From 51753e403fa69c0ce124ede27d300477e3e799ca Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Mon, 3 Dec 2018 00:34:53 +0100
Subject: namespacing: move HTTP utilities along \Shaarli\Http\ classes

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 tests/http/HttpUtils/ClientIpIdTest.php           |  54 ++++++
 tests/http/HttpUtils/GetHttpUrlTest.php           |  67 +++++++
 tests/http/HttpUtils/GetIpAdressFromProxyTest.php |  61 ++++++
 tests/http/HttpUtils/IndexUrlTest.php             |  74 +++++++
 tests/http/HttpUtils/IsHttpsTest.php              |  39 ++++
 tests/http/HttpUtils/PageUrlTest.php              |  78 ++++++++
 tests/http/HttpUtils/ServerUrlTest.php            | 223 ++++++++++++++++++++++
 tests/http/UrlTest.php                            |   2 +-
 tests/http/UrlUtils/CleanupUrlTest.php            | 111 +++++++++++
 tests/http/UrlUtils/GetUrlSchemeTest.php          |  32 ++++
 tests/http/UrlUtils/UnparseUrlTest.php            |  32 ++++
 tests/http/UrlUtils/WhitelistProtocolsTest.php    |  63 ++++++
 12 files changed, 835 insertions(+), 1 deletion(-)
 create mode 100644 tests/http/HttpUtils/ClientIpIdTest.php
 create mode 100644 tests/http/HttpUtils/GetHttpUrlTest.php
 create mode 100644 tests/http/HttpUtils/GetIpAdressFromProxyTest.php
 create mode 100644 tests/http/HttpUtils/IndexUrlTest.php
 create mode 100644 tests/http/HttpUtils/IsHttpsTest.php
 create mode 100644 tests/http/HttpUtils/PageUrlTest.php
 create mode 100644 tests/http/HttpUtils/ServerUrlTest.php
 create mode 100644 tests/http/UrlUtils/CleanupUrlTest.php
 create mode 100644 tests/http/UrlUtils/GetUrlSchemeTest.php
 create mode 100644 tests/http/UrlUtils/UnparseUrlTest.php
 create mode 100644 tests/http/UrlUtils/WhitelistProtocolsTest.php

(limited to 'tests/http')

diff --git a/tests/http/HttpUtils/ClientIpIdTest.php b/tests/http/HttpUtils/ClientIpIdTest.php
new file mode 100644
index 00000000..982e57e0
--- /dev/null
+++ b/tests/http/HttpUtils/ClientIpIdTest.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * HttpUtils' tests
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/HttpUtils.php';
+
+/**
+ * Unitary tests for client_ip_id()
+ */
+class ClientIpIdTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Get a remote client ID based on its IP
+     */
+    public function testClientIpIdRemote()
+    {
+        $this->assertEquals(
+            '10.1.167.42',
+            client_ip_id(['REMOTE_ADDR' => '10.1.167.42'])
+        );
+    }
+
+    /**
+     * Get a remote client ID based on its IP and proxy information (1)
+     */
+    public function testClientIpIdRemoteForwarded()
+    {
+        $this->assertEquals(
+            '10.1.167.42_127.0.1.47',
+            client_ip_id([
+                'REMOTE_ADDR' => '10.1.167.42',
+                'HTTP_X_FORWARDED_FOR' => '127.0.1.47'
+            ])
+        );
+    }
+
+    /**
+     * Get a remote client ID based on its IP and proxy information (2)
+     */
+    public function testClientIpIdRemoteForwardedClient()
+    {
+        $this->assertEquals(
+            '10.1.167.42_10.1.167.56_127.0.1.47',
+            client_ip_id([
+                'REMOTE_ADDR' => '10.1.167.42',
+                'HTTP_X_FORWARDED_FOR' => '10.1.167.56',
+                'HTTP_CLIENT_IP' => '127.0.1.47'
+            ])
+        );
+    }
+}
diff --git a/tests/http/HttpUtils/GetHttpUrlTest.php b/tests/http/HttpUtils/GetHttpUrlTest.php
