/**
* Tests isUrlAllowed() function for various urls and configuration
*/
public function testisURLallowed()
{
csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*');
$_SERVER['PHP_SELF'] = '/nodelete.php';
$this->assertTrue(csrfprotector::isURLallowed());
$_SERVER['PHP_SELF'] = '/index.php';
$this->assertTrue(csrfprotector::isURLallowed('http://test/index.php'));
$_SERVER['PHP_SELF'] = '/delete.php';
$this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php'));
$_SERVER['PHP_SELF'] = '/delete_user.php';
$this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php'));
$_SERVER['REQUEST_SCHEME'] = 'https';
$_SERVER['PHP_SELF'] = '/index.php';
$this->assertFalse(csrfprotector::isURLallowed('https://test/index.php'));
$_SERVER['PHP_SELF'] = '/delete_user.php';
$this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php'));
}
/**
* function to test modifyURL()
*/
public function testModifyURL()
{
$token = 'abcxxcd';
// Url already contains token
$url = 'http://test/test.php?csrfp_token=' . $token;
$url_ = csrfprotector::modifyURL($url, $token);
$this->assertSame($url, $url_);
// Url without argument
$url = 'http://test/test.php';
$url_ = csrfprotector::modifyURL($url, $token);
$this->assertTrue(strpos($url_, "?" . CSRFP_TOKEN . "=" . $token) != false);
// Url with argument
$url = 'http://test/test.php?a=1&b=2';
$url_ = csrfprotector::modifyURL($url, $token);
$this->assertTrue(strpos($url_, "&" . CSRFP_TOKEN . "=" . $token) != false);
}
