Changeset View
Changeset View
Standalone View
Standalone View
src/parser/__tests__/PhutilURITestCase.php
| Show First 20 Lines • Show All 77 Lines • ▼ Show 20 Lines | public function testURIParsing() { | ||||
| // cURL in the same way that parse_url() interpreted them. | // cURL in the same way that parse_url() interpreted them. | ||||
| $uri = new PhutilURI('http://u:p@evil.com?@good.com'); | $uri = new PhutilURI('http://u:p@evil.com?@good.com'); | ||||
| $this->assertEqual('u', $uri->getUser()); | $this->assertEqual('u', $uri->getUser()); | ||||
| $this->assertEqual('p', $uri->getPass()); | $this->assertEqual('p', $uri->getPass()); | ||||
| $this->assertEqual('evil.com', $uri->getDomain()); | $this->assertEqual('evil.com', $uri->getDomain()); | ||||
| $this->assertEqual('http://u:p@evil.com?%40good.com=', (string)$uri); | $this->assertEqual('http://u:p@evil.com?%40good.com=', (string)$uri); | ||||
| $uri = new PhutilURI('http://good.com#u:p@evil.com/'); | // The behavior of URLs in these forms differs for different versions | ||||
| $this->assertEqual('good.com#u', $uri->getUser()); | // of cURL, PHP, and other software. Because safe parsing is a tricky | ||||
| $this->assertEqual('p', $uri->getPass()); | // proposition and these URIs are almost certainly malicious, we just | ||||
| $this->assertEqual('evil.com', $uri->getDomain()); | // reject them. See T12526 for discussion. | ||||
| $this->assertEqual('http://good.com%23u:p@evil.com/', (string)$uri); | |||||
| $dangerous = array( | |||||
| // Ambiguous encoding. | |||||
| 'http://good.com#u:p@evil.com/' => true, | |||||
| 'http://good.com?u:p@evil.com/' => true, | |||||
| // Unambiguous encoding: with a trailing slash. | |||||
| 'http://good.com/#u:p@evil.com/' => false, | |||||
| 'http://good.com/?u:p@evil.com/' => false, | |||||
| // Unambiguous encoding: with escaping. | |||||
| 'http://good.com%23u:p@evil.com/' => false, | |||||
| 'http://good.com%40u:p@evil.com/' => false, | |||||
| ); | |||||
| $uri = new PhutilURI('http://good.com?u:p@evil.com/'); | foreach ($dangerous as $input => $expect) { | ||||
| $this->assertEqual('', $uri->getUser()); | $caught = null; | ||||
| $this->assertEqual('', $uri->getPass()); | try { | ||||
| $this->assertEqual('good.com', $uri->getDomain()); | new PhutilURI($input); | ||||
| $this->assertEqual('http://good.com?u%3Ap%40evil.com%2F=', (string)$uri); | } catch (Exception $ex) { | ||||
| $caught = $ex; | |||||
| } | |||||
| $this->assertEqual( | |||||
| $expect, | |||||
| ($caught instanceof $ex), | |||||
| pht('Unexpected parse result for dangerous URI "%s".', $input)); | |||||
| } | |||||
| $uri = new PhutilURI('www.example.com'); | $uri = new PhutilURI('www.example.com'); | ||||
| $this->assertEqual('', $uri->getProtocol()); | $this->assertEqual('', $uri->getProtocol()); | ||||
| $this->assertEqual('www.example.com', (string)$uri); | $this->assertEqual('www.example.com', (string)$uri); | ||||
| } | } | ||||
| public function testURIGeneration() { | public function testURIGeneration() { | ||||
| $uri = new PhutilURI('http://example.com'); | $uri = new PhutilURI('http://example.com'); | ||||
| ▲ Show 20 Lines • Show All 139 Lines • Show Last 20 Lines | |||||