/** * Always permit requests for localhost, or for api or soap scripts and for system tracker templates * * @param Array $server * * @return Boolean */ function isException($server) { $userRequestsDefaultTemplates = $server['REQUEST_URI'] == TRACKER_BASE_URL . '/index.php?group_id=100' && HTTPRequest::instance()->isAjax(); $userRequestsDefaultTemplates |= $server['REQUEST_URI'] == TRACKER_BASE_URL . '/invert_comments_order.php'; $userRequestsDefaultTemplates |= $server['REQUEST_URI'] == TRACKER_BASE_URL . '/invert_display_changes.php'; $userRequestsDefaultTemplates |= $server['REQUEST_URI'] == TRACKER_BASE_URL . '/unsubscribe_notifications.php'; return $userRequestsDefaultTemplates || parent::isException($server); }
function itTreatsExtractionOfCrossReferencesApiAsException() { $urlVerification = new URLVerification(); $this->assertTrue($urlVerification->isException(array('SCRIPT_NAME' => '/api/reference/extractCross'))); }
function testIsException() { $urlVerification = new URLVerification(); $this->assertTrue($urlVerification->isException(array('SERVER_NAME' => 'localhost', 'SCRIPT_NAME' => '/projects/foobar'))); $this->assertFalse($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/projects/foobar'))); $this->assertTrue($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/api/reference/extractCross'))); $this->assertTrue($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/soap/index.php'))); $this->assertFalse($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/plugins/tracker'))); $this->assertTrue($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/plugins/tracker/soap/'))); $this->assertFalse($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/forged/url?q=/plugins/tracker/soap/'))); $this->assertTrue($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/plugins/docman/soap/'))); $this->assertFalse($urlVerification->isException(array('SERVER_NAME' => 'codendi.org', 'SCRIPT_NAME' => '/projects/foobar'))); }
/** * Always permit requests for localhost, or for api or soap scripts and for system tracker templates * * @param Array $server * * @return Boolean */ function isException($server) { $userRequestsDefaultTemplates = $server['REQUEST_URI'] == TRACKER_BASE_URL . '/index.php?group_id=100' && HTTPRequest::instance()->isAjax(); return $userRequestsDefaultTemplates || parent::isException($server); }