]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | ||
3 | namespace Shaarli\Http; | |
4 | ||
5 | require_once 'application/http/UrlUtils.php'; | |
6 | ||
7 | /** | |
8 | * Class WhitelistProtocolsTest | |
9 | * | |
10 | * Test whitelist_protocols() function of UrlUtils. | |
11 | */ | |
12 | class WhitelistProtocolsTest extends \Shaarli\TestCase | |
13 | { | |
14 | /** | |
15 | * Test whitelist_protocols() on a note (relative URL). | |
16 | */ | |
17 | public function testWhitelistProtocolsRelative() | |
18 | { | |
19 | $whitelist = ['ftp', 'magnet']; | |
20 | $url = '?12443564'; | |
21 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | |
22 | $url = '/path.jpg'; | |
23 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | |
24 | } | |
25 | ||
26 | /** | |
27 | * Test whitelist_protocols() on a note (relative URL). | |
28 | */ | |
29 | public function testWhitelistProtocolMissing() | |
30 | { | |
31 | $whitelist = ['ftp', 'magnet']; | |
32 | $url = 'test.tld/path/?query=value#hash'; | |
33 | $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist)); | |
34 | } | |
35 | ||
36 | /** | |
37 | * Test whitelist_protocols() with allowed protocols. | |
38 | */ | |
39 | public function testWhitelistAllowedProtocol() | |
40 | { | |
41 | $whitelist = ['ftp', 'magnet']; | |
42 | $url = 'http://test.tld/path/?query=value#hash'; | |
43 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | |
44 | $url = 'https://test.tld/path/?query=value#hash'; | |
45 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | |
46 | $url = 'ftp://test.tld/path/?query=value#hash'; | |
47 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | |
48 | $url = 'magnet:test.tld/path/?query=value#hash'; | |
49 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | |
50 | } | |
51 | ||
52 | /** | |
53 | * Test whitelist_protocols() with allowed protocols. | |
54 | */ | |
55 | public function testWhitelistDisallowedProtocol() | |
56 | { | |
57 | $whitelist = ['ftp', 'magnet']; | |
58 | $url = 'javascript:alert("xss");'; | |
59 | $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist)); | |
60 | $url = 'other://test.tld/path/?query=value#hash'; | |
61 | $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist)); | |
62 | } | |
63 | } |