/**
* Test for PMA_checkPageValidity
*
* @param string $page Page
* @param array|null $whiteList White list
* @param int $expected Expected value
*
* @return void
*
* @dataProvider provider
*/
function testGotoNowhere($page, $whiteList, $expected)
{
$this->assertTrue($expected === PMA_checkPageValidity($page, $whiteList));
}
* holds page that should be displayed
* @global string $GLOBALS['goto']
*/
$GLOBALS['goto'] = '';
// Security fix: disallow accessing serious server files via "?goto="
if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
$GLOBALS['goto'] = $_REQUEST['goto'];
$GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
} else {
unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
}
/**
* returning page
* @global string $GLOBALS['back']
*/
if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
$GLOBALS['back'] = $_REQUEST['back'];
} else {
unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
}
/**
* Check whether user supplied token is valid, if not remove any possibly
* dangerous stuff from request.
*
* remember that some objects in the session with session_start and __wakeup()
* could access this variables before we reach this point
* f.e. PMA_Config: fontsize
*
* @todo variables should be handled by their respective owners (objects)
* f.e. lang, server, collation_connection in PMA_Config
*/
function testGotoWhitelistEncodedPage()
{
$page = 'main.php%3Fsql.php%26test%3Dtrue';
$this->assertTrue(PMA_checkPageValidity($page, $this->goto_whitelist));
}
