2007-08-01 18:34:46 +00:00
|
|
|
<?php
|
|
|
|
|
2007-08-02 01:12:27 +00:00
|
|
|
class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
|
2007-08-01 18:34:46 +00:00
|
|
|
{
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-04-21 15:24:18 +00:00
|
|
|
protected function createURI($uri) {
|
2007-08-01 18:34:46 +00:00
|
|
|
$parser = new HTMLPurifier_URIParser();
|
|
|
|
return $parser->parse($uri);
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_construct() {
|
|
|
|
$uri1 = new HTMLPurifier_URI('HTTP', 'bob', 'example.com', '23', '/foo', 'bar=2', 'slash');
|
|
|
|
$uri2 = new HTMLPurifier_URI('http', 'bob', 'example.com', 23, '/foo', 'bar=2', 'slash');
|
|
|
|
$this->assertIdentical($uri1, $uri2);
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-11-25 02:24:39 +00:00
|
|
|
protected $oldRegistry;
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-04-21 15:24:18 +00:00
|
|
|
protected function &setUpSchemeRegistryMock() {
|
2007-08-01 18:34:46 +00:00
|
|
|
$this->oldRegistry = HTMLPurifier_URISchemeRegistry::instance();
|
|
|
|
generate_mock_once('HTMLPurifier_URIScheme');
|
|
|
|
generate_mock_once('HTMLPurifier_URISchemeRegistry');
|
2008-01-05 00:10:43 +00:00
|
|
|
$registry = HTMLPurifier_URISchemeRegistry::instance(
|
2007-08-01 18:34:46 +00:00
|
|
|
new HTMLPurifier_URISchemeRegistryMock()
|
|
|
|
);
|
|
|
|
return $registry;
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-04-21 15:24:18 +00:00
|
|
|
protected function setUpSchemeMock($name) {
|
2008-01-05 00:10:43 +00:00
|
|
|
$registry = $this->setUpSchemeRegistryMock();
|
2007-08-01 18:34:46 +00:00
|
|
|
$scheme_mock = new HTMLPurifier_URISchemeMock();
|
|
|
|
$registry->setReturnValue('getScheme', $scheme_mock, array($name, '*', '*'));
|
|
|
|
return $scheme_mock;
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-04-21 15:24:18 +00:00
|
|
|
protected function setUpNoValidSchemes() {
|
2008-01-05 00:10:43 +00:00
|
|
|
$registry = $this->setUpSchemeRegistryMock();
|
2007-08-01 18:34:46 +00:00
|
|
|
$registry->setReturnValue('getScheme', false, array('*', '*', '*'));
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-04-21 15:24:18 +00:00
|
|
|
protected function tearDownSchemeRegistryMock() {
|
2007-08-01 18:34:46 +00:00
|
|
|
HTMLPurifier_URISchemeRegistry::instance($this->oldRegistry);
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_getSchemeObj() {
|
2008-01-05 00:10:43 +00:00
|
|
|
$scheme_mock = $this->setUpSchemeMock('http');
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$uri = $this->createURI('http:');
|
|
|
|
$scheme_obj = $uri->getSchemeObj($this->config, $this->context);
|
|
|
|
$this->assertIdentical($scheme_obj, $scheme_mock);
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$this->tearDownSchemeRegistryMock();
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_getSchemeObj_invalidScheme() {
|
|
|
|
$this->setUpNoValidSchemes();
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$uri = $this->createURI('http:');
|
|
|
|
$result = $uri->getSchemeObj($this->config, $this->context);
|
|
|
|
$this->assertIdentical($result, false);
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$this->tearDownSchemeRegistryMock();
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_getSchemaObj_defaultScheme() {
|
|
|
|
$scheme = 'foobar';
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-01-05 00:10:43 +00:00
|
|
|
$scheme_mock = $this->setUpSchemeMock($scheme);
|
2009-02-20 00:17:49 +00:00
|
|
|
$this->config->set('URI.DefaultScheme', $scheme);
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$uri = $this->createURI('hmm');
|
|
|
|
$scheme_obj = $uri->getSchemeObj($this->config, $this->context);
|
|
|
|
$this->assertIdentical($scheme_obj, $scheme_mock);
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$this->tearDownSchemeRegistryMock();
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_getSchemaObj_invalidDefaultScheme() {
|
|
|
|
$this->setUpNoValidSchemes();
|
2009-02-20 00:17:49 +00:00
|
|
|
$this->config->set('URI.DefaultScheme', 'foobar');
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$uri = $this->createURI('hmm');
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$this->expectError('Default scheme object "foobar" was not readable');
|
|
|
|
$result = $uri->getSchemeObj($this->config, $this->context);
|
|
|
|
$this->assertIdentical($result, false);
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
$this->tearDownSchemeRegistryMock();
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-04-21 15:24:18 +00:00
|
|
|
protected function assertToString($expect_uri, $scheme, $userinfo, $host, $port, $path, $query, $fragment) {
|
2007-08-01 18:34:46 +00:00
|
|
|
$uri = new HTMLPurifier_URI($scheme, $userinfo, $host, $port, $path, $query, $fragment);
|
|
|
|
$string = $uri->toString();
|
|
|
|
$this->assertIdentical($string, $expect_uri);
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_toString_full() {
|
|
|
|
$this->assertToString(
|
|
|
|
'http://bob@example.com:300/foo?bar=baz#fragment',
|
|
|
|