new file mode 100644
index 00000000..3dc5bc9b
--- /dev/null
+++ b/tests/http/HttpUtils/GetHttpUrlTest.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * HttpUtils' tests
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/HttpUtils.php';
+
+/**
+ * Unitary tests for get_http_response()
+ */
+class GetHttpUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Get an invalid local URL
+     */
+    public function testGetInvalidLocalUrl()
+    {
+        // Local
+        list($headers, $content) = get_http_response('/non/existent', 1);
+        $this->assertEquals('Invalid HTTP UrlUtils', $headers[0]);
+        $this->assertFalse($content);
+
+        // Non HTTP
+        list($headers, $content) = get_http_response('ftp://save.tld/mysave', 1);
+        $this->assertEquals('Invalid HTTP UrlUtils', $headers[0]);
+        $this->assertFalse($content);
+    }
+
+    /**
+     * Get an invalid remote URL
+     */
+    public function testGetInvalidRemoteUrl()
+    {
+        list($headers, $content) = @get_http_response('http://non.existent', 1);
+        $this->assertFalse($headers);
+        $this->assertFalse($content);
+    }
+
+    /**
+     * Test getAbsoluteUrl with relative target URL.
+     */
+    public function testGetAbsoluteUrlWithRelative()
+    {
+        $origin = 'http://non.existent/blabla/?test';
+        $target = '/stuff.php';
+
+        $expected = 'http://non.existent/stuff.php';
+        $this->assertEquals($expected, getAbsoluteUrl($origin, $target));
+
+        $target = 'stuff.php';
+        $expected = 'http://non.existent/blabla/stuff.php';
+        $this->assertEquals($expected, getAbsoluteUrl($origin, $target));
+    }
+
+    /**
+     * Test getAbsoluteUrl with absolute target URL.
+     */
+    public function testGetAbsoluteUrlWithAbsolute()
+    {
+        $origin = 'http://non.existent/blabla/?test';
+        $target = 'http://other.url/stuff.php';
+
+        $this->assertEquals($target, getAbsoluteUrl($origin, $target));
+    }
+}
diff --git a/tests/http/HttpUtils/GetIpAdressFromProxyTest.php b/tests/http/HttpUtils/GetIpAdressFromProxyTest.php
new file mode 100644
index 00000000..fe3a639e
--- /dev/null
+++ b/tests/http/HttpUtils/GetIpAdressFromProxyTest.php
@@ -0,0 +1,61 @@
+<?php
+
+namespace Shaarli\Http;
+
+require_once 'application/http/HttpUtils.php';
+
+/**
+ * Unitary tests for getIpAddressFromProxy()
+ */
+class GetIpAdressFromProxyTest extends \PHPUnit\Framework\TestCase
+{
+
+    /**
+     * Test without proxy
+     */
+    public function testWithoutProxy()
+    {
+        $this->assertFalse(getIpAddressFromProxy(array(), array()));
+    }
+
+    /**
+     * Test with a single IP in proxy header.
+     */
+    public function testWithOneForwardedIp()
+    {
+        $ip = '1.1.1.1';
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip);
+        $this->assertEquals($ip, getIpAddressFromProxy($server, array()));
+    }
+
+    /**
+     * Test with a multiple IPs in proxy header.
+     */
+    public function testWithMultipleForwardedIp()
+    {
+        $ip = '1.1.1.1';
+        $ip2 = '2.2.2.2';
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2);
+        $this->assertEquals($ip2, getIpAddressFromProxy($server, array()));
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip .' ,   '. $ip2);
+        $this->assertEquals($ip2, getIpAddressFromProxy($server, array()));
+    }
+
+    /**
+     * Test with a trusted IP address.
