1<?php 2 3/** 4 * Perform basic XML-RPC tests that do not require addition callbacks. 5 */ 6class XMLRPCBasicTestCase extends DrupalWebTestCase { 7 8 public static function getInfo() { 9 return array( 10 'name' => 'XML-RPC basic', 11 'description' => 'Perform basic XML-RPC tests that do not require additional callbacks.', 12 'group' => 'XML-RPC', 13 ); 14 } 15 16 /** 17 * Ensure that a basic XML-RPC call with no parameters works. 18 */ 19 protected function testListMethods() { 20 // Minimum list of methods that should be included. 21 $minimum = array( 22 'system.multicall', 23 'system.methodSignature', 24 'system.getCapabilities', 25 'system.listMethods', 26 'system.methodHelp', 27 ); 28 29 // Invoke XML-RPC call to get list of methods. 30 $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php'; 31 $methods = xmlrpc($url, array('system.listMethods' => array())); 32 33 // Ensure that the minimum methods were found. 34 $count = 0; 35 foreach ($methods as $method) { 36 if (in_array($method, $minimum)) { 37 $count++; 38 } 39 } 40 41 $this->assertEqual($count, count($minimum), 'system.listMethods returned at least the minimum listing'); 42 } 43 44 /** 45 * Ensure that system.methodSignature returns an array of signatures. 46 */ 47 protected function testMethodSignature() { 48 $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php'; 49 $signature = xmlrpc($url, array('system.methodSignature' => array('system.listMethods'))); 50 $this->assert(is_array($signature) && !empty($signature) && is_array($signature[0]), 51 'system.methodSignature returns an array of signature arrays.'); 52 } 53 54 /** 55 * Ensure that XML-RPC correctly handles invalid messages when parsing. 56 */ 57 protected function testInvalidMessageParsing() { 58 $invalid_messages = array( 59 array( 60 'message' => xmlrpc_message(''), 61 'assertion' => 'Empty message correctly rejected during parsing.', 62 ), 63 array( 64 'message' => xmlrpc_message('<?xml version="1.0" encoding="ISO-8859-1"?>'), 65 'assertion' => 'Empty message with XML declaration correctly rejected during parsing.', 66 ), 67 array( 68 'message' => xmlrpc_message('<?xml version="1.0"?><params><param><value><string>value</string></value></param></params>'), 69 'assertion' => 'Non-empty message without a valid message type is rejected during parsing.', 70 ), 71 array( 72 'message' => xmlrpc_message('<methodResponse><params><param><value><string>value</string></value></param></methodResponse>'), 73 'assertion' => 'Non-empty malformed message is rejected during parsing.', 74 ), 75 ); 76 77 foreach ($invalid_messages as $assertion) { 78 $this->assertFalse(xmlrpc_message_parse($assertion['message']), $assertion['assertion']); 79 } 80 } 81} 82 83class XMLRPCValidator1IncTestCase extends DrupalWebTestCase { 84 public static function getInfo() { 85 return array( 86 'name' => 'XML-RPC validator', 87 'description' => 'See <a href="http://www.xmlrpc.com/validator1Docs">the xmlrpc validator1 specification</a>.', 88 'group' => 'XML-RPC', 89 ); 90 } 91 92 function setUp() { 93 parent::setUp('xmlrpc_test'); 94 } 95 96 /** 97 * Run validator1 tests. 98 */ 99 function testValidator1() { 100 $xml_url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php'; 101 srand(); 102 mt_srand(); 103 104 $array_1 = array(array('curly' => mt_rand(-100, 100)), 105 array('curly' => mt_rand(-100, 100)), 106 array('larry' => mt_rand(-100, 100)), 107 array('larry' => mt_rand(-100, 100)), 108 array('moe' => mt_rand(-100, 100)), 109 array('moe' => mt_rand(-100, 100)), 110 array('larry' => mt_rand(-100, 100))); 111 shuffle($array_1); 112 $l_res_1 = xmlrpc_test_arrayOfStructsTest($array_1); 113 $r_res_1 = xmlrpc($xml_url, array('validator1.arrayOfStructsTest' => array($array_1))); 