Merge branch 'fb-tracking-param-fix'

This commit is contained in:
El RIDO 2019-01-22 20:06:04 +01:00
commit 48560e3d60
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
11 changed files with 173 additions and 35 deletions

View file

@ -24,7 +24,9 @@ require('./privatebin');
// internal variables // internal variables
var a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m', var a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m',
'n','o','p','q','r','s','t','u','v','w','x','y','z'], 'n','o','p','q','r','s','t','u','v','w','x','y','z'],
alnumString = a2zString.concat(['0','1','2','3','4','5','6','7','8','9']), digitString = ['0','1','2','3','4','5','6','7','8','9'],
alnumString = a2zString.concat(digitString),
hexString = digitString.concat(['a','b','c','d','e','f']),
queryString = alnumString.concat(['+','%','&','.','*','-','_']), queryString = alnumString.concat(['+','%','&','.','*','-','_']),
hashString = queryString.concat(['!']), hashString = queryString.concat(['!']),
base64String = alnumString.concat(['+','/','=']).concat( base64String = alnumString.concat(['+','/','=']).concat(
@ -123,6 +125,11 @@ exports.jscAlnumString = function() {
return jsc.elements(alnumString); return jsc.elements(alnumString);
}; };
//provides random characters allowed in hexadecimal notation
exports.jscHexString = function() {
return jsc.elements(hexString);
};
// provides random characters allowed in GET queries // provides random characters allowed in GET queries
exports.jscQueryString = function() { exports.jscQueryString = function() {
return jsc.elements(queryString); return jsc.elements(queryString);

View file

@ -743,14 +743,45 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
*/ */
me.getPasteId = function() me.getPasteId = function()
{ {
if (id === null) { const idRegEx = /^[a-z0-9]{16}$/;
const idRegExFind = /[a-z0-9]{16}/;
// return cached value
if (id !== null) {
return id;
}
// do use URL interface, if possible
if (window.URL && window.URL.prototype && ('searchParams' in window.URL.prototype)) {
try {
const url = new URL(window.location);
for (const param of url.searchParams) {
const key = param[0];
const value = param[1];
if (value === '' && idRegEx.test(key)) {
// safe, as the whole regex is matched
id = key;
return id;
}
}
} catch (e) {
// fallback below
console.error('URL interface not properly supported, error:', e);
}
} else {
console.warn('URL interface appears not to be supported in this browser.');
}
// fallback to simple RegEx
console.warn('fallback to simple RegEx search');
// Attention: This also returns the delete token inside of the ID, if it is specified // Attention: This also returns the delete token inside of the ID, if it is specified
id = window.location.search.substring(1); id = (window.location.search.match(idRegExFind) || [''])[0];
if (id === '') { if (id === '') {
throw 'no paste id given'; throw 'no paste id given';
} }
}
return id; return id;
} }

View file

@ -81,10 +81,15 @@ describe('Model', function () {
'returns the query string without separator, if any', 'returns the query string without separator, if any',
jsc.nearray(common.jscA2zString()), jsc.nearray(common.jscA2zString()),
jsc.nearray(common.jscA2zString()), jsc.nearray(common.jscA2zString()),
jsc.nearray(common.jscHashString()), jsc.tuple(new Array(16).fill(common.jscHexString)),
jsc.array(common.jscQueryString()),
jsc.array(common.jscQueryString()),
'string', 'string',
function (schema, address, query, fragment) { function (schema, address, pasteId, queryStart, queryEnd, fragment) {
var queryString = query.join(''), var pasteIdString = pasteId.join(''),
queryStartString = queryStart.join('') + (queryStart.length > 0 ? '&' : ''),
queryEndString = (queryEnd.length > 0 ? '&' : '') + queryEnd.join(''),
queryString = queryStartString + pasteIdString + queryEndString,
clean = jsdom('', { clean = jsdom('', {
url: schema.join('') + '://' + address.join('') + url: schema.join('') + '://' + address.join('') +
'/?' + queryString + '#' + fragment '/?' + queryString + '#' + fragment
@ -92,7 +97,7 @@ describe('Model', function () {
result = $.PrivateBin.Model.getPasteId(); result = $.PrivateBin.Model.getPasteId();
$.PrivateBin.Model.reset(); $.PrivateBin.Model.reset();
clean(); clean();
return queryString === result; return pasteIdString === result;
} }
); );
jsc.property( jsc.property(

