removes carriage return from test request headers
authorPhilipp Schüle <p.schuele@metaways.de>
Mon, 8 Aug 2016 08:48:08 +0000 (10:48 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Mon, 8 Aug 2016 12:47:48 +0000 (14:47 +0200)
... to prevent CRLF injection errors

Change-Id: I207d2b3a233a2415ab07e6a5a27028a85f5df020
Reviewed-on: https://gerrit.tine20.org/tine20/3371
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
Tested-by: Philipp Schüle <p.schuele@metaways.de>
tests/tine20/Tinebase/ControllerServerTest.php
tests/tine20/Tinebase/Server/JsonTests.php
tests/tine20/Tinebase/Server/WebDAVTests.php

index ddb09ac..c4f0592 100644 (file)
@@ -21,21 +21,21 @@ class Tinebase_ControllerServerTest extends ServerTestCase
     public function testValidLogin()
     {
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-POST /index.php HTTP/1.1\r
-Content-Type: application/json\r
-Content-Length: 122\r
-Host: 192.168.122.158\r
-Connection: keep-alive\r
-Origin: http://192.168.1\22.158\r
-X-Tine20-Request-Type: JSON\r
-X-Tine20-Jsonkey: undefined\r
-User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36\r
-X-Tine20-Transactionid: 9c7129898e9f8ab7e4621fddf7077a1eaa425aac\r
-X-Requested-With: XMLHttpRequest\r
-Accept: */*\r
-Referer: http://192.168.122.158/tine20dev/\r
-Accept-Encoding: gzip,deflate\r
-Accept-Language: de-DE,de;q=0.8,en-GB;q=0.6,en;q=0.4\r
+POST /index.php HTTP/1.1
+Content-Type: application/json
+Content-Length: 122
+Host: 192.168.122.158
+Connection: keep-alive
+Origin: http://192.168.1\22.158
+X-Tine20-Request-Type: JSON
+X-Tine20-Jsonkey: undefined
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36
+X-Tine20-Transactionid: 9c7129898e9f8ab7e4621fddf7077a1eaa425aac
+X-Requested-With: XMLHttpRequest
+Accept: */*
+Referer: http://192.168.122.158/tine20dev/
+Accept-Encoding: gzip,deflate
+Accept-Language: de-DE,de;q=0.8,en-GB;q=0.6,en;q=0.4
 EOS
         );
         
@@ -52,21 +52,21 @@ EOS
     public function testInvalidLogin()
     {
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-POST /index.php HTTP/1.1\r
-Content-Type: application/json\r
-Content-Length: 122\r
-Host: 192.168.122.158\r
-Connection: keep-alive\r
-Origin: http://192.168.1\22.158\r
-X-Tine20-Request-Type: JSON\r
-X-Tine20-Jsonkey: undefined\r
-User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36\r
-X-Tine20-Transactionid: 9c7129898e9f8ab7e4621fddf7077a1eaa425aac\r
-X-Requested-With: XMLHttpRequest\r
-Accept: */*\r
-Referer: http://192.168.122.158/tine20dev/\r
-Accept-Encoding: gzip,deflate\r
-Accept-Language: de-DE,de;q=0.8,en-GB;q=0.6,en;q=0.4\r
+POST /index.php HTTP/1.1
+Content-Type: application/json
+Content-Length: 122
+Host: 192.168.122.158
+Connection: keep-alive
+Origin: http://192.168.1\22.158
+X-Tine20-Request-Type: JSON
+X-Tine20-Jsonkey: undefined
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36
+X-Tine20-Transactionid: 9c7129898e9f8ab7e4621fddf7077a1eaa425aac
+X-Requested-With: XMLHttpRequest
+Accept: */*
+Referer: http://192.168.122.158/tine20dev/
+Accept-Encoding: gzip,deflate
+Accept-Language: de-DE,de;q=0.8,en-GB;q=0.6,en;q=0.4
 EOS
         );
         
@@ -90,21 +90,21 @@ EOS
         $this->_transactionId = null;
 
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-POST /index.php HTTP/1.1\r
-Content-Type: application/json\r
-Content-Length: 122\r
-Host: 192.168.122.158\r
-Connection: keep-alive\r
-Origin: http://192.168.1\22.158\r
-X-Tine20-Request-Type: JSON\r
-X-Tine20-Jsonkey: undefined\r
-User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36\r
-X-Tine20-Transactionid: 9c7129898e9f8ab7e4621fddf7077a1eaa425aac\r
-X-Requested-With: XMLHttpRequest\r
-Accept: */*\r
-Referer: http://192.168.122.158/tine20dev/\r
-Accept-Encoding: gzip,deflate\r
-Accept-Language: de-DE,de;q=0.8,en-GB;q=0.6,en;q=0.4\r
+POST /index.php HTTP/1.1
+Content-Type: application/json
+Content-Length: 122
+Host: 192.168.122.158
+Connection: keep-alive
+Origin: http://192.168.1\22.158
+X-Tine20-Request-Type: JSON
+X-Tine20-Jsonkey: undefined
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36
+X-Tine20-Transactionid: 9c7129898e9f8ab7e4621fddf7077a1eaa425aac
+X-Requested-With: XMLHttpRequest
+Accept: */*
+Referer: http://192.168.122.158/tine20dev/
+Accept-Encoding: gzip,deflate
+Accept-Language: de-DE,de;q=0.8,en-GB;q=0.6,en;q=0.4
 EOS
         );
         
index a665d39..2f22a2b 100644 (file)
@@ -97,17 +97,17 @@ class Tinebase_Server_JsonTests extends TestCase
 
