diff -r 07239de796bb -r e756a8c72c3d cms/drupal/modules/simpletest/tests/xmlrpc.test
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cms/drupal/modules/simpletest/tests/xmlrpc.test	Fri Sep 08 12:04:06 2017 +0200
@@ -0,0 +1,283 @@
+<?php
+
+/**
+ * Perform basic XML-RPC tests that do not require addition callbacks.
+ */
+class XMLRPCBasicTestCase extends DrupalWebTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name'  => 'XML-RPC basic',
+      'description'  => 'Perform basic XML-RPC tests that do not require additional callbacks.',
+      'group' => 'XML-RPC',
+    );
+  }
+
+  /**
+   * Ensure that a basic XML-RPC call with no parameters works.
+   */
+  protected function testListMethods() {
+    // Minimum list of methods that should be included.
+    $minimum = array(
+      'system.multicall',
+      'system.methodSignature',
+      'system.getCapabilities',
+      'system.listMethods',
+      'system.methodHelp',
+    );
+
+    // Invoke XML-RPC call to get list of methods.
+    $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php';
+    $methods = xmlrpc($url, array('system.listMethods' => array()));
+
+    // Ensure that the minimum methods were found.
+    $count = 0;
+    foreach ($methods as $method) {
+      if (in_array($method, $minimum)) {
+        $count++;
+      }
+    }
+
+    $this->assertEqual($count, count($minimum), 'system.listMethods returned at least the minimum listing');
+  }
+
+  /**
+   * Ensure that system.methodSignature returns an array of signatures.
+   */
+  protected function testMethodSignature() {
+    $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php';
+    $signature = xmlrpc($url, array('system.methodSignature' => array('system.listMethods')));
+    $this->assert(is_array($signature) && !empty($signature) && is_array($signature[0]),
+      'system.methodSignature returns an array of signature arrays.');
+  }
+
+  /**
+   * Ensure that XML-RPC correctly handles invalid messages when parsing.
+   */
+  protected function testInvalidMessageParsing() {
+    $invalid_messages = array(
+      array(
+        'message' => xmlrpc_message(''),
+        'assertion' => 'Empty message correctly rejected during parsing.',
+      ),
+      array(
+        'message' => xmlrpc_message('<?xml version="1.0" encoding="ISO-8859-1"?>'),
+        'assertion' => 'Empty message with XML declaration correctly rejected during parsing.',
+      ),
+      array(
+        'message' => xmlrpc_message('<?xml version="1.0"?><params><param><value><string>value</string></value></param></params>'),
+        'assertion' => 'Non-empty message without a valid message type is rejected during parsing.',
+      ),
+      array(
+        'message' => xmlrpc_message('<methodResponse><params><param><value><string>value</string></value></param></methodResponse>'),
+        'assertion' => 'Non-empty malformed message is rejected during parsing.',
+      ),
+    );
+
+    foreach ($invalid_messages as $assertion) {
+      $this->assertFalse(xmlrpc_message_parse($assertion['message']), $assertion['assertion']);
+    }
+  }
+}
+
+class XMLRPCValidator1IncTestCase extends DrupalWebTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => 'XML-RPC validator',
+      'description' => 'See <a href="http://www.xmlrpc.com/validator1Docs">the xmlrpc validator1 specification</a>.',
+      'group' => 'XML-RPC',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('xmlrpc_test');
+  }
+
+  /**
+   * Run validator1 tests.
