Merge pull request #20030 from MauricioFauth/getNoCacheHeaders-clock-test

MauricioFauth · web-flow · commit 73de1b827ae4 · 2026-01-19T17:39:46.000-03:00
Test Core::getNoCacheHeaders() with a frozen clock
diff --git a/src/Core.php b/src/Core.php
@@ -4,6 +4,9 @@
 
 namespace PhpMyAdmin;
 
+use DateTimeImmutable;
+use DateTimeInterface;
+use DateTimeZone;
 use PhpMyAdmin\Error\ErrorHandler;
 use PhpMyAdmin\Exceptions\MissingExtensionException;
 use PhpMyAdmin\Http\ServerRequest;
@@ -18,7 +21,6 @@
 use function filter_var;
 use function function_exists;
 use function getenv;
-use function gmdate;
 use function hash_equals;
 use function hash_hmac;
 use function header;
@@ -45,7 +47,6 @@
 use function unserialize;
 use function urldecode;
 
-use const DATE_RFC1123;
 use const FILTER_VALIDATE_IP;
 
 /**
@@ -209,10 +210,10 @@ public static function getEnv(string $variableName): string
      *
      * @return array<string, string>
      */
-    public static function headerJSON(): array
+    public static function headerJSON(string $currentDateTime = 'now'): array
     {
         // No caching
-        $headers = self::getNoCacheHeaders();
+        $headers = self::getNoCacheHeaders($currentDateTime);
 
         // Media type
         $headers['Content-Type'] = 'application/json; charset=UTF-8';
@@ -227,13 +228,15 @@ public static function headerJSON(): array
     }
 
     /** @return array<string, string> */
-    public static function getNoCacheHeaders(): array
+    public static function getNoCacheHeaders(string $currentDateTime = 'now'): array
     {
         $headers = [];
-        $date = gmdate(DATE_RFC1123);
+        $formattedDateTime = (new DateTimeImmutable($currentDateTime))
+            ->setTimezone(new DateTimeZone('UTC'))
+            ->format(DateTimeInterface::RFC7231);
 
         // rfc2616 - Section 14.21
-        $headers['Expires'] = $date;
+        $headers['Expires'] = $formattedDateTime;
 
         // HTTP/1.1
         $headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0';
@@ -244,7 +247,7 @@ public static function getNoCacheHeaders(): array
         // test case: exporting a database into a .gz file with Safari
         // would produce files not having the current time
         // (added this header for Safari but should not harm other browsers)
-        $headers['Last-Modified'] = $date;
+        $headers['Last-Modified'] = $formattedDateTime;
 
         return $headers;
     }
@@ -253,21 +256,16 @@ public static function getNoCacheHeaders(): array
      * @param string $filename Filename to include in headers if empty, none Content-Disposition header will be sent.
      * @param string $mimetype MIME type to include in headers.
      * @param int    $length   Length of content (optional)
-     * @param bool   $noCache  Whether to include no-caching headers.
      *
      * @return array<string, string>
      */
     public static function getDownloadHeaders(
         string $filename,
         string $mimetype,
         int $length = 0,
-        bool $noCache = true,
+        string $currentDateTime = 'now',
     ): array {
-        $headers = [];
-
-        if ($noCache) {
-            $headers = self::getNoCacheHeaders();
-        }
+        $headers = self::getNoCacheHeaders($currentDateTime);
 
         /* Replace all possibly dangerous chars in filename */
         $filename = Sanitize::sanitizeFilename($filename);
@@ -293,15 +291,10 @@ public static function getDownloadHeaders(
      * @param string $filename Filename to include in headers if empty, none Content-Disposition header will be sent.
      * @param string $mimetype MIME type to include in headers.
      * @param int    $length   Length of content (optional)
-     * @param bool   $noCache  Whether to include no-caching headers.
      */
-    public static function downloadHeader(
-        string $filename,
-        string $mimetype,
-        int $length = 0,
-        bool $noCache = true,
-    ): void {
-        $headers = self::getDownloadHeaders($filename, $mimetype, $length, $noCache);
+    public static function downloadHeader(string $filename, string $mimetype, int $length = 0): void
+    {
+        $headers = self::getDownloadHeaders($filename, $mimetype, $length);
 
         // The default output in PMA uses gzip,
         // so if we want to output uncompressed file, we should reset the encoding.
diff --git a/src/Header.php b/src/Header.php
@@ -335,7 +335,7 @@ public function getMessage(): string
     }
 
     /** @return array<string, string> */
-    public function getHttpHeaders(): array
+    public function getHttpHeaders(string $currentDateTime = 'now'): array
     {
         $headers = [];
 
@@ -388,7 +388,7 @@ public function getHttpHeaders(): array
          */
         $headers['Permissions-Policy'] = 'fullscreen=(self), interest-cohort=()';
 
-        $headers = array_merge($headers, Core::getNoCacheHeaders());
+        $headers = array_merge($headers, Core::getNoCacheHeaders($currentDateTime));
 
         /**
          * A different Content-Type is set in {@see \PhpMyAdmin\Controllers\Transformation\WrapperController}.
diff --git a/tests/unit/CoreTest.php b/tests/unit/CoreTest.php
@@ -658,9 +658,13 @@ public static function providerForTestPopulateRequestWithEncryptedQueryParamsWit
 
     public function testGetDownloadHeaders(): void
     {
-        $headersList = Core::getDownloadHeaders('test.sql', 'text/x-sql', 100, false);
+        $headersList = Core::getDownloadHeaders('test.sql', 'text/x-sql', 100, '2015-10-21T05:28:00-02:00');
 