+     */
+    public function testWithTrustedIp()
+    {
+        $ip = '1.1.1.1';
+        $ip2 = '2.2.2.2';
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip);
+        $this->assertFalse(getIpAddressFromProxy($server, array($ip)));
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2);
+        $this->assertEquals($ip2, getIpAddressFromProxy($server, array($ip)));
+        $this->assertFalse(getIpAddressFromProxy($server, array($ip, $ip2)));
+    }
+}
diff --git a/tests/http/HttpUtils/IndexUrlTest.php b/tests/http/HttpUtils/IndexUrlTest.php
new file mode 100644
index 00000000..bcbe59cb
--- /dev/null
+++ b/tests/http/HttpUtils/IndexUrlTest.php
@@ -0,0 +1,74 @@
+<?php
+/**
+ * HttpUtils' tests
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/HttpUtils.php';
+
+/**
+ * Unitary tests for index_url()
+ */
+class IndexUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * If on the main page, remove "index.php" from the URL resource
+     */
+    public function testRemoveIndex()
+    {
+        $this->assertEquals(
+            'http://host.tld/',
+            index_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/index.php'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'http://host.tld/admin/',
+            index_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/admin/index.php'
+                )
+            )
+        );
+    }
+
+    /**
+     * The resource is != "index.php"
+     */
+    public function testOtherResource()
+    {
+        $this->assertEquals(
+            'http://host.tld/page.php',
+            page_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/page.php'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'http://host.tld/admin/page.php',
+            page_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/admin/page.php'
+                )
+            )
+        );
+    }
+}
diff --git a/tests/http/HttpUtils/IsHttpsTest.php b/tests/http/HttpUtils/IsHttpsTest.php
new file mode 100644
index 00000000..348956c6
--- /dev/null
+++ b/tests/http/HttpUtils/IsHttpsTest.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace Shaarli\Http;
+
+require_once 'application/http/HttpUtils.php';
+
+/**
+ * Class IsHttpsTest
+ *
+ * Test class for is_https() function.
+ */
+class IsHttpsTest extends \PHPUnit\Framework\TestCase
+{
+
+    /**
+     * Test is_https with HTTPS values.
+     */
+    public function testIsHttpsTrue()
+    {
+        $this->assertTrue(is_https(['HTTPS' => true]));
+        $this->assertTrue(is_https(['HTTPS' => '1']));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 443]));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443']));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443,123,456,']));
+    }
+
+    /**
+     * Test is_https with HTTP values.
+     */
+    public function testIsHttpsFalse()
+    {
+        $this->assertFalse(is_https([]));
+        $this->assertFalse(is_https(['HTTPS' => false]));
+        $this->assertFalse(is_https(['HTTPS' => '0']));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 123]));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '123']));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => ',123,456,']));
+    }
+}
diff --git a/tests/http/HttpUtils/PageUrlTest.php b/tests/http/HttpUtils/PageUrlTest.php
new file mode 100644
index 00000000..f1991716
--- /dev/null
+++ b/tests/http/HttpUtils/PageUrlTest.php
@@ -0,0 +1,78 @@
+<?php
+/**
+ * HttpUtils' tests
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/HttpUtils.php';
+
+/**
+ * Unitary tests for page_url()
+ */
+class PageUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * If on the main page, remove "index.php" from the URL resource
+     */
+    public function testRemoveIndex()
+    {
+        $this->assertEquals(
+            'http://host.tld/?p1=v1&p2=v2',
+            page_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/index.php',
+                    'QUERY_STRING' => 'p1=v1&p2=v2'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'http://host.tld/admin/?action=edit_tag',
+            page_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/admin/index.php',
+                    'QUERY_STRING' => 'action=edit_tag'
+                )
+            )
+        );
+    }
+
+    /**
+     * The resource is != "index.php"
+     */
+    public function testOtherResource()
+    {
+        $this->assertEquals(
+            'http://host.tld/page.php?p1=v1&p2=v2',
