public function testCheck() { $checker = new RequestChecker(); $factory = new TestSessionFactory(); $checker->setSessionFactory($factory); $array = array('test' => ''); $this->assertEquals($checker->check(NULL), true); $this->assertEquals($checker->check(array()), true); $_SERVER['HTTP_REFERER'] = 'http://www.test2.co.jp/test1'; $_SERVER['HTTPS'] = 'off'; $_SERVER['SERVER_NAME'] = 'www.test.co.jp'; $this->assertEquals($checker->check($array), false); $_SERVER['HTTP_REFERER'] = 'http://www.test.co.jp/test1'; $this->assertEquals($checker->check($array), false); $getCsrfToken = getMethod('RequestChecker', 'getCsrfToken'); $token = $getCsrfToken->invokeArgs($checker, array()); $array = array('csrf_token' => $token); $this->assertEquals($checker->check($array), true); }
<?php require dirname(__FILE__) . "/class.request_checker.php"; // アクセスチェック // 不正な場合、404ページに飛ぶ $requestchecker = new RequestChecker(); if (!$requestchecker->check($_POST)) { header("Location: /404/"); exit; }