From: gggeek Date: Tue, 3 Jan 2023 11:36:10 +0000 (+0000) Subject: make the demo server only allow outofband requests when tests are being run X-Git-Tag: 4.9.4~33 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=39b7605725cd18161ff70838e11b43b2af048727;p=plcapi.git make the demo server only allow outofband requests when tests are being run --- diff --git a/demo/server/methodProviders/functions.php b/demo/server/methodProviders/functions.php index 898965b3..6b50e0aa 100644 --- a/demo/server/methodProviders/functions.php +++ b/demo/server/methodProviders/functions.php @@ -14,7 +14,7 @@ use PhpXmlRpc\Server; use PhpXmlRpc\Value; // a PHP version of the state-number server -// send me an integer and i'll sell you a state +// send me an integer and I'll sell you a state $GLOBALS['stateNames'] = array( "Alabama", "Alaska", "Arizona", "Arkansas", "California", diff --git a/demo/server/server.php b/demo/server/server.php index 41c401ce..eb0b09a0 100644 --- a/demo/server/server.php +++ b/demo/server/server.php @@ -90,30 +90,32 @@ $s->compress_response = true; // Out-of-band information: let the client manipulate the server operations. // We do this to help the testsuite script: do not reproduce in production! -if (isset($_GET['RESPONSE_ENCODING'])) { - $s->response_charset_encoding = $_GET['RESPONSE_ENCODING']; -} -if (isset($_GET['DETECT_ENCODINGS'])) { - PhpXmlRpc::$xmlrpc_detectencodings = $_GET['DETECT_ENCODINGS']; -} -if (isset($_GET['EXCEPTION_HANDLING'])) { - $s->exception_handling = $_GET['EXCEPTION_HANDLING']; -} -if (isset($_GET['FORCE_AUTH'])) { - // We implement both Basic and Digest auth in php to avoid having to set it up in a vhost. - // Code taken from php.net - // NB: we do NOT check for valid credentials! - if ($_GET['FORCE_AUTH'] == 'Basic') { - if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['REMOTE_USER']) && !isset($_SERVER['REDIRECT_REMOTE_USER'])) { - header('HTTP/1.0 401 Unauthorized'); - header('WWW-Authenticate: Basic realm="Phpxmlrpc Basic Realm"'); - die('Text visible if user hits Cancel button'); - } - } elseif ($_GET['FORCE_AUTH'] == 'Digest') { - if (empty($_SERVER['PHP_AUTH_DIGEST'])) { - header('HTTP/1.1 401 Unauthorized'); - header('WWW-Authenticate: Digest realm="Phpxmlrpc Digest Realm",qop="auth",nonce="'.uniqid().'",opaque="'.md5('Phpxmlrpc Digest Realm').'"'); - die('Text visible if user hits Cancel button'); +if (defined('TESTMODE')) { + if (isset($_GET['RESPONSE_ENCODING'])) { + $s->response_charset_encoding = $_GET['RESPONSE_ENCODING']; + } + if (isset($_GET['DETECT_ENCODINGS'])) { + PhpXmlRpc::$xmlrpc_detectencodings = $_GET['DETECT_ENCODINGS']; + } + if (isset($_GET['EXCEPTION_HANDLING'])) { + $s->exception_handling = $_GET['EXCEPTION_HANDLING']; + } + if (isset($_GET['FORCE_AUTH'])) { + // We implement both Basic and Digest auth in php to avoid having to set it up in a vhost. + // Code taken from php.net + // NB: we do NOT check for valid credentials! + if ($_GET['FORCE_AUTH'] == 'Basic') { + if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['REMOTE_USER']) && !isset($_SERVER['REDIRECT_REMOTE_USER'])) { + header('HTTP/1.0 401 Unauthorized'); + header('WWW-Authenticate: Basic realm="Phpxmlrpc Basic Realm"'); + die('Text visible if user hits Cancel button'); + } + } elseif ($_GET['FORCE_AUTH'] == 'Digest') { + if (empty($_SERVER['PHP_AUTH_DIGEST'])) { + header('HTTP/1.1 401 Unauthorized'); + header('WWW-Authenticate: Digest realm="Phpxmlrpc Digest Realm",qop="auth",nonce="' . uniqid() . '",opaque="' . md5('Phpxmlrpc Digest Realm') . '"'); + die('Text visible if user hits Cancel button'); + } } } } diff --git a/tests/index.php b/tests/index.php index 93344382..a14defa7 100644 --- a/tests/index.php +++ b/tests/index.php @@ -7,6 +7,9 @@ ini_set('display_errors', true); error_reporting(E_ALL); +// Set up a constant which can be used by demo code to tell if the testuite is in action +const TESTMODE = true; + // Out-of-band information: let the client manipulate the page operations if (isset($_COOKIE['PHPUNIT_SELENIUM_TEST_ID']) && extension_loaded('xdebug')) { $GLOBALS['PHPUNIT_COVERAGE_DATA_DIRECTORY'] = '/tmp/phpxmlrpc_coverage';