         $server = new Tinebase_Server_Json();
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-POST /index.php?requestType=JSON HTTP/1.1\r
-Host: localhost\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
-Content-Type: application/json\r
-X-Tine20-Transactionid: 18da265bc0eb66a36081bfd42689c1675ed68bab\r
-X-Requested-With: XMLHttpRequest\r
-Accept: */*\r
-Referer: http://tine20.vagrant/\r
-Accept-Encoding: gzip, deflate\r
-Accept-Language: en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4\r
-\r
+POST /index.php?requestType=JSON HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
+Content-Type: application/json
+X-Tine20-Transactionid: 18da265bc0eb66a36081bfd42689c1675ed68bab
+X-Requested-With: XMLHttpRequest
+Accept: */*
+Referer: http://tine20.vagrant/
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4
+
 {"jsonrpc":"2.0","method":"Inventory.searchInventoryItems","params":{"filter":[], "paging":{}},"id":6}
 EOS
         );
index d77eb2d..9a92897 100644 (file)
@@ -24,10 +24,10 @@ class Tinebase_Server_WebDAVTests extends ServerTestCase
     public function testServer()
     {
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1\r
-Host: localhost\r
-Depth: 0\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
+PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1
+Host: localhost
+Depth: 0
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
 EOS
         );
         
@@ -69,11 +69,11 @@ EOS
         $hash = base64_encode($credentials['username'] . ':' . $credentials['password']);
         
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1\r
-Host: localhost\r
-Depth: 0\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
-Authorization: Basic $hash\r
+PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1
+Host: localhost
+Depth: 0
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
+Authorization: Basic $hash
 EOS
         );
         
@@ -111,10 +111,10 @@ EOS
         $hash = base64_encode($credentials['username'] . ':' . $credentials['password']);
         
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1\r
-Host: localhost\r
-Depth: 0\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
+PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1
+Host: localhost
+Depth: 0
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
 EOS
         );
         
@@ -153,10 +153,10 @@ EOS
         $hash = base64_encode($credentials['username'] . ':' . $credentials['password']);
         
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1\r
-Host: localhost\r
-Depth: 0\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
+PROPFIND /calendars/64d7fdf9202f7b1faf7467f5066d461c2e75cf2b/4/ HTTP/1.1
+Host: localhost
+Depth: 0
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
 EOS
         );
         
@@ -193,10 +193,10 @@ EOS
     public function testPropfindCurrentUserPrincipal()
     {
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-PROPFIND /principals/users/ HTTP/1.1\r
-Host: localhost\r
-Depth: 0\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
+PROPFIND /principals/users/ HTTP/1.1
+Host: localhost
+Depth: 0
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
 EOS
         );
         
@@ -256,11 +256,11 @@ EOS
         $this->assertInstanceOf('Tinebase_Model_FullUser', $account);
         
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-PROPFIND /principals/users/{$account->contact_id}/ HTTP/1.1\r
-Host: localhost\r
-Depth: 0\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
-\r
+PROPFIND /principals/users/{$account->contact_id}/ HTTP/1.1
+Host: localhost
+Depth: 0
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
+
 <?xml version="1.0" encoding="UTF-8"?><D:propfind xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"><D:prop><C:calendar-home-set/><C:calendar-user-address-set/><C:schedule-inbox-URL/><C:schedule-outbox-URL/></D:prop></D:propfind>
 EOS
         );
@@ -322,12 +322,12 @@ EOS
             ->getId();
         
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-REPORT /calendars/{$account->contact_id}/{$containerId}/ HTTP/1.1\r
-Host: localhost\r
-Depth: 1\r
-Content-Type: application/xml; charset="utf-8"\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
-\r
+REPORT /calendars/{$account->contact_id}/{$containerId}/ HTTP/1.1
+Host: localhost
+Depth: 1
+Content-Type: application/xml; charset="utf-8"
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
+
 <?xml version="1.0" encoding="utf-8" ?><C:calendar-query xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"><D:prop><D:getetag/><C:calendar-data/></D:prop><C:filter><C:comp-filter name="VCALENDAR"><C:comp-filter name="VEVENT"><C:time-range start="20060104T000000Z" end="20160105T000000Z"/></C:comp-filter></C:comp-filter></C:filter></C:calendar-query>
 EOS
         );
@@ -383,12 +383,12 @@ EOS
             ->getId();
         
         $request = \Zend\Http\PhpEnvironment\Request::fromString(<<<EOS
-PROPFIND /calendars/{$account->contact_id}/{$containerId}/ HTTP/1.1\r
-Host: localhost\r
-Depth: 1\r
-Content-Type: application/xml; charset="utf-8"\r
-User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7\r
-\r
+PROPFIND /calendars/{$account->contact_id}/{$containerId}/ HTTP/1.1
+Host: localhost
+Depth: 1
+Content-Type: application/xml; charset="utf-8"
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120824 Thunderbird/15.0 Lightning/1.7
+
 <?xml version="1.0" encoding="UTF-8"?>
 <D:propfind xmlns:D="DAV:" xmlns:CS="http://calendarserver.org/ns/" xmlns:C="urn:ietf:params:xml:ns:caldav"><D:prop><D:resourcetype/><D:owner/><D:current-user-principal/><D:supported-report-set/><C:supported-calendar-component-set/><CS:getctag/></D:prop></D:propfind>
 EOS