View file

@ -16,7 +16,7 @@ describe('Prompt', function () {
'string', 'string',
function (password) { function (password) {
password = password.replace(/\r+/g, ''); password = password.replace(/\r+/g, '');
var clean = jsdom('', {url: 'ftp://example.com/?0'}); var clean = jsdom('', {url: 'ftp://example.com/?0000000000000000'});
$('body').html( $('body').html(
'<div id="passwordmodal" class="modal fade" role="dialog">' + '<div id="passwordmodal" class="modal fade" role="dialog">' +
'<div class="modal-dialog"><div class="modal-content">' + '<div class="modal-dialog"><div class="modal-content">' +

View file

@ -72,6 +72,27 @@ class Request
*/ */
private $_isJsonApi = false; private $_isJsonApi = false;
/**
* Return the paste ID of the current paste.
*
* @access private
* @return string
*/
private function getPasteId()
{
// RegEx to check for valid paste ID (16 base64 chars)
$pasteIdRegEx = '/^[a-f0-9]{16}$/';
foreach ($_GET as $key => $value) {
// only return if value is empty and key matches RegEx
if (($value === '') and preg_match($pasteIdRegEx, $key, $match)) {
return $match[0];
}
}
return 'invalid id';
}
/** /**
* Constructor * Constructor
* *
@ -100,7 +121,7 @@ class Request
array_key_exists('QUERY_STRING', $_SERVER) && array_key_exists('QUERY_STRING', $_SERVER) &&
!empty($_SERVER['QUERY_STRING']) !empty($_SERVER['QUERY_STRING'])
) { ) {
$this->_params['pasteid'] = $_SERVER['QUERY_STRING']; $this->_params['pasteid'] = $this->getPasteId();
} }
// prepare operation, depending on current parameters // prepare operation, depending on current parameters

View file

@ -76,7 +76,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gFuGN7PD3lRe5ZTe/S2NfugOrjqNWYgEwBmb3Grk2EVckz1UbqVPs8+PQp6SmQ0preKNpXC50omnwGh4MPkoRg==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View file

@ -54,7 +54,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gFuGN7PD3lRe5ZTe/S2NfugOrjqNWYgEwBmb3Grk2EVckz1UbqVPs8+PQp6SmQ0preKNpXC50omnwGh4MPkoRg==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View file

@ -507,6 +507,7 @@ EOT;
$code .= PHP_EOL . <<<'EOT' $code .= PHP_EOL . <<<'EOT'
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_model->create(Helper::getPasteId(), Helper::getPaste());
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
EOT; EOT;
break; break;

View file

@ -680,6 +680,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadInvalidId() public function testReadInvalidId()
{ {
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = 'foo';
$_GET['foo'] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start(); ob_start();
new Controller; new Controller;
@ -696,6 +697,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadNonexisting() public function testReadNonexisting()
{ {
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start(); ob_start();
new Controller; new Controller;
@ -714,6 +716,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$expiredPaste = Helper::getPaste(array('expire_date' => 1344803344)); $expiredPaste = Helper::getPaste(array('expire_date' => 1344803344));
$this->_model->create(Helper::getPasteId(), $expiredPaste); $this->_model->create(Helper::getPasteId(), $expiredPaste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start(); ob_start();
new Controller; new Controller;
@ -732,6 +735,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$paste = Helper::getPaste(array('burnafterreading' => true)); $paste = Helper::getPaste(array('burnafterreading' => true));
$this->_model->create(Helper::getPasteId(), $paste); $this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start(); ob_start();
new Controller; new Controller;
@ -760,6 +764,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$paste = Helper::getPaste(); $paste = Helper::getPaste();
$this->_model->create(Helper::getPasteId(), $paste); $this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start(); ob_start();
new Controller; new Controller;
@ -790,6 +795,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
); );
$this->_model->create(Helper::getPasteId(), $paste); $this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start(); ob_start();
new Controller; new Controller;
@ -897,6 +903,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading'; $_POST['deletetoken'] = 'burnafterreading';
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
ob_start(); ob_start();
@ -917,6 +924,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading'; $_POST['deletetoken'] = 'burnafterreading';
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
ob_start(); ob_start();