+   */
+  function testValidator1() {
+    $xml_url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php';
+    srand();
+    mt_srand();
+
+    $array_1 = array(array('curly' => mt_rand(-100, 100)),
+                  array('curly' => mt_rand(-100, 100)),
+                  array('larry' => mt_rand(-100, 100)),
+                  array('larry' => mt_rand(-100, 100)),
+                  array('moe' => mt_rand(-100, 100)),
+                  array('moe' => mt_rand(-100, 100)),
+                  array('larry' => mt_rand(-100, 100)));
+    shuffle($array_1);
+    $l_res_1 = xmlrpc_test_arrayOfStructsTest($array_1);
+    $r_res_1 = xmlrpc($xml_url, array('validator1.arrayOfStructsTest' => array($array_1)));
+    $this->assertIdentical($l_res_1, $r_res_1);
+
+    $string_2 = 't\'&>>zf"md>yr>xlcev<h<"k&j<og"w&&>">>uai"np&s>>q\'&b<>"&&&';
+    $l_res_2 = xmlrpc_test_countTheEntities($string_2);
+    $r_res_2 = xmlrpc($xml_url, array('validator1.countTheEntities' => array($string_2)));
+    $this->assertIdentical($l_res_2, $r_res_2);
+
+    $struct_3 = array('moe' => mt_rand(-100, 100), 'larry' => mt_rand(-100, 100), 'curly' => mt_rand(-100, 100), 'homer' => mt_rand(-100, 100));
+    $l_res_3 = xmlrpc_test_easyStructTest($struct_3);
+    $r_res_3 = xmlrpc($xml_url, array('validator1.easyStructTest' => array($struct_3)));
+    $this->assertIdentical($l_res_3, $r_res_3);
+
+    $struct_4 = array('sub1' => array('bar' => 13),
+                    'sub2' => 14,
+                    'sub3' => array('foo' => 1, 'baz' => 2),
+                    'sub4' => array('ss' => array('sss' => array('ssss' => 'sssss'))));
+    $l_res_4 = xmlrpc_test_echoStructTest($struct_4);
+    $r_res_4 = xmlrpc($xml_url, array('validator1.echoStructTest' => array($struct_4)));
+    $this->assertIdentical($l_res_4, $r_res_4);
+
+    $int_5     = mt_rand(-100, 100);
+    $bool_5    = (($int_5 % 2) == 0);
+    $string_5  = $this->randomName();
+    $double_5  = (double)(mt_rand(-1000, 1000) / 100);
+    $time_5    = REQUEST_TIME;
+    $base64_5  = $this->randomName(100);
+    $l_res_5 = xmlrpc_test_manyTypesTest($int_5, $bool_5, $string_5, $double_5, xmlrpc_date($time_5), $base64_5);
+    // See http://drupal.org/node/37766 why this currently fails
+    $l_res_5[5] = $l_res_5[5]->data;
+    $r_res_5 = xmlrpc($xml_url, array('validator1.manyTypesTest' => array($int_5, $bool_5, $string_5, $double_5, xmlrpc_date($time_5), xmlrpc_base64($base64_5))));
+    // @todo Contains objects, objects are not equal.
+    $this->assertEqual($l_res_5, $r_res_5);
+
+    $size = mt_rand(100, 200);
+    $array_6 = array();
+    for ($i = 0; $i < $size; $i++) {
+      $array_6[] = $this->randomName(mt_rand(8, 12));
+    }
+
+    $l_res_6 = xmlrpc_test_moderateSizeArrayCheck($array_6);
+    $r_res_6 = xmlrpc($xml_url, array('validator1.moderateSizeArrayCheck' => array($array_6)));
+    $this->assertIdentical($l_res_6, $r_res_6);
+
+    $struct_7 = array();
+    for ($y = 2000; $y < 2002; $y++) {
+      for ($m = 3; $m < 5; $m++) {
+        for ($d = 1; $d < 6; $d++) {
+          $ys = (string) $y;
+          $ms = sprintf('%02d', $m);
+          $ds = sprintf('%02d', $d);
+          $struct_7[$ys][$ms][$ds]['moe']   = mt_rand(-100, 100);
+          $struct_7[$ys][$ms][$ds]['larry'] = mt_rand(-100, 100);
+          $struct_7[$ys][$ms][$ds]['curly'] = mt_rand(-100, 100);
+        }
+      }
+    }
+    $l_res_7 = xmlrpc_test_nestedStructTest($struct_7);
+    $r_res_7 = xmlrpc($xml_url, array('validator1.nestedStructTest' => array($struct_7)));
+    $this->assertIdentical($l_res_7, $r_res_7);
+
+
+    $int_8 = mt_rand(-100, 100);
+    $l_res_8 = xmlrpc_test_simpleStructReturnTest($int_8);
+    $r_res_8 = xmlrpc($xml_url, array('validator1.simpleStructReturnTest' => array($int_8)));
+    $this->assertIdentical($l_res_8, $r_res_8);
+
+    /* Now test multicall */
+    $x = array();
+    $x['validator1.arrayOfStructsTest'] = array($array_1);
+    $x['validator1.countTheEntities'] = array($string_2);
+    $x['validator1.easyStructTest'] = array($struct_3);
+    $x['validator1.echoStructTest'] = array($struct_4);
+    $x['validator1.manyTypesTest'] = array($int_5, $bool_5, $string_5, $double_5, xmlrpc_date($time_5), xmlrpc_base64($base64_5));
+    $x['validator1.moderateSizeArrayCheck'] = array($array_6);
+    $x['validator1.nestedStructTest'] = array($struct_7);
+    $x['validator1.simpleStructReturnTest'] = array($int_8);
+
+    $a_l_res = array($l_res_1, $l_res_2, $l_res_3, $l_res_4, $l_res_5, $l_res_6, $l_res_7, $l_res_8);
+    $a_r_res = xmlrpc($xml_url, $x);
+    $this->assertEqual($a_l_res, $a_r_res);
+  }
+}
+
+class XMLRPCMessagesTestCase extends DrupalWebTestCase {
+  public static function getInfo() {
+    return array(
+      'name'  => 'XML-RPC message and alteration',
+      'description' => 'Test large messages and method alterations.',
+      'group' => 'XML-RPC',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('xmlrpc_test');
+  }
+
+  /**
+   * Make sure that XML-RPC can transfer large messages.
