From eba0325debd305a843ff45cf723450f7ea3a1c43 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Fri, 29 May 2026 17:15:51 -0700 Subject: [PATCH 1/2] fix(test): align OrderBySessionHardeningTest with shipped get_order_string #7098 reworked get_order_string() to the cacti_build_sort_fragment design but left this test asserting the earlier implode($order_parts) shape, so it failed on the 1.2.x tip. Assert the helpers the function actually uses. Signed-off-by: Thomas Vincent --- tests/Unit/OrderBySessionHardeningTest.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/Unit/OrderBySessionHardeningTest.php b/tests/Unit/OrderBySessionHardeningTest.php index d40d54bc42..680b74f382 100644 --- a/tests/Unit/OrderBySessionHardeningTest.php +++ b/tests/Unit/OrderBySessionHardeningTest.php @@ -14,11 +14,12 @@ expect($htmlUtilitySource)->toContain('cacti_build_sort_fragment($column, $direction)'); }); -test('get_order_string rebuilds ORDER BY from validated session sort_data', function () use ($htmlUtilitySource) { +test('get_order_string hardens the sort column via normalize and build_sort_fragment', function () use ($htmlUtilitySource) { $start = strpos($htmlUtilitySource, 'function get_order_string()'); expect($start)->not->toBeFalse(); $body = substr($htmlUtilitySource, $start, 1800); - expect($body)->toContain("if (isset(\$_SESSION['sort_data'][\$page]) && is_array(\$_SESSION['sort_data'][\$page]))"); - expect($body)->toContain("\$_SESSION['sort_string'][\$page] = 'ORDER BY ' . implode(', ', \$order_parts);"); + expect($body)->toContain("cacti_normalize_sort_column(get_nfilter_request_var('sort_column'))"); + expect($body)->toContain('cacti_build_sort_fragment($sort_column, $sort_dir)'); + expect($body)->toContain('validate_sort_column($request_column, $page)'); }); From 29de1ad1b086e7ef09802293144ce9515f5da197 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Sat, 30 May 2026 10:57:35 -0700 Subject: [PATCH 2/2] fix(test): slice get_order_string body to next function boundary Drop the fixed 1800-byte substr window so the assertions do not break if the function grows, and rename the test to reflect the validate_sort_column check it enforces. Signed-off-by: Thomas Vincent --- tests/Unit/OrderBySessionHardeningTest.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/Unit/OrderBySessionHardeningTest.php b/tests/Unit/OrderBySessionHardeningTest.php index 680b74f382..a6ddf38922 100644 --- a/tests/Unit/OrderBySessionHardeningTest.php +++ b/tests/Unit/OrderBySessionHardeningTest.php @@ -14,11 +14,12 @@ expect($htmlUtilitySource)->toContain('cacti_build_sort_fragment($column, $direction)'); }); -test('get_order_string hardens the sort column via normalize and build_sort_fragment', function () use ($htmlUtilitySource) { +test('get_order_string normalizes, validates and builds the sort fragment', function () use ($htmlUtilitySource) { $start = strpos($htmlUtilitySource, 'function get_order_string()'); expect($start)->not->toBeFalse(); - $body = substr($htmlUtilitySource, $start, 1800); + $next = strpos($htmlUtilitySource, "\nfunction ", $start + 1); + $body = $next === false ? substr($htmlUtilitySource, $start) : substr($htmlUtilitySource, $start, $next - $start); expect($body)->toContain("cacti_normalize_sort_column(get_nfilter_request_var('sort_column'))"); expect($body)->toContain('cacti_build_sort_fragment($sort_column, $sort_dir)'); expect($body)->toContain('validate_sort_column($request_column, $page)');