From 9e840ea0ff62d24a4aedd4a41e0e934c18932d36 Mon Sep 17 00:00:00 2001
From: Dale Sikkema <dsikkema@ebay.com>
Date: Thu, 10 Dec 2015 16:20:16 -0600
Subject: [PATCH] MAGETWO-46581: X-XSS-Protection is set on IE 8 - add tests
---
.../Ui/Component/Form/Element/Multiselect.php | 18 ++++++--
.../App/Response/Header/XssProtection.php | 10 ++++-
.../Response/Header/XssProtectionTest.php | 45 +++++++++++++++++++
3 files changed, 67 insertions(+), 6 deletions(-)
create mode 100644 lib/internal/Magento/Framework/App/Test/Unit/Response/Header/XssProtectionTest.php
diff --git a/app/code/Magento/Ui/Component/Form/Element/Multiselect.php b/app/code/Magento/Ui/Component/Form/Element/Multiselect.php
index 0dbf0c180a0..93fd7f600e0 100644
--- a/app/code/Magento/Ui/Component/Form/Element/Multiselect.php
+++ b/app/code/Magento/Ui/Component/Form/Element/Multiselect.php
@@ -3,12 +3,22 @@
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
+
namespace Magento\Ui\Component\Form\Element;
-/**
- * Class Multiselect
- */
-class Multiselect extends Select
+class MultiSelect extends Select
{
const NAME = 'multiselect';
+
+ const DEFAULT_SIZE = 6;
+
+ /**
+ * @inheritDoc
+ */
+ public function prepare()
+ {
+ $config['size'] = self::DEFAULT_SIZE;
+ $this->setData('config', array_replace_recursive((array)$this->getData('config'), $config));
+ parent::prepare();
+ }
}
diff --git a/lib/internal/Magento/Framework/App/Response/Header/XssProtection.php b/lib/internal/Magento/Framework/App/Response/Header/XssProtection.php
index 06817457aac..8b30b1546f1 100644
--- a/lib/internal/Magento/Framework/App/Response/Header/XssProtection.php
+++ b/lib/internal/Magento/Framework/App/Response/Header/XssProtection.php
@@ -21,6 +21,10 @@ class XssProtection implements HeaderProviderInterface
*/
const IE_8_USER_AGENT = 'MSIE 8';
+ const HEADER_ENABLED = '1; mode=block';
+
+ const HEADER_DISABLED = '0';
+
/**
* @var Header
*/
@@ -38,6 +42,7 @@ class XssProtection implements HeaderProviderInterface
* Whether the header should be attached to the response
*
* @return bool
+ * @codeCoverageIgnore
*/
public function canApply()
{
@@ -48,6 +53,7 @@ class XssProtection implements HeaderProviderInterface
* Header name
*
* @return string
+ * @codeCoverageIgnore
*/
public function getName()
{
@@ -62,7 +68,7 @@ class XssProtection implements HeaderProviderInterface
public function getValue()
{
return strpos($this->headerService->getHttpUserAgent(), self::IE_8_USER_AGENT) === false
- ? '1; mode=block'
- : '0';
+ ? self::HEADER_ENABLED
+ : self::HEADER_DISABLED;
}
}
diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Response/Header/XssProtectionTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Response/Header/XssProtectionTest.php
new file mode 100644
index 00000000000..ce95be9268f
--- /dev/null
+++ b/lib/internal/Magento/Framework/App/Test/Unit/Response/Header/XssProtectionTest.php
@@ -0,0 +1,45 @@
+<?php
+use Magento\Framework\App\Response\Header\XssProtection;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
+
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+class XssProtectionTest extends PHPUnit_Framework_TestCase
+{
+ /**
+ * @dataProvider userAgentDataProvider
+ */
+ public function testGetValue($userAgent, $expectedHeader)
+ {
+ $headerServiceMock = $this->getMockBuilder('Magento\Framework\HTTP\Header')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $headerServiceMock->expects($this->once())->method('getHttpUserAgent')->willReturn($userAgent);
+ $model = (new ObjectManager($this))->getObject(
+ 'Magento\Framework\App\Response\Header\XssProtection',
+ ['headerService' => $headerServiceMock]
+ );
+ $this->assertSame($expectedHeader, $model->getValue());
+ }
+
+ public function userAgentDataProvider()
+ {
+ return [
+ [
+ 'user-agent' => 'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4)',
+ 'expected-header' => XssProtection::HEADER_DISABLED
+ ],
+ [
+ 'user-agent' => 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; GTB7.4)',
+ 'expected-header' => XssProtection::HEADER_ENABLED
+ ],
+ [
+ 'user-agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) Chrome/41.0.2227.1 Safari/537.36',
+ 'expected-header' => XssProtection::HEADER_ENABLED
+ ],
+ ];
+ }
+}
--
GitLab