+   */
+  function testSizedMessages() {
+    // These tests can produce up to 128 x 160 words in the XML-RPC message
+    // (see xmlrpc_test_message_sized_in_kb()) with 4 tags used to represent
+    // each. Set a large enough tag limit to allow this to be tested.
+    variable_set('xmlrpc_message_maximum_tag_count', 100000);
+
+    $xml_url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php';
+    $sizes = array(8, 80, 160);
+    foreach ($sizes as $size) {
+      $xml_message_l = xmlrpc_test_message_sized_in_kb($size);
+      $xml_message_r = xmlrpc($xml_url, array('messages.messageSizedInKB' => array($size)));
+
+      $this->assertEqual($xml_message_l, $xml_message_r, format_string('XML-RPC messages.messageSizedInKB of %s Kb size received', array('%s' => $size)));
+    }
+  }
+
+  /**
+   * Ensure that hook_xmlrpc_alter() can hide even builtin methods.
+   */
+  protected function testAlterListMethods() {
+
+    // Ensure xmlrpc_test_xmlrpc_alter() is disabled and retrieve regular list of methods.
+    variable_set('xmlrpc_test_xmlrpc_alter', FALSE);
+    $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php';
+    $methods1 = xmlrpc($url, array('system.listMethods' => array()));
+
+    // Enable the alter hook and retrieve the list of methods again.
+    variable_set('xmlrpc_test_xmlrpc_alter', TRUE);
+    $methods2 = xmlrpc($url, array('system.listMethods' => array()));
+
+    $diff = array_diff($methods1, $methods2);
+    $this->assertTrue(is_array($diff) && !empty($diff), 'Method list is altered by hook_xmlrpc_alter');
+    $removed = reset($diff);
+    $this->assertEqual($removed, 'system.methodSignature', 'Hiding builting system.methodSignature with hook_xmlrpc_alter works');
+  }
+
+  /**
+   * Test limits on system.multicall that can prevent brute-force attacks.
+   */
+  function testMulticallLimit() {
+    $url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php';
+    $multicall_args = array();
+    $num_method_calls = 10;
+    for ($i = 0; $i < $num_method_calls; $i++) {
+      $struct = array('i' => $i);
+      $multicall_args[] = array('methodName' => 'validator1.echoStructTest', 'params' => array($struct));
+    }
+    // Test limits of 1, 5, 9, 13.
+    for ($limit = 1; $limit < $num_method_calls + 4; $limit += 4) {
+      variable_set('xmlrpc_multicall_duplicate_method_limit', $limit);
+      $results = xmlrpc($url, array('system.multicall' => array($multicall_args)));
+      $this->assertEqual($num_method_calls, count($results));
+      for ($i = 0; $i < min($limit, $num_method_calls); $i++) {
+        $x = array_shift($results);
+        $this->assertTrue(empty($x->is_error), "Result $i is not an error");
+        $this->assertEqual($multicall_args[$i]['params'][0], $x);
+      }
+      for (; $i < $num_method_calls; $i++) {
+        $x = array_shift($results);
+        $this->assertFalse(empty($x->is_error), "Result $i is an error");
+        $this->assertEqual(-156579, $x->code);
+      }
+    }
+    variable_set('xmlrpc_multicall_duplicate_method_limit', -1);
+    $results = xmlrpc($url, array('system.multicall' => array($multicall_args)));
+    $this->assertEqual($num_method_calls, count($results));
+    foreach ($results as $i => $x) {
+      $this->assertTrue(empty($x->is_error), "Result $i is not an error");
+    }
+  }
+}