public function testCheck()
{
$checker = new RequestChecker();
$factory = new TestSessionFactory();
$checker->setSessionFactory($factory);
$array = array('test' => '');
$this->assertEquals($checker->check(NULL), true);
$this->assertEquals($checker->check(array()), true);
$_SERVER['HTTP_REFERER'] = 'http://www.test2.co.jp/test1';
$_SERVER['HTTPS'] = 'off';
$_SERVER['SERVER_NAME'] = 'www.test.co.jp';
$this->assertEquals($checker->check($array), false);
$_SERVER['HTTP_REFERER'] = 'http://www.test.co.jp/test1';
$this->assertEquals($checker->check($array), false);
$getCsrfToken = getMethod('RequestChecker', 'getCsrfToken');
$token = $getCsrfToken->invokeArgs($checker, array());
$array = array('csrf_token' => $token);
$this->assertEquals($checker->check($array), true);
}
<?php
require dirname(__FILE__) . "/class.request_checker.php";
// アクセスチェック
// 不正な場合、404ページに飛ぶ
$requestchecker = new RequestChecker();
if (!$requestchecker->check($_POST)) {
header("Location: /404/");
exit;
}
