View source
<?php
namespace Drupal\Tests\system\Functional\Common;
use Drupal\Component\Render\FormattableMarkup;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Language\Language;
use Drupal\Core\Link;
use Drupal\Core\Render\RenderContext;
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase;
class UrlTest extends BrowserTestBase {
public static $modules = [
'common_test',
'url_alter_test',
];
protected $defaultTheme = 'stark';
public function testLinkXSS() {
$text = $this
->randomMachineName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$encoded_path = "3CSCRIPT%3Ealert%28%27XSS%27%29%3C/SCRIPT%3E";
$link = Link::fromTextAndUrl($text, Url::fromUserInput('/' . $path))
->toString();
$this
->assertStringContainsString($encoded_path, $link, new FormattableMarkup('XSS attack @path was filtered by \\Drupal\\Core\\Utility\\LinkGeneratorInterface::generate().', [
'@path' => $path,
]));
$this
->assertStringNotContainsString($path, $link, new FormattableMarkup('XSS attack @path was filtered by \\Drupal\\Core\\Utility\\LinkGeneratorInterface::generate().', [
'@path' => $path,
]));
$link = Url::fromUri('base:' . $path)
->toString();
$this
->assertStringContainsString($encoded_path, $link, new FormattableMarkup('XSS attack @path was filtered by #theme', [
'@path' => $path,
]));
$this
->assertStringNotContainsString($path, $link, new FormattableMarkup('XSS attack @path was filtered by #theme', [
'@path' => $path,
]));
}
public function testLinkBubbleableMetadata() {
$cases = [
[
'Regular link',
'internal:/user',
[],
[
'contexts' => [],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[],
],
[
'Regular link, absolute',
'internal:/user',
[
'absolute' => TRUE,
],
[
'contexts' => [
'url.site',
],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[],
],
[
'Route processor link',
'route:system.run_cron',
[],
[
'contexts' => [
'session',
],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[
'placeholders' => [],
],
],
[
'Route processor link, absolute',
'route:system.run_cron',
[
'absolute' => TRUE,
],
[
'contexts' => [
'url.site',
'session',
],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[
'placeholders' => [],
],
],
[
'Path processor link',
'internal:/user/1',
[],
[
'contexts' => [],
'tags' => [
'user:1',
],
'max-age' => Cache::PERMANENT,
],
[],
],
[
'Path processor link, absolute',
'internal:/user/1',
[
'absolute' => TRUE,
],
[
'contexts' => [
'url.site',
],
'tags' => [
'user:1',
],
'max-age' => Cache::PERMANENT,
],
[],
],
];
foreach ($cases as $case) {
list($title, $uri, $options, $expected_cacheability, $expected_attachments) = $case;
$expected_cacheability['contexts'] = Cache::mergeContexts($expected_cacheability['contexts'], [
'languages:language_interface',
'theme',
'user.permissions',
]);
$link = [
'#type' => 'link',
'#title' => $title,
'#options' => $options,
'#url' => Url::fromUri($uri),
];
\Drupal::service('renderer')
->renderRoot($link);
$this
->assertEqual($expected_cacheability, $link['#cache']);
$this
->assertEqual($expected_attachments, $link['#attached']);
}
}
public function testLinkAttributes() {
$renderer = $this->container
->get('renderer');
$language = new Language([
'id' => 'fr',
'name' => 'French',
]);
$hreflang_link = [
'#type' => 'link',
'#options' => [
'language' => $language,
],
'#url' => Url::fromUri('https://www.drupal.org'),
'#title' => 'bar',
];
$langcode = $language
->getId();
$hreflang_override_link = $hreflang_link;
$hreflang_override_link['#options']['attributes']['hreflang'] = 'foo';
$rendered = $renderer
->renderRoot($hreflang_link);
$this
->assertTrue($this
->hasAttribute('hreflang', $rendered, $langcode), new FormattableMarkup('hreflang attribute with value @langcode is present on a rendered link when langcode is provided in the render array.', [
'@langcode' => $langcode,
]));
$rendered = $renderer
->renderRoot($hreflang_override_link);
$this
->assertTrue($this
->hasAttribute('hreflang', $rendered, 'foo'), new FormattableMarkup('hreflang attribute with value @hreflang is present on a rendered link when @hreflang is provided in the render array.', [
'@hreflang' => 'foo',
]));
$options_no_query = [];
$options_query = [
'query' => [
'foo' => 'bar',
'one' => 'two',
],
];
$options_query_reverse = [
'query' => [
'one' => 'two',
'foo' => 'bar',
],
];
$path = 'common-test/type-link-active-class';
$this
->drupalGet($path, $options_no_query);
