/**
* Tests isUrlAllowed() function for various urls and configuration
*/
public function testisURLallowed()
{
csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*');
$_SERVER['PHP_SELF'] = '/nodelete.php';
$this->assertTrue(csrfprotector::isURLallowed());
$_SERVER['PHP_SELF'] = '/index.php';
$this->assertTrue(csrfprotector::isURLallowed('http://test/index.php'));
$_SERVER['PHP_SELF'] = '/delete.php';
$this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php'));
$_SERVER['PHP_SELF'] = '/delete_user.php';
$this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php'));
$_SERVER['REQUEST_SCHEME'] = 'https';
$_SERVER['PHP_SELF'] = '/index.php';
$this->assertFalse(csrfprotector::isURLallowed('https://test/index.php'));
$_SERVER['PHP_SELF'] = '/delete_user.php';
$this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php'));
}
/**
* Tests isUrlAllowed() function for various urls and configuration
*/
public function testisURLallowed()
{
csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*');
$this->assertTrue(csrfprotector::isURLallowed('http"//test/nodelete.php'));
$this->assertTrue(csrfprotector::isURLallowed('http://test/index.php'));
$this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php'));
$this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php'));
$this->assertFalse(csrfprotector::isURLallowed('https://test/index.php'));
$this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php'));
}
