Home Explore Help
Sign In
kotnik
/
shaarli
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a062416918
Branches Tags
shaarli
/
tests
/
Url
/
WhitelistProtocolsTest.php

WhitelistProtocolsTest.php 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. <?php
    2. 

  2. 

  3. require_once 'application/Url.php';
    4. 

  4. 

  5. use Shaarli\Config\ConfigManager;
    6. 

  6. 

  7. /**
    8. 

  8.  * Class WhitelistProtocolsTest
    9. 

  9.  *
    10. 

  10.  * Test whitelist_protocols() function of Url.
    11. 

  11.  */
    12. 

  12. class WhitelistProtocolsTest extends PHPUnit_Framework_TestCase
    13. 

  13. {
    14. 

  14.     /**
    15. 

  15.      * Test whitelist_protocols() on a note (relative URL).
    16. 

  16.      */
    17. 

  17.     public function testWhitelistProtocolsRelative()
    18. 

  18.     {
    19. 

  19.         $whitelist = ['ftp', 'magnet'];
    20. 

  20.         $url = '?12443564';
    21. 

  21.         $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    22. 

  22.         $url = '/path.jpg';
    23. 

  23.         $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    24. 

  24.     }
    25. 

  25. 

  26.     /**
    27. 

  27.      * Test whitelist_protocols() on a note (relative URL).
    28. 

  28.      */
    29. 

  29.     public function testWhitelistProtocolMissing()
    30. 

  30.     {
    31. 

  31.         $whitelist = ['ftp', 'magnet'];
    32. 

  32.         $url = 'test.tld/path/?query=value#hash';
    33. 

  33.         $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist));
    34. 

  34.     }
    35. 

  35. 

  36.     /**
    37. 

  37.      * Test whitelist_protocols() with allowed protocols.
    38. 

  38.      */
    39. 

  39.     public function testWhitelistAllowedProtocol()
    40. 

  40.     {
    41. 

  41.         $whitelist = ['ftp', 'magnet'];
    42. 

  42.         $url = 'http://test.tld/path/?query=value#hash';
    43. 

  43.         $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    44. 

  44.         $url = 'https://test.tld/path/?query=value#hash';
    45. 

  45.         $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    46. 

  46.         $url = 'ftp://test.tld/path/?query=value#hash';
    47. 

  47.         $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    48. 

  48.         $url = 'magnet:test.tld/path/?query=value#hash';
    49. 

  49.         $this->assertEquals($url, whitelist_protocols($url, $whitelist));
    50. 

  50.     }
    51. 

  51. 

  52.     /**
    53. 

  53.      * Test whitelist_protocols() with allowed protocols.
    54. 

  54.      */
    55. 

  55.     public function testWhitelistDisallowedProtocol()
    56. 

  56.     {
    57. 

  57.         $whitelist = ['ftp', 'magnet'];
    58. 

  58.         $url = 'javascript:alert("xss");';
    59. 

  59.         $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
    60. 

  60.         $url = 'other://test.tld/path/?query=value#hash';
    61. 

  61.         $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
    62. 

  62.     }
    63. 

  63. }
    64.