/** * Tests isUrlAllowed() function for various urls and configuration */ public function testisURLallowed() { csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*'); $_SERVER['PHP_SELF'] = '/nodelete.php'; $this->assertTrue(csrfprotector::isURLallowed()); $_SERVER['PHP_SELF'] = '/index.php'; $this->assertTrue(csrfprotector::isURLallowed('http://test/index.php')); $_SERVER['PHP_SELF'] = '/delete.php'; $this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php')); $_SERVER['PHP_SELF'] = '/delete_user.php'; $this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php')); $_SERVER['REQUEST_SCHEME'] = 'https'; $_SERVER['PHP_SELF'] = '/index.php'; $this->assertFalse(csrfprotector::isURLallowed('https://test/index.php')); $_SERVER['PHP_SELF'] = '/delete_user.php'; $this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php')); }
/** * Tests isUrlAllowed() function for various urls and configuration */ public function testisURLallowed() { csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*'); $this->assertTrue(csrfprotector::isURLallowed('http"//test/nodelete.php')); $this->assertTrue(csrfprotector::isURLallowed('http://test/index.php')); $this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php')); $this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php')); $this->assertFalse(csrfprotector::isURLallowed('https://test/index.php')); $this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php')); }