityException::class);
$this->expectExceptionMessage('Attempted to send a secure cookie over a non-secure connection.');
$request = $this->createMock(IncomingRequest::class);
$request->method('isSecure')->willReturn(false);
Services::injectMock('request', $request);
$response = new Response(new App());
$response->pretend(false);
$body = 'Hello';
$response->setBody($body);
$response->setCookie(
'foo',
'bar',
'',
'',
'/',
'',
true
);
// send it
$response->send();
}
}
Function Calls
| None |
Stats
| MD5 | e0fd5700bccbe0f03afdaa5366e81828 |
| Eval Count | 0 |
| Decode Time | 116 ms |