+            page_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/page.php',
+                    'QUERY_STRING' => 'p1=v1&p2=v2'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'http://host.tld/admin/page.php?action=edit_tag',
+            page_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'SCRIPT_NAME' => '/admin/page.php',
+                    'QUERY_STRING' => 'action=edit_tag'
+                )
+            )
+        );
+    }
+}
diff --git a/tests/http/HttpUtils/ServerUrlTest.php b/tests/http/HttpUtils/ServerUrlTest.php
new file mode 100644
index 00000000..9caf1049
--- /dev/null
+++ b/tests/http/HttpUtils/ServerUrlTest.php
@@ -0,0 +1,223 @@
+<?php
+/**
+ * HttpUtils' tests
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/HttpUtils.php';
+
+/**
+ * Unitary tests for server_url()
+ */
+class ServerUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Detect if the server uses SSL
+     */
+    public function testHttpsScheme()
+    {
+        $this->assertEquals(
+            'https://host.tld',
+            server_url(
+                array(
+                    'HTTPS' => 'ON',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '443'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'https://host.tld:8080',
+            server_url(
+                array(
+                    'HTTPS' => 'ON',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '8080'
+                )
+            )
+        );
+    }
+
+    /**
+     * Detect a Proxy that sets Forwarded-Host
+     */
+    public function testHttpsProxyForwardedHost()
+    {
+        $this->assertEquals(
+            'https://host.tld:8080',
+            server_url(
+                array(
+                    'HTTP_X_FORWARDED_PROTO' => 'https',
+                    'HTTP_X_FORWARDED_PORT' => '8080',
+                    'HTTP_X_FORWARDED_HOST' => 'host.tld'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'https://host.tld:4974',
+            server_url(
+                array(
+                    'HTTP_X_FORWARDED_PROTO' => 'https, https',
+                    'HTTP_X_FORWARDED_PORT' => '4974, 80',
+                    'HTTP_X_FORWARDED_HOST' => 'host.tld, example.com'
+                )
+            )
+        );
+    }
+
+    /**
+     * Detect a Proxy with SSL enabled
+     */
+    public function testHttpsProxyForward()
+    {
+        $this->assertEquals(
+            'https://host.tld:8080',
+            server_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'HTTP_X_FORWARDED_PROTO' => 'https',
+                    'HTTP_X_FORWARDED_PORT' => '8080'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'https://host.tld',
+            server_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'HTTP_X_FORWARDED_PROTO' => 'https'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'https://host.tld',
+            server_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'HTTP_X_FORWARDED_PROTO' => 'https',
+                    'HTTP_X_FORWARDED_PORT' => '443'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'https://host.tld:4974',
+            server_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'HTTP_X_FORWARDED_PROTO' => 'https, https',
+                    'HTTP_X_FORWARDED_PORT' => '4974, 80'
+                )
+            )
+        );
+    }
+
+    /**
+     * Detect if the server uses a specific port (!= 80)
+     */
+    public function testPort()
+    {
+        // HTTP
+        $this->assertEquals(
+            'http://host.tld:8080',
+            server_url(
+                array(
+                    'HTTPS' => 'OFF',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '8080'
+                )
+            )
+        );
+
+        // HTTPS
+        $this->assertEquals(
+            'https://host.tld:8080',
+            server_url(
+                array(
+                    'HTTPS' => 'ON',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '8080'
+                )
+            )
+        );
+    }
+
+    /**
+     * HTTP server on port 80
+     */
+    public function testStandardHttpPort()
+    {
+        $this->assertEquals(
+            'http://host.tld',
+            server_url(
+                array(
+                    'HTTPS' => 'OFF',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80'
+                )
+            )
+        );
+    }
+
+    /**
+     * HTTPS server on port 443
+     */
