@@ -31,22 +31,40 @@ protected function setUp(): void
3131 $ this config = new \Config \Filters ();
3232 }
3333
34- public function testNormal ()
34+ public function testDoNotCheckCliRequest ()
3535 {
3636 $ this config ->globals = [
3737 'before ' => ['csrf ' ],
3838 'after ' => [],
3939 ];
4040
41- $ this request = Services::request (null , false );
41+ $ this request = Services::clirequest (null , false );
4242 $ this response = Services::response ();
4343
4444 $ filtersnew Filters ($ this config , $ this request , $ this response );
4545 $ uri'admin/foo/bar ' ;
4646
47- // we expect CSRF requests to be ignored in CLI
48- $ expected$ this request ;
49- $ request$ filtersrun ($ uri'before ' );
50- $ this assertSame ($ expected$ request
47+ $ request$ filtersrun ($ uri'before ' );
48+
49+ $ this assertSame ($ this request , $ request
50+ }
51+
52+ public function testPassGetRequest ()
53+ {
54+ $ this config ->globals = [
55+ 'before ' => ['csrf ' ],
56+ 'after ' => [],
57+ ];
58+
59+ $ this request = Services::incomingrequest (null , false );
60+ $ this response = Services::response ();
61+
62+ $ filtersnew Filters ($ this config , $ this request , $ this response );
63+ $ uri'admin/foo/bar ' ;
64+
65+ $ request$ filtersrun ($ uri'before ' );
66+
67+ // GET request is not protected, so no SecurityException will be thrown.
68+ $ this assertSame ($ this request , $ request
5169 }
5270}
0 commit comments