Fix various phpcs error from last security patches

[lhc/web/wiklou.git] / tests / phpunit / includes / api / ApiMainTest.php

diff --git a/tests/phpunit/includes/api/ApiMainTest.php b/tests/phpunit/includes/api/ApiMainTest.php
index 06e7962..334e3b8 100644 (file)
--- a/tests/phpunit/includes/api/ApiMainTest.php
+++ b/tests/phpunit/includes/api/ApiMainTest.php
@@ -253,4 +253,33 @@ class ApiMainTest extends ApiTestCase {
                ];
        }
 
+       /**
+        * @covers ApiMain::lacksSameOriginSecurity
+        */
+       public function testLacksSameOriginSecurity() {
+               // Basic test
+               $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) );
+               $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' );
+
+               // JSONp
+               $main = new ApiMain(
+                       new FauxRequest( [ 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ] )
+               );
+               $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' );
+
+               // Header
+               $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] );
+               $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value!
+               $main = new ApiMain( $request );
+               $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' );
+
+               // Hook
+               $this->mergeMwGlobalArrayValue( 'wgHooks', [
+                       'RequestHasSameOriginSecurity' => [ function () {
+                               return false;
+                       } ]
+               ] );
+               $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) );
+               $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' );
+       }
 }