View file

@ -82,6 +82,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
file_put_contents($file, http_build_query($paste)); file_put_contents($file, http_build_query($paste));
Request::setInputStream($file); Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'PUT'; $_SERVER['REQUEST_METHOD'] = 'PUT';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -117,6 +118,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
))); )));
Request::setInputStream($file); Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'DELETE'; $_SERVER['REQUEST_METHOD'] = 'DELETE';
ob_start(); ob_start();
@ -164,6 +166,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
unset($paste['attachmentname']); unset($paste['attachmentname']);
$this->_model->create(Helper::getPasteId(), $paste); $this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start(); ob_start();
new Controller; new Controller;

View file

@ -21,6 +21,36 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_POST = array(); $_POST = array();
} }
/**
* Returns 16 random hexadecimal characters.
*
* @access public
* @return string
*/
public function getRandomId()
{
// 8 binary bytes are 16 characters long in hex
return bin2hex(random_bytes(8));
}
/**
* Returns random query safe characters.
*
* @access public
* @return string
*/
public function getRandomQueryChars()
{
$queryChars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ=';
$queryCharCount = strlen($queryChars) - 1;
$resultLength = random_int(1, 10);
$result = '';
for ($i = 0; $i < $resultLength; ++$i) {
$result .= $queryChars[random_int(0, $queryCharCount)];
}
return $result;
}
public function testView() public function testView()
{ {
$this->reset(); $this->reset();
@ -33,24 +63,27 @@ class RequestTest extends PHPUnit_Framework_TestCase
public function testRead() public function testRead()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request; $request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call'); $this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation()); $this->assertEquals('read', $request->getOperation());
} }
public function testDelete() public function testDelete()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_METHOD'] = 'GET';
$_GET['pasteid'] = 'foo'; $_GET['pasteid'] = $id;
$_GET['deletetoken'] = 'bar'; $_GET['deletetoken'] = 'bar';
$request = new Request; $request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call'); $this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('delete', $request->getOperation()); $this->assertEquals('delete', $request->getOperation());
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('bar', $request->getParam('deletetoken')); $this->assertEquals('bar', $request->getParam('deletetoken'));
} }
@ -84,74 +117,103 @@ class RequestTest extends PHPUnit_Framework_TestCase
public function testApiRead() public function testApiRead()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01'; $_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request; $request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation()); $this->assertEquals('read', $request->getOperation());
} }
public function testApiDelete() public function testApiDelete()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = $id;
$_GET = array($id => '');
$_POST['deletetoken'] = 'bar'; $_POST['deletetoken'] = 'bar';
$request = new Request; $request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('delete', $request->getOperation()); $this->assertEquals('delete', $request->getOperation());
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('bar', $request->getParam('deletetoken')); $this->assertEquals('bar', $request->getParam('deletetoken'));
} }
public function testReadWithNegotiation() public function testReadWithNegotiation()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/html,text/html; charset=UTF-8,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json'; $_SERVER['HTTP_ACCEPT'] = 'text/html,text/html; charset=UTF-8,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request; $request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call'); $this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation()); $this->assertEquals('read', $request->getOperation());
} }
public function testReadWithXhtmlNegotiation() public function testReadWithXhtmlNegotiation()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'application/xhtml+xml,text/html,text/html; charset=UTF-8, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json'; $_SERVER['HTTP_ACCEPT'] = 'application/xhtml+xml,text/html,text/html; charset=UTF-8, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request; $request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call'); $this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation()); $this->assertEquals('read', $request->getOperation());
} }
public function testApiReadWithNegotiation() public function testApiReadWithNegotiation()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, application/json, text/html,text/html; charset=UTF-8,application/xhtml+xml, */*;q=0.8'; $_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, application/json, text/html,text/html; charset=UTF-8,application/xhtml+xml, */*;q=0.8';
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request; $request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation()); $this->assertEquals('read', $request->getOperation());
} }
public function testReadWithFailedNegotiation() public function testReadWithFailedNegotiation()
{ {
$this->reset(); $this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, */*;q=0.8'; $_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, */*;q=0.8';
$_SERVER['QUERY_STRING'] = 'foo'; $_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request; $request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call'); $this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid')); $this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation()); $this->assertEquals('read', $request->getOperation());
} }
public function testPasteIdExtraction()
{
$this->reset();
$id = $this->getRandomId();
$queryParams = array($id);
$queryParamCount = random_int(1, 5);
for ($i = 0; $i < $queryParamCount; ++$i) {
array_push($queryParams, $this->getRandomQueryChars());
}
shuffle($queryParams);
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['QUERY_STRING'] = implode('&', $queryParams);
$_GET[$id] = '';
$request = new Request;
$this->assertEquals($id, $request->getParam('pasteid'));
}
} }