Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11304

check_form_key breaks in tests when form is submitted in the same second it is retrieved

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.11
    • Fix Version/s: 3.0.12-RC1
    • Component/s: None
    • Labels:
      None

      Description

      I have a test case with two tests that each changes an acp knobs. This test case tends to have one failing test on most invocations, but sometimes it succeeds. I don't think both tests ever failed.

      Eventually I managed to get both tests to succeed by adding a sleep(2) call between form retrieval and submission.

      Examining check_form_key code I found the following:

      // If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...

      Well, right it is, but it's a legitimate use case now.

      I'm guessing phpbb functional tests run too slowly to trigger this behavior, or maybe it is responsible for some or all of the intermittent file upload test failures.

      So, the bug is that a form that checks form key cannot be submitted in the same second it was retrieved from the server.

        Attachments

          Activity

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              Oleg Oleg [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: