2017-05-25 14:52:42 +02:00
|
|
|
<?php
|
|
|
|
|
2018-12-03 00:34:53 +01:00
|
|
|
namespace Shaarli\Http;
|
2017-05-25 14:52:42 +02:00
|
|
|
|
2021-04-05 11:00:28 +02:00
|
|
|
use Shaarli\TestCase;
|
2017-05-25 14:52:42 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Class WhitelistProtocolsTest
|
|
|
|
*
|
2018-12-03 00:34:53 +01:00
|
|
|
* Test whitelist_protocols() function of UrlUtils.
|
2017-05-25 14:52:42 +02:00
|
|
|
*/
|
2021-04-05 11:00:28 +02:00
|
|
|
class WhitelistProtocolsTest extends TestCase
|
2017-05-25 14:52:42 +02:00
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Test whitelist_protocols() on a note (relative URL).
|
|
|
|
*/
|
|
|
|
public function testWhitelistProtocolsRelative()
|
|
|
|
{
|
|
|
|
$whitelist = ['ftp', 'magnet'];
|
|
|
|
$url = '?12443564';
|
|
|
|
$this->assertEquals($url, whitelist_protocols($url, $whitelist));
|
|
|
|
$url = '/path.jpg';
|
|
|
|
$this->assertEquals($url, whitelist_protocols($url, $whitelist));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test whitelist_protocols() on a note (relative URL).
|
|
|
|
*/
|
|
|
|
public function testWhitelistProtocolMissing()
|
|
|
|
{
|
|
|
|
$whitelist = ['ftp', 'magnet'];
|
|
|
|
$url = 'test.tld/path/?query=value#hash';
|
2021-04-05 09:39:34 +02:00
|
|
|
$this->assertEquals('http://' . $url, whitelist_protocols($url, $whitelist));
|
2017-05-25 14:52:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test whitelist_protocols() with allowed protocols.
|
|
|
|
*/
|
|
|
|
public function testWhitelistAllowedProtocol()
|
|
|
|
{
|
|
|
|
$whitelist = ['ftp', 'magnet'];
|
|
|
|
$url = 'http://test.tld/path/?query=value#hash';
|
|
|
|
$this->assertEquals($url, whitelist_protocols($url, $whitelist));
|
|
|
|
$url = 'https://test.tld/path/?query=value#hash';
|
|
|
|
$this->assertEquals($url, whitelist_protocols($url, $whitelist));
|
|
|
|
$url = 'ftp://test.tld/path/?query=value#hash';
|
|
|
|
$this->assertEquals($url, whitelist_protocols($url, $whitelist));
|
|
|
|
$url = 'magnet:test.tld/path/?query=value#hash';
|
|
|
|
$this->assertEquals($url, whitelist_protocols($url, $whitelist));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test whitelist_protocols() with allowed protocols.
|
|
|
|
*/
|
|
|
|
public function testWhitelistDisallowedProtocol()
|
|
|
|
{
|
|
|
|
$whitelist = ['ftp', 'magnet'];
|
|
|
|
$url = 'javascript:alert("xss");';
|
|
|
|
$this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
|
|
|
|
$url = 'other://test.tld/path/?query=value#hash';
|
|
|
|
$this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
|
|
|
|
}
|
|
|
|
}
|