+    public function testStandardHttpsPort()
+    {
+        $this->assertEquals(
+            'https://host.tld',
+            server_url(
+                array(
+                    'HTTPS' => 'ON',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '443'
+                )
+            )
+        );
+    }
+
+    /**
+     * Misconfigured server (see #1022): Proxy HTTP but 443
+     */
+    public function testHttpWithPort433()
+    {
+        $this->assertEquals(
+            'https://host.tld',
+            server_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'HTTP_X_FORWARDED_PROTO' => 'http',
+                    'HTTP_X_FORWARDED_PORT' => '443'
+                )
+            )
+        );
+
+        $this->assertEquals(
+            'https://host.tld',
+            server_url(
+                array(
+                    'HTTPS' => 'Off',
+                    'SERVER_NAME' => 'host.tld',
+                    'SERVER_PORT' => '80',
+                    'HTTP_X_FORWARDED_PROTO' => 'https, http',
+                    'HTTP_X_FORWARDED_PORT' => '443, 80'
+                )
+            )
+        );
+    }
+}
diff --git a/tests/http/UrlTest.php b/tests/http/UrlTest.php
index 011b416d..342b78a4 100644
--- a/tests/http/UrlTest.php
+++ b/tests/http/UrlTest.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Url's tests
+ * UrlUtils's tests
  */
 
 namespace Shaarli\Http;
diff --git a/tests/http/UrlUtils/CleanupUrlTest.php b/tests/http/UrlUtils/CleanupUrlTest.php
new file mode 100644
index 00000000..6c4d124b
--- /dev/null
+++ b/tests/http/UrlUtils/CleanupUrlTest.php
@@ -0,0 +1,111 @@
+<?php
+/**
+ * Unitary tests for cleanup_url()
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+class CleanupUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * @var string reference URL
+     */
+    protected $ref = 'http://domain.tld:3000';
+
+
+    /**
+     * Clean empty URL
+     */
+    public function testCleanupUrlEmpty()
+    {
+        $this->assertEquals('', cleanup_url(''));
+    }
+
+    /**
+     * Clean an already cleaned URL
+     */
+    public function testCleanupUrlAlreadyClean()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref));
+        $this->ref2 = $this->ref.'/path/to/dir/';
+        $this->assertEquals($this->ref2, cleanup_url($this->ref2));
+    }
+
+    /**
+     * Clean URL fragments
+     */
+    public function testCleanupUrlFragment()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'#tk.rss_all'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'#xtor=RSS-'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'#xtor=RSS-U3ht0tkc4b'));
+    }
+
+    /**
+     * Clean URL query - single annoying parameter
+     */
+    public function testCleanupUrlQuerySingle()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?action_object_map=junk'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?action_ref_map=Cr4p!'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?action_type_map=g4R84g3'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?fb_stuff=v41u3'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?fb=71m3w4573'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_campaign=zomg'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_medium=numnum'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_source=c0d3'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_term=1n4l'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?xtor=some-url'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?campaign_name=junk'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?campaign_start=junk'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?campaign_item_index=junk'));
+    }
+
+    /**
+     * Clean URL query - multiple annoying parameters
+     */
+    public function testCleanupUrlQueryMultiple()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?xtor=some-url&fb=som3th1ng'));
+
+        $this->assertEquals($this->ref, cleanup_url(
+            $this->ref.'?fb=stuff&utm_campaign=zomg&utm_medium=numnum&utm_source=c0d3'
+        ));
+
+        $this->assertEquals($this->ref, cleanup_url(
+            $this->ref.'?campaign_start=zomg&campaign_name=numnum'
+        ));
+    }
+
+    /**
+     * Clean URL query - multiple annoying parameters and fragment
+     */
+    public function testCleanupUrlQueryFragment()
+    {
+        $this->assertEquals($this->ref, cleanup_url(
+            $this->ref.'?xtor=some-url&fb=som3th1ng#tk.rss_all'
