[github/shaarli/Shaarli.git] / tests / http / UrlUtils / WhitelistProtocolsTest.php

<?php

namespace Shaarli\Http;

require_once 'application/http/UrlUtils.php';

/**
 * Class WhitelistProtocolsTest
 *
 * Test whitelist_protocols() function of UrlUtils.
 */
class WhitelistProtocolsTest extends \PHPUnit\Framework\TestCase
{
    /**
     * Test whitelist_protocols() on a note (relative URL).
     */
    public function testWhitelistProtocolsRelative()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = '?12443564';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = '/path.jpg';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    }

    /**
     * Test whitelist_protocols() on a note (relative URL).
     */
    public function testWhitelistProtocolMissing()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = 'test.tld/path/?query=value#hash';
        $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist));
    }

    /**
     * Test whitelist_protocols() with allowed protocols.
     */
    public function testWhitelistAllowedProtocol()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = 'http://test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = 'https://test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = 'ftp://test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = 'magnet:test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    }

    /**
     * Test whitelist_protocols() with allowed protocols.
     */
    public function testWhitelistDisallowedProtocol()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = 'javascript:alert("xss");';
        $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
        $url = 'other://test.tld/path/?query=value#hash';
        $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
    }
}
Commit	Line	Data
86ceea05 A	1	<?php
86ceea05 A	2
51753e40	3	namespace Shaarli\Http;
86ceea05	4
51753e40	5	require_once 'application/http/UrlUtils.php';
86ceea05 A	6
	7	/**
	8	* Class WhitelistProtocolsTest
	9	*
51753e40	10	* Test whitelist_protocols() function of UrlUtils.
86ceea05	11	*/
51753e40	12	class WhitelistProtocolsTest extends \PHPUnit\Framework\TestCase
86ceea05 A	13	{
	14	/**
	15	* Test whitelist_protocols() on a note (relative URL).
	16	*/
	17	public function testWhitelistProtocolsRelative()
	18	{
	19	$whitelist = ['ftp', 'magnet'];
	20	$url = '?12443564';
	21	$this->assertEquals($url, whitelist_protocols($url, $whitelist));
	22	$url = '/path.jpg';
	23	$this->assertEquals($url, whitelist_protocols($url, $whitelist));
	24	}
	25
	26	/**
	27	* Test whitelist_protocols() on a note (relative URL).
	28	*/
	29	public function testWhitelistProtocolMissing()
	30	{
	31	$whitelist = ['ftp', 'magnet'];
	32	$url = 'test.tld/path/?query=value#hash';
	33	$this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist));
	34	}
	35
	36	/**
	37	* Test whitelist_protocols() with allowed protocols.
	38	*/
	39	public function testWhitelistAllowedProtocol()
	40	{
	41	$whitelist = ['ftp', 'magnet'];
	42	$url = 'http://test.tld/path/?query=value#hash';
	43	$this->assertEquals($url, whitelist_protocols($url, $whitelist));
	44	$url = 'https://test.tld/path/?query=value#hash';
	45	$this->assertEquals($url, whitelist_protocols($url, $whitelist));
	46	$url = 'ftp://test.tld/path/?query=value#hash';
	47	$this->assertEquals($url, whitelist_protocols($url, $whitelist));
	48	$url = 'magnet:test.tld/path/?query=value#hash';
	49	$this->assertEquals($url, whitelist_protocols($url, $whitelist));
	50	}
	51
	52	/**
	53	* Test whitelist_protocols() with allowed protocols.
	54	*/
	55	public function testWhitelistDisallowedProtocol()
	56	{
	57	$whitelist = ['ftp', 'magnet'];
	58	$url = 'javascript:alert("xss");';
	59	$this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
	60	$url = 'other://test.tld/path/?query=value#hash';
	61	$this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
	62	}
	63	}