'http', 'bob', 'example.com', 300, '/foo', 'bar=baz', 'fragment'
|
2008-12-06 07:28:20 +00:00
|
|
|
);
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_toString_scheme() {
|
|
|
|
$this->assertToString(
|
|
|
|
'http:',
|
|
|
|
'http', null, null, null, '', null, null
|
2008-12-06 07:28:20 +00:00
|
|
|
);
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_toString_authority() {
|
|
|
|
$this->assertToString(
|
|
|
|
'//bob@example.com:8080',
|
|
|
|
null, 'bob', 'example.com', 8080, '', null, null
|
2008-12-06 07:28:20 +00:00
|
|
|
);
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_toString_path() {
|
|
|
|
$this->assertToString(
|
|
|
|
'/path/to',
|
|
|
|
null, null, null, null, '/path/to', null, null
|
2008-12-06 07:28:20 +00:00
|
|
|
);
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_toString_query() {
|
|
|
|
$this->assertToString(
|
|
|
|
'?q=string',
|
|
|
|
null, null, null, null, '', 'q=string', null
|
2008-12-06 07:28:20 +00:00
|
|
|
);
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_toString_fragment() {
|
|
|
|
$this->assertToString(
|
|
|
|
'#fragment',
|
|
|
|
null, null, null, null, '', null, 'fragment'
|
2008-12-06 07:28:20 +00:00
|
|
|
);
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-04-21 15:24:18 +00:00
|
|
|
protected function assertValidation($uri, $expect_uri = true) {
|
2007-08-01 18:34:46 +00:00
|
|
|
if ($expect_uri === true) $expect_uri = $uri;
|
|
|
|
$uri = $this->createURI($uri);
|
|
|
|
$result = $uri->validate($this->config, $this->context);
|
|
|
|
if ($expect_uri === false) {
|
|
|
|
$this->assertFalse($result);
|
|
|
|
} else {
|
|
|
|
$this->assertTrue($result);
|
|
|
|
$this->assertIdentical($uri->toString(), $expect_uri);
|
|
|
|
}
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_validate_overlongPort() {
|
|
|
|
$this->assertValidation('http://example.com:65536', 'http://example.com');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_validate_zeroPort() {
|
|
|
|
$this->assertValidation('http://example.com:00', 'http://example.com');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
function test_validate_invalidHostThatLooksLikeIPv6() {
|
Dramatically rewrite null host URI handling.
Basically, browsers don't parse what should be valid URIs correctly, so
we have to go through some backbends to accomodate them. Specifically,
for browseable URIs, the following URIs have unintended behavior:
- ///example.com
- http:/example.com
- http:///example.com
Furthermore, if the path begins with //, modifying these URLs must
be done with care, as if you remove the host-name component, the
parse tree changes.
I've modified the engine to follow correct URI semantics as much
as possible while outputting browser compatible code, and invalidate
the URI in cases where we can't deal. There has been a refactoring
of URIScheme so that this important check is always performed,
introducing a new member variable allow_empty_host which is true
on data, file, mailto and news schemes.
This also fixes bypass bugs on URI.Munge.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-01-25 18:56:46 +00:00
|
|
|
$this->assertValidation('http://[2001:0db8:85z3:08d3:1319:8a2e:0370:7334]', '');
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-14 02:19:00 +00:00
|
|
|
function test_validate_removeRedundantScheme() {
|
|
|
|
$this->assertValidation('http:foo:/:', 'foo%3A/:');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-14 02:19:00 +00:00
|
|
|
function test_validate_username() {
|
|
|
|
$this->assertValidation("http://user\xE3\x91\x94:@foo.com", 'http://user%E3%91%94:@foo.com');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-14 02:19:00 +00:00
|
|
|
function test_validate_path_abempty() {
|
|
|
|
$this->assertValidation("http://host/\xE3\x91\x94:", 'http://host/%E3%91%94:');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-14 02:19:00 +00:00
|
|
|
function test_validate_path_absolute() {
|
|
|
|
$this->assertValidation("/\xE3\x91\x94:", '/%E3%91%94:');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-14 02:19:00 +00:00
|
|
|
function test_validate_path_rootless() {
|
|
|
|
$this->assertValidation("mailto:\xE3\x91\x94:", 'mailto:%E3%91%94:');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-14 02:19:00 +00:00
|
|
|
function test_validate_path_noscheme() {
|
|
|
|
$this->assertValidation("\xE3\x91\x94", '%E3%91%94');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-21 02:58:41 +00:00
|
|
|
function test_validate_query() {
|
|
|
|
$this->assertValidation("?/\xE3\x91\x94", '?/%E3%91%94');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-21 02:58:41 +00:00
|
|
|
function test_validate_fragment() {
|
|
|
|
$this->assertValidation("#/\xE3\x91\x94", '#/%E3%91%94');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2008-05-14 02:19:00 +00:00
|
|
|
function test_validate_path_empty() {
|
|
|
|
$this->assertValidation('http://google.com');
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2007-08-01 18:34:46 +00:00
|
|
|
}
|
2008-12-06 09:24:59 +00:00
|
|
|
|
|
|
|
// vim: et sw=4 sts=4
|