Gecko [ 35.178.45.201 ]

Name	Size	Permission
Advisory	[ DIR ]	drwxr-xr-x
Charsets	[ DIR ]	drwxr-xr-x
Command	[ DIR ]	drwxr-xr-x
Config	[ DIR ]	drwxr-xr-x
ConfigStorage	[ DIR ]	drwxr-xr-x
Container	[ DIR ]	drwxr-xr-x
Controllers	[ DIR ]	drwxr-xr-x
Crypto	[ DIR ]	drwxr-xr-x
Database	[ DIR ]	drwxr-xr-x
Dbal	[ DIR ]	drwxr-xr-x
Display	[ DIR ]	drwxr-xr-x
Engines	[ DIR ]	drwxr-xr-x
Error	[ DIR ]	drwxr-xr-x
Export	[ DIR ]	drwxr-xr-x
Gis	[ DIR ]	drwxr-xr-x
Html	[ DIR ]	drwxr-xr-x
Http	[ DIR ]	drwxr-xr-x
Identifiers	[ DIR ]	drwxr-xr-x
Import	[ DIR ]	drwxr-xr-x
Navigation	[ DIR ]	drwxr-xr-x
Partitioning	[ DIR ]	drwxr-xr-x
Plugins	[ DIR ]	drwxr-xr-x
Properties	[ DIR ]	drwxr-xr-x
Query	[ DIR ]	drwxr-xr-x
Replication	[ DIR ]	drwxr-xr-x
Routing	[ DIR ]	drwxr-xr-x
Server	[ DIR ]	drwxr-xr-x
Setup	[ DIR ]	drwxr-xr-x
Stubs	[ DIR ]	drwxr-xr-x
Table	[ DIR ]	drwxr-xr-x
Theme	[ DIR ]	drwxr-xr-x
Tracking	[ DIR ]	drwxr-xr-x
Triggers	[ DIR ]	drwxr-xr-x
Utils	[ DIR ]	drwxr-xr-x
WebAuthn	[ DIR ]	drwxr-xr-x
_data	[ DIR ]	drwxr-xr-x
AbstractTestCase.php	5.3 KB	-rw-r--r--
ApplicationTest.php	1.63 KB	-rw-r--r--
BookmarkTest.php	3.56 KB	-rw-r--r--
BrowseForeignersTest.php	6.29 KB	-rw-r--r--
CacheTest.php	3.02 KB	-rw-r--r--
CharsetsTest.php	5.3 KB	-rw-r--r--
ConfigTest.php	31.22 KB	-rw-r--r--
ConsoleTest.php	1.38 KB	-rw-r--r--
CoreTest.php	23.3 KB	-rw-r--r--
CreateAddFieldTest.php	19.21 KB	-rw-r--r--
DatabaseInterfaceTest.php	29.52 KB	-rw-r--r--
DbTableExistsTest.php	2.9 KB	-rw-r--r--
EncodingTest.php	5.89 KB	-rw-r--r--
EnvironmentTest.php	478 B	-rw-r--r--
FieldHelper.php	1.09 KB	-rw-r--r--
FieldMetadataTest.php	3.54 KB	-rw-r--r--
FileListingTest.php	3.54 KB	-rw-r--r--
FileTest.php	2.02 KB	-rw-r--r--
FlashMessagesTest.php	1.96 KB	-rw-r--r--
FontTest.php	6.13 KB	-rw-r--r--
FooterTest.php	5.19 KB	-rw-r--r--
GitTest.php	15.08 KB	-rw-r--r--
HeaderTest.php	11.05 KB	-rw-r--r--
IndexColumnTest.php	2.73 KB	-rw-r--r--
IndexTest.php	4.18 KB	-rw-r--r--
InsertEditTest.php	80.72 KB	-rw-r--r--
IpAllowDenyTest.php	6.62 KB	-rw-r--r--
LanguageTest.php	8.44 KB	-rw-r--r--
LinterTest.php	3.57 KB	-rw-r--r--
ListDatabaseTest.php	2.26 KB	-rw-r--r--
LoggingTest.php	570 B	-rw-r--r--
MenuTest.php	1.63 KB	-rw-r--r--
MessageTest.php	14.44 KB	-rw-r--r--
MimeTest.php	990 B	-rw-r--r--
NormalizationTest.php	15.38 KB	-rw-r--r--
OpenDocumentTest.php	1.67 KB	-rw-r--r--
OperationsTest.php	2.19 KB	-rw-r--r--
ParseAnalyzeTest.php	2.1 KB	-rw-r--r--
PdfTest.php	1.4 KB	-rw-r--r--
PluginsTest.php	4.69 KB	-rw-r--r--
ProfilingTest.php	730 B	-rw-r--r--
ResponseRendererTest.php	1.71 KB	-rw-r--r--
SanitizeTest.php	6.99 KB	-rw-r--r--
ScriptsTest.php	3.66 KB	-rw-r--r--
SessionTest.php	741 B	-rw-r--r--
ShowGrantsTest.php	1.78 KB	-rw-r--r--
SqlQueryFormTest.php	5.85 KB	-rw-r--r--
SqlTest.php	30.76 KB	-rw-r--r--
StorageEngineTest.php	18.19 KB	-rw-r--r--
SystemDatabaseTest.php	4.72 KB	-rw-r--r--
TemplateTest.php	5.61 KB	-rw-r--r--
TransformationsTest.php	10.52 KB	-rw-r--r--
TwoFactorTest.php	21.18 KB	-rw-r--r--
TypesByDatabaseVersionTest.php	31.86 KB	-rw-r--r--
TypesTest.php	20.45 KB	-rw-r--r--
UniqueConditionTest.php	13.26 KB	-rw-r--r--
UrlRedirectorTest.php	1.48 KB	-rw-r--r--
UrlTest.php	8.56 KB	-rw-r--r--
UserPasswordTest.php	2.5 KB	-rw-r--r--
UserPreferencesTest.php	12.02 KB	-rw-r--r--
UserPrivilegesFactoryTest.php	5.82 KB	-rw-r--r--
UtilTest.php	55.46 KB	-rw-r--r--
VersionInformationTest.php	9.62 KB	-rw-r--r--
VersionTest.php	1.25 KB	-rw-r--r--
ZipExtensionTest.php	5.31 KB	-rw-r--r--

