aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/http/UrlUtils/WhitelistProtocolsTest.php
blob: b8a6baaa769118dda0272a996f6e5deccc57f729 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php

namespace Shaarli\Http;

require_once 'application/http/UrlUtils.php';

/**
 * Class WhitelistProtocolsTest
 *
 * Test whitelist_protocols() function of UrlUtils.
 */
class WhitelistProtocolsTest extends \Shaarli\TestCase
{
    /**
     * Test whitelist_protocols() on a note (relative URL).
     */
    public function testWhitelistProtocolsRelative()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = '?12443564';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = '/path.jpg';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    }

    /**
     * Test whitelist_protocols() on a note (relative URL).
     */
    public function testWhitelistProtocolMissing()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = 'test.tld/path/?query=value#hash';
        $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist));
    }

    /**
     * Test whitelist_protocols() with allowed protocols.
     */
    public function testWhitelistAllowedProtocol()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = 'http://test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = 'https://test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = 'ftp://test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
        $url = 'magnet:test.tld/path/?query=value#hash';
        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    }

    /**
     * Test whitelist_protocols() with allowed protocols.
     */
    public function testWhitelistDisallowedProtocol()
    {
        $whitelist = ['ftp', 'magnet'];
        $url = 'javascript:alert("xss");';
        $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
        $url = 'other://test.tld/path/?query=value#hash';
        $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
    }
}