114 $this->assertIdentical($l_res_1, $r_res_1); 115 116 $string_2 = 't\'&>>zf"md>yr>xlcev<h<"k&j<og"w&&>">>uai"np&s>>q\'&b<>"&&&'; 117 $l_res_2 = xmlrpc_test_countTheEntities($string_2); 118 $r_res_2 = xmlrpc($xml_url, array('validator1.countTheEntities' => array($string_2))); 119 $this->assertIdentical($l_res_2, $r_res_2); 120 121 $struct_3 = array('moe' => mt_rand(-100, 100), 'larry' => mt_rand(-100, 100), 'curly' => mt_rand(-100, 100), 'homer' => mt_rand(-100, 100)); 122 $l_res_3 = xmlrpc_test_easyStructTest($struct_3); 123 $r_res_3 = xmlrpc($xml_url, array('validator1.easyStructTest' => array($struct_3))); 124 $this->assertIdentical($l_res_3, $r_res_3); 125 126 $struct_4 = array('sub1' => array('bar' => 13), 127 'sub2' => 14, 128 'sub3' => array('foo' => 1, 'baz' => 2), 129 'sub4' => array('ss' => array('sss' => array('ssss' => 'sssss')))); 130 $l_res_4 = xmlrpc_test_echoStructTest($struct_4); 131 $r_res_4 = xmlrpc($xml_url, array('validator1.echoStructTest' => array($struct_4))); 132 $this->assertIdentical($l_res_4, $r_res_4); 133 134 $int_5 = mt_rand(-100, 100); 135 $bool_5 = (($int_5 % 2) == 0); 136 $string_5 = $this->randomName(); 137 $double_5 = (double)(mt_rand(-1000, 1000) / 100); 138 $time_5 = REQUEST_TIME; 139 $base64_5 = $this->randomName(100); 140 $l_res_5 = xmlrpc_test_manyTypesTest($int_5, $bool_5, $string_5, $double_5, xmlrpc_date($time_5), $base64_5); 141 // See http://drupal.org/node/37766 why this currently fails 142 $l_res_5[5] = $l_res_5[5]->data; 143 $r_res_5 = xmlrpc($xml_url, array('validator1.manyTypesTest' => array($int_5, $bool_5, $string_5, $double_5, xmlrpc_date($time_5), xmlrpc_base64($base64_5)))); 144 // @todo Contains objects, objects are not equal. 145 $this->assertEqual($l_res_5, $r_res_5); 146 147 $size = mt_rand(100, 200); 148 $array_6 = array(); 149 for ($i = 0; $i < $size; $i++) { 150 $array_6[] = $this->randomName(mt_rand(8, 12)); 151 } 152 153 $l_res_6 = xmlrpc_test_moderateSizeArrayCheck($array_6); 154 $r_res_6 = xmlrpc($xml_url, array('validator1.moderateSizeArrayCheck' => array($array_6))); 155 $this->assertIdentical($l_res_6, $r_res_6); 156 157 $struct_7 = array(); 158 for ($y = 2000; $y < 2002; $y++) { 159 for ($m = 3; $m < 5; $m++) { 160 for ($d = 1; $d < 6; $d++) { 161 $ys = (string) $y; 162 $ms = sprintf('%02d', $m); 163 $ds = sprintf('%02d', $d); 164 $struct_7[$ys][$ms][$ds]['moe'] = mt_rand(-100, 100); 165 $struct_7[$ys][$ms][$ds]['larry'] = mt_rand(-100, 100); 166 $struct_7[$ys][$ms][$ds]['curly'] = mt_rand(-100, 100); 167 } 168 } 169 } 170 $l_res_7 = xmlrpc_test_nestedStructTest($struct_7); 171 $r_res_7 = xmlrpc($xml_url, array('validator1.nestedStructTest' => array($struct_7))); 172 $this->assertIdentical($l_res_7, $r_res_7); 173 174 175 $int_8 = mt_rand(-100, 100); 176 $l_res_8 = xmlrpc_test_simpleStructReturnTest($int_8); 177 $r_res_8 = xmlrpc($xml_url, array('validator1.simpleStructReturnTest' => array($int_8))); 178 $this->assertIdentical($l_res_8, $r_res_8); 179 180 /* Now test multicall */ 181 $x = array(); 182 $x['validator1.arrayOfStructsTest'] = array($array_1); 183 $x['validator1.countTheEntities'] = array($string_2); 184 $x['validator1.easyStructTest'] = array($struct_3); 185 $x['validator1.echoStructTest'] = array($struct_4); 186 $x['validator1.manyTypesTest'] = array($int_5, $bool_5, $string_5, $double_5, xmlrpc_date($time_5), xmlrpc_base64($base64_5)); 187 $x['validator1.moderateSizeArrayCheck'] = array($array_6); 188 $x['validator1.nestedStructTest'] = array($struct_7); 189 $x['validator1.simpleStructReturnTest'] = array($int_8); 190 191 $a_l_res = array($l_res_1, $l_res_2, $l_res_3, $l_res_4, $l_res_5, $l_res_6, $l_res_7, $l_res_8); 192 $a_r_res = xmlrpc($xml_url, $x); 193 $this->assertEqual($a_l_res, $a_r_res); 194 } 195} 196 197class XMLRPCMessagesTestCase extends DrupalWebTestCase { 198 public static function getInfo() { 199 return array( 200 'name' => 'XML-RPC message and alteration', 201 'description' => 'Test large messages and method alterations.', 202 'group' => 'XML-RPC', 203 ); 204 } 205 206 function setUp() { 207 parent::setUp('xmlrpc_test'); 208 } 209 210 /** 211 * Make sure that XML-RPC can transfer large messages. 