Code Editor : UrlTest.php

<?php

declare(strict_types=1);

namespace PhpMyAdmin\Tests;

use PhpMyAdmin\Config;
use PhpMyAdmin\Current;
use PhpMyAdmin\Url;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\DataProvider;
use ReflectionProperty;

use function ini_get;
use function is_string;
use function parse_str;
use function str_repeat;
use function urldecode;

#[CoversClass(Url::class)]
class UrlTest extends AbstractTestCase
{
    /** @var string|false|null */
    private static string|bool|null $inputArgSeparator = null;

/**
     * Sets up the fixture, for example, opens a network connection.
     * This method is called before a test is executed.
     */
    protected function setUp(): void
    {
        parent::setUp();

$this->setLanguage();

unset($_COOKIE['pma_lang']);
        Config::getInstance()->set('URLQueryEncryption', false);
    }

/**
     * Test for Url::getCommon for DB only
     */
    public function testDbOnly(): void
    {
        Current::$server = 2;
        Config::getInstance()->settings['ServerDefault'] = 3;

$separator = Url::getArgSeparator();
        $expected = 'server=2' . $separator . 'lang=en';

$expected = '?db=db'
            . $separator . $expected;

self::assertSame($expected, Url::getCommon(['db' => 'db']));
    }

/**
     * Test for Url::getCommon with new style
     */
    public function testNewStyle(): void
    {
        Current::$server = 2;
        Config::getInstance()->settings['ServerDefault'] = 3;

$separator = Url::getArgSeparator();
        $expected = 'server=2' . $separator . 'lang=en';

$expected = '?db=db'
            . $separator . 'table=table'
            . $separator . $expected;
        $params = ['db' => 'db', 'table' => 'table'];
        self::assertSame($expected, Url::getCommon($params));
    }

/**
     * Test for Url::getCommon with alternate divider
     */
    public function testWithAlternateDivider(): void
    {
        Current::$server = 2;
        Config::getInstance()->settings['ServerDefault'] = 3;

$separator = Url::getArgSeparator();
        $expected = 'server=2' . $separator . 'lang=en';

$expected = '#ABC#db=db' . $separator . 'table=table' . $separator
            . $expected;
        self::assertSame(
            $expected,
            Url::getCommonRaw(
                ['db' => 'db', 'table' => 'table'],
                '#ABC#',
            ),
        );
    }

/**
     * Test for Url::getCommon
     */
    public function testDefault(): void
    {
        Current::$server = 2;
        Config::getInstance()->settings['ServerDefault'] = 3;

$separator = Url::getArgSeparator();
        $expected = '?server=2' . $separator . 'lang=en';
        self::assertSame($expected, Url::getCommon());
    }

/**
     * Test for Url::getFromRoute
     */
    public function testGetFromRoute(): void
    {
        $generatedUrl = Url::getFromRoute('/test', [
            'db' => '%3\$s',
            'table' => '%2\$s',
            'field' => '%1\$s',
            'change_column' => 1,
        ]);
        self::assertSame(
            'index.php?route=/test&db=%253%5C%24s&table=%252%5C%24s&field=%251%5C%24s&change_column=1&lang=en',
            $generatedUrl,
        );
    }

/**
     * Test for Url::getFromRoute
     */
    public function testGetFromRouteSpecialDbName(): void
    {
        $generatedUrl = Url::getFromRoute('/test', [
            'db' => '&test=_database=',
            'table' => '&test=_database=',
            'field' => '&test=_database=',
            'change_column' => 1,
        ]);
        $expectedUrl = 'index.php?route=/test&db=%26test%3D_database%3D'
        . '&table=%26test%3D_database%3D&field=%26test%3D_database%3D&change_column=1&lang=en';
        self::assertSame($expectedUrl, $generatedUrl);

self::assertSame(
            'index.php?route=/test&db=&test=_database=&table=&'
            . 'test=_database=&field=&test=_database=&change_column=1&lang=en',
            urldecode(
                $expectedUrl,
            ),
        );
    }

