| [ Index ] |
PHP Cross Reference of MantisBT |
[Summary view] [Print] [Text view]
1 <?php 2 # MantisBT - A PHP based bugtracking system 3 4 # MantisBT is free software: you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation, either version 2 of the License, or 7 # (at your option) any later version. 8 # 9 # MantisBT is distributed in the hope that it will be useful, 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 # GNU General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * @package Tests 19 * @subpackage String 20 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net 21 * @link http://www.mantisbt.org 22 */ 23 24 require_once 'PHPUnit/Framework.php'; 25 26 //require_once 'string_api.php'; 27 28 class Mantis_StringTest extends PHPUnit_Framework_TestCase { 29 30 /** 31 * Tests string_sanitize_url() 32 * 33 * @dataProvider provider 34 */ 35 public function testStringSanitize( $in, $out ) 36 { 37 $a = string_do_sanitize_url($in, false); 38 $this->assertEquals( $out, $a ); 39 } 40 41 public function provider() 42 { 43 $testStrings = array( 44 array( '', 'index.php' ), 45 array( 'abc.php', 'abc.php' ), 46 array( 'abc.php?','abc.php'), 47 array( 'abc.php#a','abc.php#a'), 48 array( 'abc.php?abc=def','abc.php?abc=def'), 49 array( 'abc.php?abc=def#a','abc.php?abc=def#a'), 50 array( 'abc.php?abc=def&z=xyz','abc.php?abc=def&z=xyz'), 51 array( 'abc.php?abc=def&z=xyz','abc.php?abc=def&z=xyz'), 52 array( 'abc.php?abc=def&z=xyz#a','abc.php?abc=def&z=xyz#a'), 53 array( 'abc.php?abc=def&z=xyz#a','abc.php?abc=def&z=xyz#a'), 54 /* FIXME array( 'abc.php?abc=def&z=<script>alert("foo")</script>z#a','abc.php?abc=def&z=alert%28%22foo%29%22%3cz#a'), */ 55 /* FIXME array( 'abc.php?abc=def&z=z#<script>alert("foo")</script>a','abc.php?abc=def&z=z#alert%28%22foo%22%3ca'), */ 56 array( 'plugin.php?page=Source/index','plugin.php?page=Source%2Findex'), 57 array( 'plugin.php?page=Source/list&id=1','plugin.php?page=Source%2Flist&id=1'), 58 array( 'plugin.php?page=Source/list&id=1#abc','plugin.php?page=Source%2Flist&id=1#abc'), 59 ); 60 61 /* 62 FIXME 63 array( $my_path.'abc.php', 64 array( $my_path.'abc.php?', 65 array( $my_path.'abc.php#a', 66 array( $my_path.'abc.php?abc=def', 67 array( $my_path.'abc.php?abc=def#a', 68 array( $my_path.'abc.php?abc=def&z=xyz', 69 array( $my_path.'abc.php?abc=def&z=xyz', 70 array( $my_path.'abc.php?abc=def&z=xyz#a', 71 array( $my_path.'abc.php?abc=def&z=xyz#a', 72 array( $my_path.'abc.php?abc=def&z=<script>alert("foo")</script>z#a', 73 array( $my_path.'abc.php?abc=def&z=z#<script>alert("foo")</script>a', 74 array( $my_path.'plugin.php?page=Source/index', 75 array( $my_path.'plugin.php?page=Source/list&id=1', 76 array( $my_path.'plugin.php?page=Source/list&id=1#abc', 77 array( 'http://www.test.my.url/'), 78 */ 79 return $testStrings; 80 } 81 82 } 83 84 85 // FIXME: hardcoced here to avoid external dependencies, should use code in string_api.php 86 function string_do_sanitize_url( $p_url, $p_return_absolute = false ) { 87 $t_url = strip_tags( urldecode( $p_url ) ); 88 89 $t_path = '/'; 90 $t_short_path = '/'; 91 92 $t_pattern = '(?:/*(?P<script>[^\?#]*))(?:\?(?P<query>[^#]*))?(?:#(?P<anchor>[^#]*))?'; 93 94 # Break the given URL into pieces for path, script, query, and anchor 95 $t_type = 0; 96 if ( preg_match( "@^(?P<path>$t_path)$t_pattern\$@", $t_url, $t_matches ) ) { 97 $t_type = 1; 98 } else if ( preg_match( "@^(?P<path>$t_short_path)$t_pattern\$@", $t_url, $t_matches ) ) { 99 $t_type = 2; 100 } else if ( preg_match( "@^(?P<path>)$t_pattern\$@", $t_url, $t_matches ) ) { 101 $t_type = 3; 102 } 103 104 # Check for URL's pointing to other domains 105 if ( 0 == $t_type || empty( $t_matches['script'] ) || 106 3 == $t_type && preg_match( '@(?:[^:]*)?://@', $t_url ) > 0 ) { 107 108 return ( $p_return_absolute ? $t_path . '/' : '' ) . 'index.php'; 109 } 110 111 # Start extracting regex matches 112 $t_script = $t_matches['script']; 113 $t_script_path = $t_matches['path']; 114 115 # Clean/encode query params 116 $t_query = ''; 117 if ( isset( $t_matches['query'] ) ) { 118 $t_pairs = array(); 119 parse_str( html_entity_decode( $t_matches['query'] ), $t_pairs ); 120 121 $t_clean_pairs = array(); 122 foreach( $t_pairs as $t_key => $t_value ) { 123 $t_clean_pairs[] = rawurlencode( $t_key ) . '=' . rawurlencode( $t_value ); 124 } 125 126 if ( !empty( $t_clean_pairs ) ) { 127 $t_query = '?' . join( '&', $t_clean_pairs ); 128 } 129 } 130 131 # encode link anchor 132 $t_anchor = ''; 133 if ( isset( $t_matches['anchor'] ) ) { 134 $t_anchor = '#' . rawurlencode( $t_matches['anchor'] ); 135 } 136 137 # Return an appropriate re-combined URL string 138 if ( $p_return_absolute ) { 139 return $t_path . '/' . $t_script . $t_query . $t_anchor; 140 } else { 141 return ( !empty( $t_script_path ) ? $t_script_path . '/' : '' ) . $t_script . $t_query . $t_anchor; 142 } 143 } 144
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jul 28 15:48:31 2011 | Cross-referenced by PHPXref 0.7 |