diff options
| author | Timo Tijhof <krinklemail@gmail.com> | 2019-08-24 19:45:27 +0100 |
|---|---|---|
| committer | Timo Tijhof <krinklemail@gmail.com> | 2019-08-24 20:36:37 +0100 |
| commit | e1bf44cd21441b212aab8672397e821d7aa5e106 (patch) | |
| tree | 284272928ede875b7a7c1561a43b1211419b1579 /tests/phpunit/includes/resourceloader/ResourceLoaderTest.php | |
| parent | 41355718e137b2ed88160ad5ddb4db50336d54d9 (diff) | |
| download | mediawikicore-e1bf44cd21441b212aab8672397e821d7aa5e106.tar.gz mediawikicore-e1bf44cd21441b212aab8672397e821d7aa5e106.zip | |
resourceloader: Add tests for disallowing access to private modules
* Add a test to confirm that the ResourceLoader::respond() logic
works as intended.
* Remove the client code for preventing it from being loaded.
This can never happen in production unless there is a bug.
Instead of optimising to avoid a pointless request that only
happens when the software is broken, instead optimise for when
the software is not broken by just letting it happen. The server
already handles it just fine.
This was originally added in 2015 with 1dd73903726 to reduce
logspam, but that was instead fixed in 6d6b037e122 by making the
log message debug-only (because it's not a software problem,
it's a client-error, e.g. a broken user script or a third
party trying out different things on the load.php entry point).
Removing this makes the client a bit smaller, too :)
Change-Id: Ic5420d9329a73514f4fc27baa46ae58d94addafb
Diffstat (limited to 'tests/phpunit/includes/resourceloader/ResourceLoaderTest.php')
| -rw-r--r-- | tests/phpunit/includes/resourceloader/ResourceLoaderTest.php | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/tests/phpunit/includes/resourceloader/ResourceLoaderTest.php b/tests/phpunit/includes/resourceloader/ResourceLoaderTest.php index 86c2e9f59b06..ac4a1ca1bb38 100644 --- a/tests/phpunit/includes/resourceloader/ResourceLoaderTest.php +++ b/tests/phpunit/includes/resourceloader/ResourceLoaderTest.php @@ -1096,6 +1096,32 @@ END } /** + * Refuse requests for private modules. + * + * @covers ResourceLoader::respond + */ + public function testRespondErrorPrivate() { + $rl = $this->getMockBuilder( EmptyResourceLoader::class ) + ->setMethods( [ + 'measureResponseTime', + 'tryRespondNotModified', + 'sendResponseHeaders', + ] ) + ->getMock(); + $rl->register( [ + 'foo' => [ 'class' => ResourceLoaderTestModule::class ], + 'bar' => [ 'class' => ResourceLoaderTestModule::class, 'group' => 'private' ], + ] ); + $context = $this->getResourceLoaderContext( + [ 'modules' => 'foo|bar', 'only' => null ], + $rl + ); + + $this->expectOutputRegex( '/^\/\*.+Cannot build private module/s' ); + $rl->respond( $context ); + } + + /** * @covers ResourceLoader::respond */ public function testRespondInternalFailures() { |