DrupalBin
Submit Code
About
Recent Posts
How do i make this work in D6 (I have to clear the cache everytime to see the tabs)
2 hours 40 min
ago
Code
3 hours 35 min
ago
Code
7 hours 34 min
ago
oopsie in modules/taxonomy/taxonomy.test
9 hours 32 min
ago
more
Tags
CCK
drupal
fapi
jquery
menu
module
Panels
php
simpletest
test
theme
views
more tags
User login
Log in using OpenID:
What is OpenID?
Username:
*
Password:
*
Create new account
Request new password
Log in using OpenID
Cancel OpenID login
Home
Fix for Security scanner component for SimpleTest module: taking out a form_id attribute from an hidden field
View
Download
Fix
This fix will not be saved to the database until you submit.
Summary:
Tags:
Any tags you'd like to associate with your code, delimitered by commas (example: Views, CCK, Module, etc).
Source code:
*
/** * Implementation of the crawler page. */ function security_scanner_cron() { global $base_url; // Check if the auth session cookie value is already into the db, otherwise call // the function that retrieve this (enable multithreading) if (variable_get('security_scanner_cookie','') == '') { drupal_security_scanner_get_auth_cookie(); } $time = time() + 25; while (time() < $time) { // Initialize the crawler db_query('INSERT INTO {crawler} VALUES (default)'); $crawler_id = db_last_insert_id('crawler', 'id'); //Mark the extracted page as visited db_query("UPDATE {crawler_links} SET crawler_id = %d, status = 1 WHERE crawler_id = 0 LIMIT 1", $crawler_id); // Get the link from crawler_links table $page_to_visit = db_fetch_array(db_query("SELECT id,path FROM {crawler_links} WHERE crawler_id = %d AND status = 1 LIMIT 1", $crawler_id)); // Update the status field to sign as executed that link db_query("UPDATE {crawler_links} SET status = 1 WHERE crawler_id = %d and status = 1 LIMIT 1", $crawler_id); // Create a new object and parse the page // $obj = new drupal_security_scanner_test(); $obj = new drupal_security_scanner_test(); // Set the cookie $session_cookie = variable_get('security_scanner_cookie',''); $obj->curl_options = array( CURLOPT_COOKIE => $session_cookie, ); $obj->drupalGet($page_to_visit['path']); $obj->parse(); $links = $obj->elements->xpath('//a'); foreach($links as $link) { $url_to_save = (string)$link->attributes()->href; $absolute = getAbsoluteUrl($url_to_save); // Get the page but check if it's logout link, that makes me lose the cookie! $parsed_url = parse_url($absolute); if ($parsed_url['query'] != 'q=logout') { if (substr($absolute, 0, strlen($base_url)) == $base_url) { // Here we use IGNORE to insert only one time a link into the table. ("path" is a unique index) db_query("INSERT IGNORE INTO {crawler_links} VALUES ('','%s','','')", $absolute); } } } // Get the forms inside the page $forms = $obj->elements->xpath('//form'); foreach($forms as $form) { // Here we use again IGNORE to insert only one time a form_id into the table. ("form_id" is the primary key) $form->getAttribute('id'); echo "<br />id: ".$page_to_visit['id'].'<br />'; echo "<br /><br />"; //db_query("INSERT IGNORE INTO {crawler_forms} VALUES ('%s','%d')", $form->, $page_to_visit['id']); } db_query("UPDATE {crawler_links} SET status = 2 WHERE crawler_id = %d and status = 1 LIMIT 1", $crawler_id); } // This has to be removed because the cookie has to stay into the databes to enable multiple istances of the crawler variable_del('security_scanner_cookie'); $obj->curlClose(); return '<p>'. t('The quick brown fox jumps over the lazy dog.') .'</p>'; } /** * Get the cookie of the admin and insert the first link into the table crawler_links. * There is an issue, I have to start the crawler from uid different than 1. */ function drupal_security_scanner_get_auth_cookie() { $initial_path = user_pass_reset_url(user_load(1)); // Add sleep to go round a bug inside a drupal core function. Remove it when it's changed into core. sleep(1); // Create a new object, set cURL options to call the function drupal_security_scanner_curl_headers that // saves into the variable table the admin cookie. Then set the cookie. $obj = new drupal_security_scanner_test(); $obj->curl_options = array( CURLOPT_HEADERFUNCTION => 'drupal_security_scanner_curl_headers', CURLOPT_FOLLOWLOCATION => 0, ); // Get the page with password reset and push submit button $obj->drupalGet($initial_path); $obj->drupalPost($initial_path,'',TRUE); // Add the first url into the crawler_links table. db_query("INSERT INTO {crawler_links} VALUES ('','%s','','')", url('admin', array('absolute' => TRUE))); return true; } /** * This function will extract headers and return the lenght. */ function drupal_security_scanner_curl_headers($ch = NULL, $header = NULL) { static $headers = array(); if (!isset($ch)) { return $headers; } if(!strncmp($header, "Set-Cookie:", 11)) { // get the cookie $cookiestr = trim(substr($header, 11, -1)); $cookie = explode(';', $cookiestr); variable_set('security_scanner_cookie', $cookie[0]); } return strlen($header); }
Syntax highlighting mode:
ActionScript
ColdFusion
Diff
Drupal
Drupal 5
Drupal 6
HTML
Javascript
MySQL
PHP
Python
robots.txt
SQL
Text
Select the syntax highlighting mode to use.
