Avoid Full Path Disclosure error on session error.

* Add a function to validate session ID. * Generate a new session ID if an invalid token is passed.
2015-07-25 13:15:47 +02:00 · 2015-07-25 13:15:47 +02:00 · 06b6660a7e
commit 06b6660a7e
parent d7efade5d6
3 changed files with 71 additions and 15 deletions
--- a/tests/UtilsTest.php
+++ b/tests/UtilsTest.php
@ -150,5 +150,22 @@ class UtilsTest extends PHPUnit_Framework_TestCase
    {
        checkPHPVersion('5.3', '5.2');
    }
+
+    /**
+     * Test is_session_id_valid with a valid ID.
+     */
+    public function testIsSessionIdValid()
+    {
+        $this->assertTrue(is_session_id_valid('123456789012345678901234567890az'));
+    }
+
+    /**
+     * Test is_session_id_valid with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(is_session_id_valid(''));
+        $this->assertFalse(is_session_id_valid(array()));
+        $this->assertFalse(is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI='));
+    }
 }
-?>