From 476951fd8fa05edab99edd5ecde2c81e9d8ccbc0 Mon Sep 17 00:00:00 2001 From: catch Date: Fri, 25 Jun 2021 06:58:05 +0100 Subject: [PATCH] Issue #3217374 by bbrala, daffie: SIMPLETEST_BASE_URL does not validate scheme (cherry picked from commit 883787ecfb14601a40164f168a2d81fedb84d8a4) --- core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php | 9 ++++++++- .../Drupal/FunctionalTests/BrowserTestBaseTest.php | 10 ++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php b/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php index 2e8594b564e..231c4b5d9a8 100644 --- a/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php +++ b/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php @@ -564,7 +564,7 @@ trait FunctionalTestSetupTrait { * Sets up the base URL based upon the environment variable. * * @throws \Exception - * Thrown when no SIMPLETEST_BASE_URL environment variable is provided. + * Thrown when no SIMPLETEST_BASE_URL environment variable is provided or uses an invalid scheme. */ protected function setupBaseUrl() { global $base_url; @@ -584,6 +584,13 @@ trait FunctionalTestSetupTrait { $path = isset($parsed_url['path']) ? rtrim(rtrim($parsed_url['path']), '/') : ''; $port = isset($parsed_url['port']) ? $parsed_url['port'] : 80; + $valid_url_schemes = ['http', 'https']; + if (!in_array(strtolower($parsed_url['scheme']), $valid_url_schemes, TRUE)) { + throw new \Exception( + 'You must provide valid scheme for the SIMPLETEST_BASE_URL environment variable. Valid schema are: http, https.' + ); + } + $this->baseUrl = $base_url; // If the passed URL schema is 'https' then setup the $_SERVER variables diff --git a/core/tests/Drupal/FunctionalTests/BrowserTestBaseTest.php b/core/tests/Drupal/FunctionalTests/BrowserTestBaseTest.php index 06737292e09..00fa980e974 100644 --- a/core/tests/Drupal/FunctionalTests/BrowserTestBaseTest.php +++ b/core/tests/Drupal/FunctionalTests/BrowserTestBaseTest.php @@ -1002,4 +1002,14 @@ class BrowserTestBaseTest extends BrowserTestBase { $this->assertStringContainsString('}', $body); } + /** + * Test if setting an invalid scheme in SIMPLETEST_BASE_URL throws an exception. + */ + public function testSimpleTestBaseUrlValidation() { + putenv('SIMPLETEST_BASE_URL=mysql://user:pass@localhost/database'); + $this->expectException(\Exception::class); + $this->expectExceptionMessage('You must provide valid scheme for the SIMPLETEST_BASE_URL environment variable. Valid schema are: http, https.'); + $this->setupBaseUrl(); + } + }