         $expected = [
+            'Expires' => 'Wed, 21 Oct 2015 07:28:00 GMT',
+            'Cache-Control' => 'no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0',
+            'Pragma' => 'no-cache',
+            'Last-Modified' => 'Wed, 21 Oct 2015 07:28:00 GMT',
             'Content-Description' => 'File Transfer',
             'Content-Disposition' => 'attachment; filename="test.sql"',
             'Content-Type' => 'text/x-sql',
@@ -672,9 +676,13 @@ public function testGetDownloadHeaders(): void
 
     public function testGetDownloadHeaders2(): void
     {
-        $headersList = Core::getDownloadHeaders('test.sql.gz', 'application/x-gzip', 0, false);
+        $headersList = Core::getDownloadHeaders('test.sql.gz', 'application/x-gzip', 0, '2015-10-21T05:28:00-02:00');
 
         $expected = [
+            'Expires' => 'Wed, 21 Oct 2015 07:28:00 GMT',
+            'Cache-Control' => 'no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0',
+            'Pragma' => 'no-cache',
+            'Last-Modified' => 'Wed, 21 Oct 2015 07:28:00 GMT',
             'Content-Description' => 'File Transfer',
             'Content-Disposition' => 'attachment; filename="test.sql.gz"',
             'Content-Type' => 'application/x-gzip',
@@ -702,4 +710,28 @@ public function testGetEnv(): void
 
         self::assertSame('', Core::getEnv('PHPMYADMIN_GET_ENV_TEST'));
     }
+
+    public function testGetNoCacheHeaders(): void
+    {
+        $expected = [
+            'Expires' => 'Wed, 21 Oct 2015 07:28:00 GMT',
+            'Cache-Control' => 'no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0',
+            'Pragma' => 'no-cache',
+            'Last-Modified' => 'Wed, 21 Oct 2015 07:28:00 GMT',
+        ];
+        self::assertSame($expected, Core::getNoCacheHeaders('2015-10-21T05:28:00-02:00'));
+    }
+
+    public function testHeaderJSON(): void
+    {
+        $expected = [
+            'Expires' => 'Wed, 21 Oct 2015 07:28:00 GMT',
+            'Cache-Control' => 'no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0',
+            'Pragma' => 'no-cache',
+            'Last-Modified' => 'Wed, 21 Oct 2015 07:28:00 GMT',
+            'Content-Type' => 'application/json; charset=UTF-8',
+            'X-Content-Type-Options' => 'nosniff',
+        ];
+        self::assertSame($expected, Core::headerJSON('2015-10-21T05:28:00-02:00'));
+    }
 }
diff --git a/tests/unit/HeaderTest.php b/tests/unit/HeaderTest.php
@@ -23,10 +23,6 @@
 use PHPUnit\Framework\Attributes\Medium;
 use ReflectionProperty;
 
-use function gmdate;
-
-use const DATE_RFC1123;
-
 #[CoversClass(Header::class)]
 #[Medium]
 class HeaderTest extends AbstractTestCase
@@ -193,7 +189,6 @@ public function testGetHttpHeaders(
         string $expectedWebKitCsp,
     ): void {
         $header = $this->getNewHeaderInstance();
-        $date = gmdate(DATE_RFC1123);
 
         $config = Config::getInstance();
         $config->set('AllowThirdPartyFraming', $frameOptions);
@@ -203,7 +198,7 @@ public function testGetHttpHeaders(
         $config->set('CaptchaCsp', $captchaCsp);
 
         $expected = [
-            'X-Frame-Options' => $expectedFrameOptions,
+            'X-Frame-Options' => $expectedFrameOptions ?? '',
             'Referrer-Policy' => 'same-origin',
             'Content-Security-Policy' => $expectedCsp,
             'X-Content-Security-Policy' => $expectedXCsp,
@@ -213,18 +208,17 @@ public function testGetHttpHeaders(
             'X-Permitted-Cross-Domain-Policies' => 'none',
             'X-Robots-Tag' => 'noindex, nofollow',
             'Permissions-Policy' => 'fullscreen=(self), interest-cohort=()',
-            'Expires' => $date,
+            'Expires' => 'Wed, 21 Oct 2015 07:28:00 GMT',
             'Cache-Control' => 'no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0',
             'Pragma' => 'no-cache',
-            'Last-Modified' => $date,
+            'Last-Modified' => 'Wed, 21 Oct 2015 07:28:00 GMT',
             'Content-Type' => 'text/html; charset=utf-8',
         ];
         if ($expectedFrameOptions === null) {
             unset($expected['X-Frame-Options']);
         }
 
-        $headers = $this->callFunction($header, Header::class, 'getHttpHeaders', []);
-        self::assertSame($expected, $headers);
+        self::assertSame($expected, $header->getHttpHeaders('2015-10-21T05:28:00-02:00'));
     }
 
     /** @return mixed[][] */

Original file line number	Diff line number	Diff line change
`@@ -335,7 +335,7 @@ public function getMessage(): string`
`335`	`335`	`}`
`336`	`336`
`337`	`337`	`/** @return array<string, string> */`
`338`		`- public function getHttpHeaders(): array`
	`338`	`+ public function getHttpHeaders(string $currentDateTime = 'now'): array`
`339`	`339`	`{`
`340`	`340`	`$headers = [];`
`341`	`341`
`@@ -388,7 +388,7 @@ public function getHttpHeaders(): array`
`388`	`388`	`*/`
`389`	`389`	`$headers['Permissions-Policy'] = 'fullscreen=(self), interest-cohort=()';`
`390`	`390`
`391`		`- $headers = array_merge($headers, Core::getNoCacheHeaders());`
	`391`	`+ $headers = array_merge($headers, Core::getNoCacheHeaders($currentDateTime));`
`392`	`392`
`393`	`393`	`/**`
`394`	`394`	`* A different Content-Type is set in {@see \PhpMyAdmin\Controllers\Transformation\WrapperController}.`