212 */ 213 function testSizedMessages() { 214 // These tests can produce up to 128 x 160 words in the XML-RPC message 215 // (see xmlrpc_test_message_sized_in_kb()) with 4 tags used to represent 216 // each. Set a large enough tag limit to allow this to be tested. 217 variable_set('xmlrpc_message_maximum_tag_count', 100000); 218 219 $xml_url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php'; 220 $sizes = array(8, 80, 160); 221 foreach ($sizes as $size) { 222 $xml_message_l = xmlrpc_test_message_sized_in_kb($size); 223 $xml_message_r = xmlrpc($xml_url, array('messages.messageSizedInKB' => array($size))); 224 225 $this->assertEqual($xml_message_l, $xml_message_r, format_string('XML-RPC messages.messageSizedInKB of %s Kb size received', array('%s' => $size))); 226 } 227 } 228 229 /** 230 * Ensure that hook_xmlrpc_alter() can hide even builtin methods. 231 */ 232 protected function testAlterListMethods() { 233 234 // Ensure xmlrpc_test_xmlrpc_alter() is disabled and retrieve regular list of methods. 235 variable_set('xmlrpc_test_xmlrpc_alter', FALSE); 236 $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php'; 237 $methods1 = xmlrpc($url, array('system.listMethods' => array())); 238 239 // Enable the alter hook and retrieve the list of methods again. 240 variable_set('xmlrpc_test_xmlrpc_alter', TRUE); 241 $methods2 = xmlrpc($url, array('system.listMethods' => array())); 242 243 $diff = array_diff($methods1, $methods2); 244 $this->assertTrue(is_array($diff) && !empty($diff), 'Method list is altered by hook_xmlrpc_alter'); 245 $removed = reset($diff); 246 $this->assertEqual($removed, 'system.methodSignature', 'Hiding builting system.methodSignature with hook_xmlrpc_alter works'); 247 } 248 249 /** 250 * Test limits on system.multicall that can prevent brute-force attacks. 251 */ 252 function testMulticallLimit() { 253 $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php'; 254 $multicall_args = array(); 255 $num_method_calls = 10; 256 for ($i = 0; $i < $num_method_calls; $i++) { 257 $struct = array('i' => $i); 258 $multicall_args[] = array('methodName' => 'validator1.echoStructTest', 'params' => array($struct)); 259 } 260 // Test limits of 1, 5, 9, 13. 261 for ($limit = 1; $limit < $num_method_calls + 4; $limit += 4) { 262 variable_set('xmlrpc_multicall_duplicate_method_limit', $limit); 263 $results = xmlrpc($url, array('system.multicall' => array($multicall_args))); 264 $this->assertEqual($num_method_calls, count($results)); 265 for ($i = 0; $i < min($limit, $num_method_calls); $i++) { 266 $x = array_shift($results); 267 $this->assertTrue(empty($x->is_error), "Result $i is not an error"); 268 $this->assertEqual($multicall_args[$i]['params'][0], $x); 269 } 270 for (; $i < $num_method_calls; $i++) { 271 $x = array_shift($results); 272 $this->assertFalse(empty($x->is_error), "Result $i is an error"); 273 $this->assertEqual(-156579, $x->code); 274 } 275 } 276 variable_set('xmlrpc_multicall_duplicate_method_limit', -1); 277 $results = xmlrpc($url, array('system.multicall' => array($multicall_args))); 278 $this->assertEqual($num_method_calls, count($results)); 279 foreach ($results as $i => $x) { 280 $this->assertTrue(empty($x->is_error), "Result $i is not an error"); 281 } 282 } 283} 284