+        ));
+
+        // ditch annoying query params and fragment, keep useful params
+        $this->assertEquals(
+            $this->ref.'?my=stuff&is=kept',
+            cleanup_url(
+                $this->ref.'?fb=zomg&my=stuff&utm_medium=numnum&is=kept#tk.rss_all'
+            )
+        );
+
+        // ditch annoying query params, keep useful params and fragment
+        $this->assertEquals(
+            $this->ref.'?my=stuff&is=kept#again',
+            cleanup_url(
+                $this->ref.'?fb=zomg&my=stuff&utm_medium=numnum&is=kept#again'
+            )
+        );
+    }
+}
diff --git a/tests/http/UrlUtils/GetUrlSchemeTest.php b/tests/http/UrlUtils/GetUrlSchemeTest.php
new file mode 100644
index 00000000..2b97f7be
--- /dev/null
+++ b/tests/http/UrlUtils/GetUrlSchemeTest.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Unitary tests for get_url_scheme()
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+class GetUrlSchemeTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Get empty scheme string for empty UrlUtils
+     */
+    public function testGetUrlSchemeEmpty()
+    {
+        $this->assertEquals('', get_url_scheme(''));
+    }
+
+    /**
+     * Get normal scheme of UrlUtils
+     */
+    public function testGetUrlScheme()
+    {
+        $this->assertEquals('http', get_url_scheme('http://domain.tld:3000'));
+        $this->assertEquals('https', get_url_scheme('https://domain.tld:3000'));
+        $this->assertEquals('http', get_url_scheme('domain.tld'));
+        $this->assertEquals('ssh', get_url_scheme('ssh://domain.tld'));
+        $this->assertEquals('ftp', get_url_scheme('ftp://domain.tld'));
+        $this->assertEquals('git', get_url_scheme('git://domain.tld/push?pull=clone#checkout'));
+    }
+}
diff --git a/tests/http/UrlUtils/UnparseUrlTest.php b/tests/http/UrlUtils/UnparseUrlTest.php
new file mode 100644
index 00000000..040d8c54
--- /dev/null
+++ b/tests/http/UrlUtils/UnparseUrlTest.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Unpares UrlUtils's tests
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+/**
+ * Unitary tests for unparse_url()
+ */
+class UnparseUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Thanks for building nothing
+     */
+    public function testUnparseEmptyArray()
+    {
+        $this->assertEquals('', unparse_url(array()));
+    }
+
+    /**
+     * Rebuild a full-featured URL
+     */
+    public function testUnparseFull()
+    {
+        $ref = 'http://username:password@hostname:9090/path'
+              .'?arg1=value1&arg2=value2#anchor';
+        $this->assertEquals($ref, unparse_url(parse_url($ref)));
+    }
+}
diff --git a/tests/http/UrlUtils/WhitelistProtocolsTest.php b/tests/http/UrlUtils/WhitelistProtocolsTest.php
new file mode 100644
index 00000000..69512dbd
--- /dev/null
+++ b/tests/http/UrlUtils/WhitelistProtocolsTest.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+/**
+ * Class WhitelistProtocolsTest
+ *
+ * Test whitelist_protocols() function of UrlUtils.
+ */
+class WhitelistProtocolsTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Test whitelist_protocols() on a note (relative URL).
+     */
+    public function testWhitelistProtocolsRelative()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = '?12443564';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = '/path.jpg';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() on a note (relative URL).
+     */
+    public function testWhitelistProtocolMissing()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'test.tld/path/?query=value#hash';
+        $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() with allowed protocols.
+     */
+    public function testWhitelistAllowedProtocol()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'http://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'https://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'ftp://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'magnet:test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() with allowed protocols.
+     */
+    public function testWhitelistDisallowedProtocol()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'javascript:alert("xss");';
+        $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
+        $url = 'other://test.tld/path/?query=value#hash';
+        $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
+    }
+}
-- 
cgit v1.2.3