sfForm::enableCSRFProtection(); $request = new myRequest($dispatcher); try { $request->checkCSRFProtection(); $t->fail('->checkCSRFProtection() throws a validator error if CSRF protection fails'); } catch (sfValidatorErrorSchema $error) { $t->pass('->checkCSRFProtection() throws a validator error if CSRF protection fails'); } $request = new myRequest($dispatcher); $request->setParameter('_csrf_token', '==TOKEN=='); try { $request->checkCSRFProtection(); $t->pass('->checkCSRFProtection() checks token from BaseForm'); } catch (sfValidatorErrorSchema $error) { $t->fail('->checkCSRFProtection() checks token from BaseForm'); } // ->getContentType() $t->diag('->getContentType()'); $request = new myRequest($dispatcher); $_SERVER['CONTENT_TYPE'] = 'text/html'; $t->is($request->getContentType(), 'text/html', '->getContentType() returns the content type'); $request = new myRequest($dispatcher); $_SERVER['CONTENT_TYPE'] = 'text/html; charset=UTF-8'; $t->is($request->getContentType(), 'text/html', '->getContentType() strips the charset information by default'); $t->is($request->getContentType(false), 'text/html; charset=UTF-8', '->getContentType() does not strip the charset information by defaultif you pass false as the first argument'); // ->getHost() $t->diag('->getHost()'); $request = new myRequest($dispatcher); $_SERVER['HTTP_X_FORWARDED_HOST'] = 'example1.com, example2.com, example3.com'; $t->is($request->getHost(), 'example3.com', '->getHost() returns the last forwarded host'); unset($_SERVER['HTTP_X_FORWARDED_HOST']);
// ->getContentType() $t->diag('->getContentType()'); $request = new myRequest($dispatcher); $_SERVER['CONTENT_TYPE'] = 'text/html'; $t->is($request->getContentType(), 'text/html', '->getContentType() returns the content type'); $request = new myRequest($dispatcher); $_SERVER['CONTENT_TYPE'] = 'text/html; charset=UTF-8'; $t->is($request->getContentType(), 'text/html', '->getContentType() strips the charset information by default'); $t->is($request->getContentType(false), 'text/html; charset=UTF-8', '->getContentType() does not strip the charset information by defaultif you pass false as the first argument'); // ->getReferer() $t->diag('->getReferer()'); $request = new myRequest($dispatcher); $_SERVER['HTTP_REFERER'] = 'http://domain'; $t->is($request->getReferer(), 'http://domain', '->getContentType() returns the content type'); // ->getHost() $t->diag('->getHost()'); $request = new myRequest($dispatcher); $_SERVER['HTTP_X_FORWARDED_HOST'] = 'example1.com, example2.com, example3.com'; $t->is($request->getHost(), 'example3.com', '->getHost() returns the last forwarded host'); unset($_SERVER['HTTP_X_FORWARDED_HOST']); $_SERVER['HTTP_HOST'] = 'symfony-project.org'; $t->is($request->getHost(), 'symfony-project.org', '->getHost() returns the host'); $request->setOption('trust_proxy', false); $_SERVER['HTTP_X_FORWARDED_HOST'] = 'example1.com, example2.com, example3.com'; $t->is($request->getHost(), 'symfony-project.org', '->getHost() returns the host even if forwarded host is define when "trust_proxy" option is set to false'); unset($_SERVER['HTTP_X_FORWARDED_HOST']); // ->getFiles() $t->diag('->getFiles()'); $_FILES = array('article' => array('name' => array('media' => '1.png'), 'type' => array('media' => 'image/png'), 'tmp_name' => array('media' => '/private/var/tmp/phpnTrAJG'), 'error' => array('media' => 0), 'size' => array('media' => 899))); $taintedFiles = array('article' => array('media' => array('error' => 0, 'name' => '1.png', 'type' => 'image/png', 'tmp_name' => '/private/var/tmp/phpnTrAJG', 'size' => 899))); $t->is_deeply($request->getFiles(), $taintedFiles, '->getFiles() return clean array extracted from $_FILES');