php PMA_checkPageValidity类(方法)实例源码

/**
  * Test for PMA_checkPageValidity
  *
  * @param string     $page      Page
  * @param array|null $whiteList White list
  * @param int        $expected  Expected value
  *
  * @return void
  *
  * @dataProvider provider
  */
 function testGotoNowhere($page, $whiteList, $expected)
 {
     $this->assertTrue($expected === PMA_checkPageValidity($page, $whiteList));
 }

* holds page that should be displayed
 * @global string $GLOBALS['goto']
 */
$GLOBALS['goto'] = '';
// Security fix: disallow accessing serious server files via "?goto="
if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
    $GLOBALS['goto'] = $_REQUEST['goto'];
    $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
} else {
    unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
}
/**
 * returning page
 * @global string $GLOBALS['back']
 */
if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
    $GLOBALS['back'] = $_REQUEST['back'];
} else {
    unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
}
/**
 * Check whether user supplied token is valid, if not remove any possibly
 * dangerous stuff from request.
 *
 * remember that some objects in the session with session_start and __wakeup()
 * could access this variables before we reach this point
 * f.e. PMA_Config: fontsize
 *
 * @todo variables should be handled by their respective owners (objects)
 * f.e. lang, server, collation_connection in PMA_Config
 */

function testGotoWhitelistEncodedPage()
    {
        $page = 'main.php%3Fsql.php%26test%3Dtrue';

        $this->assertTrue(PMA_checkPageValidity($page, $this->goto_whitelist));
    }