You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

222 lines
5.4KB

  1. <?php
  2. // WARNING: All the URI schemes are far to relaxed, we need to tighten
  3. // the checks.
  4. class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
  5. {
  6. private $pngBase64;
  7. public function __construct()
  8. {
  9. $this->pngBase64 =
  10. 'iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAABGdBTUEAALGP'.
  11. 'C/xhBQAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9YGARc5KB0XV+IA'.
  12. 'AAAddEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIFRoZSBHSU1Q72QlbgAAAF1J'.
  13. 'REFUGNO9zL0NglAAxPEfdLTs4BZM4DIO4C7OwQg2JoQ9LE1exdlYvBBeZ7jq'.
  14. 'ch9//q1uH4TLzw4d6+ErXMMcXuHWxId3KOETnnXXV6MJpcq2MLaI97CER3N0'.
  15. 'vr4MkhoXe0rZigAAAABJRU5ErkJggg==';
  16. }
  17. protected function assertValidation($uri, $expect_uri = true)
  18. {
  19. $this->prepareURI($uri, $expect_uri);
  20. $this->config->set('URI.AllowedSchemes', array($uri->scheme));
  21. // convenience hack: the scheme should be explicitly specified
  22. $scheme = $uri->getSchemeObj($this->config, $this->context);
  23. $result = $scheme->validate($uri, $this->config, $this->context);
  24. $this->assertEitherFailOrIdentical($result, $uri, $expect_uri);
  25. }
  26. public function test_http_regular()
  27. {
  28. $this->assertValidation(
  29. 'http://example.com/?s=q#fragment'
  30. );
  31. }
  32. public function test_http_uppercase()
  33. {
  34. $this->assertValidation(
  35. 'http://example.com/FOO'
  36. );
  37. }
  38. public function test_http_removeDefaultPort()
  39. {
  40. $this->assertValidation(
  41. 'http://example.com:80',
  42. 'http://example.com'
  43. );
  44. }
  45. public function test_http_removeUserInfo()
  46. {
  47. $this->assertValidation(
  48. 'http://bob@example.com',
  49. 'http://example.com'
  50. );
  51. }
  52. public function test_http_preserveNonDefaultPort()
  53. {
  54. $this->assertValidation(
  55. 'http://example.com:8080'
  56. );
  57. }
  58. public function test_https_regular()
  59. {
  60. $this->assertValidation(
  61. 'https://user@example.com:443/?s=q#frag',
  62. 'https://example.com/?s=q#frag'
  63. );
  64. }
  65. public function test_ftp_regular()
  66. {
  67. $this->assertValidation(
  68. 'ftp://user@example.com/path'
  69. );
  70. }
  71. public function test_ftp_removeDefaultPort()
  72. {
  73. $this->assertValidation(
  74. 'ftp://example.com:21',
  75. 'ftp://example.com'
  76. );
  77. }
  78. public function test_ftp_removeQueryString()
  79. {
  80. $this->assertValidation(
  81. 'ftp://example.com?s=q',
  82. 'ftp://example.com'
  83. );
  84. }
  85. public function test_ftp_preserveValidTypecode()
  86. {
  87. $this->assertValidation(
  88. 'ftp://example.com/file.txt;type=a'
  89. );
  90. }
  91. public function test_ftp_removeInvalidTypecode()
  92. {
  93. $this->assertValidation(
  94. 'ftp://example.com/file.txt;type=z',
  95. 'ftp://example.com/file.txt'
  96. );
  97. }
  98. public function test_ftp_encodeExtraSemicolons()
  99. {
  100. $this->assertValidation(
  101. 'ftp://example.com/too;many;semicolons=1',
  102. 'ftp://example.com/too%3Bmany%3Bsemicolons=1'
  103. );
  104. }
  105. public function test_news_regular()
  106. {
  107. $this->assertValidation(
  108. 'news:gmane.science.linguistics'
  109. );
  110. }
  111. public function test_news_explicit()
  112. {
  113. $this->assertValidation(
  114. 'news:642@eagle.ATT.COM'
  115. );
  116. }
  117. public function test_news_removeNonPathComponents()
  118. {
  119. $this->assertValidation(
  120. 'news://user@example.com:80/rec.music?path=foo#frag',
  121. 'news:/rec.music#frag'
  122. );
  123. }
  124. public function test_nntp_regular()
  125. {
  126. $this->assertValidation(
  127. 'nntp://news.example.com/alt.misc/42#frag'
  128. );
  129. }
  130. public function test_nntp_removalOfRedundantOrUselessComponents()
  131. {
  132. $this->assertValidation(
  133. 'nntp://user@news.example.com:119/alt.misc/42?s=q#frag',
  134. 'nntp://news.example.com/alt.misc/42#frag'
  135. );
  136. }
  137. public function test_mailto_regular()
  138. {
  139. $this->assertValidation(
  140. 'mailto:bob@example.com'
  141. );
  142. }
  143. public function test_mailto_removalOfRedundantOrUselessComponents()
  144. {
  145. $this->assertValidation(
  146. 'mailto://user@example.com:80/bob@example.com?subject=Foo#frag',
  147. 'mailto:/bob@example.com?subject=Foo#frag'
  148. );
  149. }
  150. public function test_data_png()
  151. {
  152. $this->assertValidation(
  153. 'data:image/png;base64,'.$this->pngBase64
  154. );
  155. }
  156. public function test_data_malformed()
  157. {
  158. $this->assertValidation(
  159. 'data:image/png;base64,vr4MkhoXJRU5ErkJggg==',
  160. false
  161. );
  162. }
  163. public function test_data_implicit()
  164. {
  165. $this->assertValidation(
  166. 'data:base64,'.$this->pngBase64,
  167. 'data:image/png;base64,'.$this->pngBase64
  168. );
  169. }
  170. public function test_file_basic()
  171. {
  172. $this->assertValidation(
  173. 'file://user@MYCOMPUTER:12/foo/bar?baz#frag',
  174. 'file://MYCOMPUTER/foo/bar#frag'
  175. );
  176. }
  177. public function test_file_local()
  178. {
  179. $this->assertValidation(
  180. 'file:///foo/bar?baz#frag',
  181. 'file:///foo/bar#frag'
  182. );
  183. }
  184. public function test_ftp_empty_host()
  185. {
  186. $this->assertValidation('ftp:///example.com', false);
  187. }
  188. }
  189. // vim: et sw=4 sts=4