From 51753e403fa69c0ce124ede27d300477e3e799ca Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Mon, 3 Dec 2018 00:34:53 +0100
Subject: namespacing: move HTTP utilities along \Shaarli\Http\ classes

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 tests/http/UrlUtils/WhitelistProtocolsTest.php | 63 ++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 tests/http/UrlUtils/WhitelistProtocolsTest.php

(limited to 'tests/http/UrlUtils/WhitelistProtocolsTest.php')

diff --git a/tests/http/UrlUtils/WhitelistProtocolsTest.php b/tests/http/UrlUtils/WhitelistProtocolsTest.php
new file mode 100644
index 00000000..69512dbd
--- /dev/null
+++ b/tests/http/UrlUtils/WhitelistProtocolsTest.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+/**
+ * Class WhitelistProtocolsTest
+ *
+ * Test whitelist_protocols() function of UrlUtils.
+ */
+class WhitelistProtocolsTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Test whitelist_protocols() on a note (relative URL).
+     */
+    public function testWhitelistProtocolsRelative()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = '?12443564';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = '/path.jpg';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() on a note (relative URL).
+     */
+    public function testWhitelistProtocolMissing()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'test.tld/path/?query=value#hash';
+        $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() with allowed protocols.
+     */
+    public function testWhitelistAllowedProtocol()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'http://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'https://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'ftp://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'magnet:test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() with allowed protocols.
+     */
+    public function testWhitelistDisallowedProtocol()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'javascript:alert("xss");';
+        $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
+        $url = 'other://test.tld/path/?query=value#hash';
+        $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
+    }
+}
-- 
cgit v1.2.3