Changeset View
Changeset View
Standalone View
Standalone View
src/parser/__tests__/PhutilURITestCase.php
Show First 20 Lines • Show All 77 Lines • ▼ Show 20 Lines | public function testURIParsing() { | ||||
// cURL in the same way that parse_url() interpreted them. | // cURL in the same way that parse_url() interpreted them. | ||||
$uri = new PhutilURI('http://u:p@evil.com?@good.com'); | $uri = new PhutilURI('http://u:p@evil.com?@good.com'); | ||||
$this->assertEqual('u', $uri->getUser()); | $this->assertEqual('u', $uri->getUser()); | ||||
$this->assertEqual('p', $uri->getPass()); | $this->assertEqual('p', $uri->getPass()); | ||||
$this->assertEqual('evil.com', $uri->getDomain()); | $this->assertEqual('evil.com', $uri->getDomain()); | ||||
$this->assertEqual('http://u:p@evil.com?%40good.com=', (string)$uri); | $this->assertEqual('http://u:p@evil.com?%40good.com=', (string)$uri); | ||||
$uri = new PhutilURI('http://good.com#u:p@evil.com/'); | // The behavior of URLs in these forms differs for different versions | ||||
$this->assertEqual('good.com#u', $uri->getUser()); | // of cURL, PHP, and other software. Because safe parsing is a tricky | ||||
$this->assertEqual('p', $uri->getPass()); | // proposition and these URIs are almost certainly malicious, we just | ||||
$this->assertEqual('evil.com', $uri->getDomain()); | // reject them. See T12526 for discussion. | ||||
$this->assertEqual('http://good.com%23u:p@evil.com/', (string)$uri); | |||||
$dangerous = array( | |||||
// Ambiguous encoding. | |||||
'http://good.com#u:p@evil.com/' => true, | |||||
'http://good.com?u:p@evil.com/' => true, | |||||
// Unambiguous encoding: with a trailing slash. | |||||
'http://good.com/#u:p@evil.com/' => false, | |||||
'http://good.com/?u:p@evil.com/' => false, | |||||
// Unambiguous encoding: with escaping. | |||||
'http://good.com%23u:p@evil.com/' => false, | |||||
'http://good.com%40u:p@evil.com/' => false, | |||||
); | |||||
$uri = new PhutilURI('http://good.com?u:p@evil.com/'); | foreach ($dangerous as $input => $expect) { | ||||
$this->assertEqual('', $uri->getUser()); | $caught = null; | ||||
$this->assertEqual('', $uri->getPass()); | try { | ||||
$this->assertEqual('good.com', $uri->getDomain()); | new PhutilURI($input); | ||||
$this->assertEqual('http://good.com?u%3Ap%40evil.com%2F=', (string)$uri); | } catch (Exception $ex) { | ||||
$caught = $ex; | |||||
} | |||||
$this->assertEqual( | |||||
$expect, | |||||
($caught instanceof $ex), | |||||
pht('Unexpected parse result for dangerous URI "%s".', $input)); | |||||
} | |||||
$uri = new PhutilURI('www.example.com'); | $uri = new PhutilURI('www.example.com'); | ||||
$this->assertEqual('', $uri->getProtocol()); | $this->assertEqual('', $uri->getProtocol()); | ||||
$this->assertEqual('www.example.com', (string)$uri); | $this->assertEqual('www.example.com', (string)$uri); | ||||
} | } | ||||
public function testURIGeneration() { | public function testURIGeneration() { | ||||
$uri = new PhutilURI('http://example.com'); | $uri = new PhutilURI('http://example.com'); | ||||
▲ Show 20 Lines • Show All 139 Lines • Show Last 20 Lines |