dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Prepend jsonp callback with comment
[lhc/web/wiklou.git] / tests / phpunit / includes / api / format / ApiFormatJsonTest.php
diff --git a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
index c71faec..fc1f902 100644 (file)
--- a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
+++ b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
@@ -14,4 +14,9 @@ class ApiFormatJsonTest extends ApiFormatTestBase {
                $this->assertInternalType( 'array', json_decode( $data, true ) );
                $this->assertGreaterThan( 0, count( (array)$data ) );
        }
+
+       public function testJsonpInjection( ) {
+               $data = $this->apiRequest( 'json', array( 'action' => 'query', 'meta' => 'siteinfo', 'callback' => 'myCallback' ) );
+               $this->assertEquals( '/**/myCallback(', substr( $data, 0, 15 ) );
+       }
 }
Wiklou, le Wiki du Wiklou