tests/unit/UrlRedirectorTest.php

   1 <?php
   2
   3 declare(strict_types=1);
   4
   5 namespace PhpMyAdmin\Tests;
   6
   7 use Fig\Http\Message\StatusCodeInterface;
   8 use PhpMyAdmin\Config;
   9 use PhpMyAdmin\Http\Factory\ResponseFactory;
  10 use PhpMyAdmin\Template;
  11 use PhpMyAdmin\Tests\Stubs\ResponseRenderer;
  12 use PhpMyAdmin\UrlRedirector;
  13 use PHPUnit\Framework\Attributes\CoversClass;
  14
  15 #[CoversClass(UrlRedirector::class)]
  16 final class UrlRedirectorTest extends AbstractTestCase
  17 {
  18     public function testRedirectWithDisallowedUrl(): void
  19     {
  20         $config = Config::getInstance();
  21         $config->set('PmaAbsoluteUri', 'http://localhost/phpmyadmin');
  22
  23         $urlRedirector = new UrlRedirector(new ResponseRenderer(), new Template(), ResponseFactory::create());
  24
  25         $response = $urlRedirector->redirect('https://user:pass@example.com/');
  26         self::assertSame('/phpmyadmin/', $response->getHeaderLine('Location'));
  27         self::assertSame(StatusCodeInterface::STATUS_FOUND, $response->getStatusCode());
  28     }
  29
  30     public function testRedirectWithAllowedUrl(): void
  31     {
  32         $_SERVER['SERVER_NAME'] = 'localhost';
  33
  34         $urlRedirector = new UrlRedirector(new ResponseRenderer(), new Template(), ResponseFactory::create());
  35
  36         $response = $urlRedirector->redirect('https://phpmyadmin.net/');
  37         $expected = <<<'HTML'
  38             <script>
  39                 window.onload = function () {
  40                     window.location = 'https\u003A\/\/phpmyadmin.net\/';
  41                 };
  42             </script>
  43             Taking you to the target site.
  44
  45             HTML;
  46
  47         self::assertSame($expected, (string) $response->getBody());
  48     }
  49 }