1.20.x common.test | CommonURLUnitTestCase::testBackdropParseUrl() |
Test backdrop_parse_url().
File
- modules/
simpletest/ tests/ common.test, line 338 - Tests for common.inc functionality.
Class
- CommonURLUnitTestCase
- All URL testing that does not require a Backdrop bootstrap.
Code
function testBackdropParseUrl() {
// Relative URL.
$url = 'foo/bar?foo=bar&bar=baz&baz#foo';
$result = array(
'path' => 'foo/bar',
'query' => array('foo' => 'bar', 'bar' => 'baz', 'baz' => ''),
'fragment' => 'foo',
);
$this->assertEqual(backdrop_parse_url($url), $result, 'Relative URL parsed correctly.');
// Relative URL that is known to confuse parse_url().
$url = 'foo/bar:1';
$result = array(
'path' => 'foo/bar:1',
'query' => array(),
'fragment' => '',
);
$this->assertEqual(backdrop_parse_url($url), $result, 'Relative URL parsed correctly.');
// Absolute URL.
$url = '/foo/bar?foo=bar&bar=baz&baz#foo';
$result = array(
'path' => '/foo/bar',
'query' => array('foo' => 'bar', 'bar' => 'baz', 'baz' => ''),
'fragment' => 'foo',
);
$this->assertEqual(backdrop_parse_url($url), $result, 'Absolute URL parsed correctly.');
// External URL testing.
$url = 'https://backdropcms.org/foo/bar?foo=bar&bar=baz&baz#foo';
// Test that Backdrop can recognize an absolute URL. Used to prevent attack
// vectors.
$this->assertTrue(url_is_external($url), 'Correctly identified an external URL.');
// External URL without an explicit protocol.
$url = '//backdropcms.org/foo/bar?foo=bar&bar=baz&baz#foo';
$this->assertTrue(url_is_external($url), 'Correctly identified an external URL without a protocol part.');
// Internal URL starting with a slash.
$url = '/backdropcms.org';
$this->assertFalse(url_is_external($url), 'Correctly identified an internal URL with a leading slash.');
// Test the parsing of absolute URLs.
$url = 'https://backdropcms.org/foo/bar?foo=bar&bar=baz&baz#foo';
$result = array(
'path' => 'https://backdropcms.org/foo/bar',
'query' => array('foo' => 'bar', 'bar' => 'baz', 'baz' => ''),
'fragment' => 'foo',
);
$this->assertEqual(backdrop_parse_url($url), $result, 'External URL parsed correctly.');
// Verify proper parsing of URLs when clean URLs are disabled.
$result = array(
'path' => 'foo/bar',
'query' => array('bar' => 'baz'),
'fragment' => 'foo',
);
// Non-clean URLs #1: Absolute URL generated by url().
$url = $GLOBALS['base_url'] . '/?q=foo/bar&bar=baz#foo';
$this->assertEqual(backdrop_parse_url($url), $result, 'Absolute URL with clean URLs disabled parsed correctly.');
// Non-clean URLs #2: Relative URL generated by url().
$url = '?q=foo/bar&bar=baz#foo';
$this->assertEqual(backdrop_parse_url($url), $result, 'Relative URL with clean URLs disabled parsed correctly.');
// Non-clean URLs #3: URL generated by url() on non-Apache webserver.
$url = 'index.php?q=foo/bar&bar=baz#foo';
$this->assertEqual(backdrop_parse_url($url), $result, 'Relative URL on non-Apache webserver with clean URLs disabled parsed correctly.');
// Test that backdrop_parse_url() does not allow spoofing a URL to force a malicious redirect.
$parts = backdrop_parse_url('forged:http://cwe.mitre.org/data/definitions/601.html');
$this->assertFalse(valid_url($parts['path'], TRUE), 'backdrop_parse_url() correctly parsed a forged URL.');
}