/**
     * Test for Url::getFromRoute
     */
    public function testGetFromRouteMaliciousScript(): void
    {
        $generatedUrl = Url::getFromRoute('/test', [
            'db' => '<script src="https://domain.tld/svn/trunk/html5.js"></script>',
            'table' => '<script src="https://domain.tld/maybeweshouldusegit/trunk/html5.js"></script>',
            'field' => true,
            'trees' => 1,
            'book' => false,
            'worm' => false,
        ]);
        self::assertSame(
            'index.php?route=/test&db=%3Cscript+src%3D%22https%3A%2F%2Fdomain.tld%2Fsvn'
            . '%2Ftrunk%2Fhtml5.js%22%3E%3C%2Fscript%3E&table=%3Cscript+src%3D%22'
            . 'https%3A%2F%2Fdomain.tld%2Fmaybeweshouldusegit%2Ftrunk%2Fhtml5.js%22%3E%3C%2F'
            . 'script%3E&field=1&trees=1&book=0&worm=0&lang=en',
            $generatedUrl,
        );
    }

public function testGetHiddenFields(): void
    {
        $_SESSION = [];
        self::assertSame('', Url::getHiddenFields([]));

$_SESSION = [' PMA_token ' => '<b>token</b>'];
        self::assertSame(
            '<input type="hidden" name="token" value="&lt;b&gt;token&lt;/b&gt;">',
            Url::getHiddenFields([]),
        );
    }

public function testBuildHttpQueryWithUrlQueryEncryptionDisabled(): void
    {
        Config::getInstance()->set('URLQueryEncryption', false);
        $params = ['db' => 'test_db', 'table' => 'test_table', 'pos' => 0];
        self::assertSame('db=test_db&table=test_table&pos=0', Url::buildHttpQuery($params));
    }

public function testBuildHttpQueryWithUrlQueryEncryptionEnabled(): void
    {
        $_SESSION = [];
        $config = Config::getInstance();
        $config->set('URLQueryEncryption', true);
        $config->set('URLQueryEncryptionSecretKey', str_repeat('a', 32));

$params = ['db' => 'test_db', 'table' => 'test_table', 'pos' => 0];
        $query = Url::buildHttpQuery($params);
        self::assertStringStartsWith('pos=0&eq=', $query);
        parse_str($query, $queryParams);
        self::assertCount(2, $queryParams);
        self::assertSame('0', $queryParams['pos']);
        self::assertTrue(is_string($queryParams['eq']));
        self::assertNotSame('', $queryParams['eq']);
        self::assertMatchesRegularExpression('/^[a-zA-Z0-9-_=]+$/', $queryParams['eq']);

$decrypted = Url::decryptQuery($queryParams['eq']);
        self::assertNotNull($decrypted);
        self::assertJson($decrypted);
        self::assertSame('{"db":"test_db","table":"test_table"}', $decrypted);
    }

public function testQueryEncryption(): void
    {
        $_SESSION = [];
        $config = Config::getInstance();
        $config->set('URLQueryEncryption', true);
        $config->set('URLQueryEncryptionSecretKey', str_repeat('a', 32));

$query = '{"db":"test_db","table":"test_table"}';
        $encrypted = Url::encryptQuery($query);
        self::assertNotSame($query, $encrypted);
        self::assertNotSame('', $encrypted);
        self::assertMatchesRegularExpression('/^[a-zA-Z0-9-_=]+$/', $encrypted);

$decrypted = Url::decryptQuery($encrypted);
        self::assertSame($query, $decrypted);
    }

/** @param string|false $iniValue */
    #[DataProvider('getArgSeparatorProvider')]
    public function testGetArgSeparator(string $expected, string|bool $iniValue, string|null $cacheValue): void
    {
        $property = new ReflectionProperty(Url::class, 'inputArgSeparator');
        $property->setValue(null, $cacheValue);

self::$inputArgSeparator = $iniValue;
        self::assertSame($expected, Url::getArgSeparator());

self::$inputArgSeparator = null;
        $property->setValue(null, null);
    }

/** @psalm-return array<string, array{string, string|false, string|null}> */
    public static function getArgSeparatorProvider(): array
    {
        return [
            'ampersand' => ['&', '&', null],
            'semicolon' => [';', ';', null],
            'prefer ampersand' => ['&', '+;&$', null],
            'prefer semicolon' => [';', '+;$', null],
            'first char' => ['+', '+$', null],
            'cache' => ['$', '&', '$'],
            'empty value' => ['&', '', null],
            'false' => ['&', false, null],
        ];
    }

/**
     * Test double for ini_get('arg_separator.input') as it can't be changed using ini_set()
     *
     * @see Url::getArgSeparatorValueFromIni
     *
     * @return string|false
     */
    public static function getInputArgSeparator(): string|bool
    {
        return self::$inputArgSeparator ?? ini_get('arg_separator.input');
    }
}

${this.title}

Code Editor : UrlTest.php