$links = $this
->xpath('//a[@href = :href and contains(@class, :class)]', [
':href' => Url::fromRoute('common_test.l_active_class', [], $options_no_query)
->toString(),
':class' => 'is-active',
]);
$this
->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page is marked active.');
$links = $this
->xpath('//a[@href = :href and not(contains(@class, :class))]', [
':href' => Url::fromRoute('common_test.l_active_class', [], $options_query)
->toString(),
':class' => 'is-active',
]);
$this
->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page with a query string when the current page has no query string is not marked active.');
$this
->drupalGet($path, $options_query);
$links = $this
->xpath('//a[@href = :href and contains(@class, :class)]', [
':href' => Url::fromRoute('common_test.l_active_class', [], $options_query)
->toString(),
':class' => 'is-active',
]);
$this
->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page with a query string that matches the current query string is marked active.');
$links = $this
->xpath('//a[@href = :href and contains(@class, :class)]', [
':href' => Url::fromRoute('common_test.l_active_class', [], $options_query_reverse)
->toString(),
':class' => 'is-active',
]);
$this
->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page with a query string that has matching parameters to the current query string but in a different order is marked active.');
$links = $this
->xpath('//a[@href = :href and not(contains(@class, :class))]', [
':href' => Url::fromRoute('common_test.l_active_class', [], $options_no_query)
->toString(),
':class' => 'is-active',
]);
$this
->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page without a query string when the current page has a query string is not marked active.');
$class_l = $this
->randomMachineName();
$link_l = Link::fromTextAndUrl($this
->randomMachineName(), Url::fromRoute('<current>', [], [
'attributes' => [
'class' => [
$class_l,
],
],
]))
->toString();
$this
->assertTrue($this
->hasAttribute('class', $link_l, $class_l), new FormattableMarkup('Custom class @class is present on link when requested by Link::toString()', [
'@class' => $class_l,
]));
$class_theme = $this
->randomMachineName();
$type_link = [
'#type' => 'link',
'#title' => $this
->randomMachineName(),
'#url' => Url::fromRoute('<current>'),
'#options' => [
'attributes' => [
'class' => [
$class_theme,
],
],
],
];
$link_theme = $renderer
->renderRoot($type_link);
$this
->assertTrue($this
->hasAttribute('class', $link_theme, $class_theme), new FormattableMarkup('Custom class @class is present on link when requested by #type', [
'@class' => $class_theme,
]));
}
public function testLinkRenderArrayText() {
$renderer = $this->container
->get('renderer');
$l = Link::fromTextAndUrl('foo', Url::fromUri('https://www.drupal.org'))
->toString();
$renderer
->executeInRenderContext(new RenderContext(), function () use ($renderer, $l) {
$renderable_text = [
'#markup' => 'foo',
];
$l_renderable_text = \Drupal::service('link_generator')
->generate($renderable_text, Url::fromUri('https://www.drupal.org'));
$this
->assertEqual($l_renderable_text, $l);
});
$type_link_plain_array = [
'#type' => 'link',
'#title' => 'foo',
'#url' => Url::fromUri('https://www.drupal.org'),
];
$type_link_plain = $renderer
->renderRoot($type_link_plain_array);
$this
->assertEqual($type_link_plain, $l);
$type_link_nested_array = [
'#type' => 'link',
'#title' => [
'#markup' => 'foo',
],
'#url' => Url::fromUri('https://www.drupal.org'),
];
$type_link_nested = $renderer
->renderRoot($type_link_nested_array);
$this
->assertEqual($type_link_nested, $l);
}
private function hasAttribute($attribute, $link, $class) {
return (bool) preg_match('|' . $attribute . '="([^\\"\\s]+\\s+)*' . $class . '|', $link);
}
public function testDrupalGetQueryParameters() {
$original = [
'a' => 1,
'b' => [
'd' => 4,
'e' => [
'f' => 5,
],
],
'c' => 3,
];
$result = $original;
unset($result['b']);
$this
->assertEqual(UrlHelper::filterQueryParameters($original, [
'b',
]), $result, "'b' was removed.");
$result = $original;
unset($result['b']['d']);
$this
->assertEqual(UrlHelper::filterQueryParameters($original, [
'b[d]',
]), $result, "'b[d]' was removed.");
$result = $original;
unset($result['b']['e']['f']);
$this
->assertEqual(UrlHelper::filterQueryParameters($original, [
'b[e][f]',
]), $result, "'b[e][f]' was removed.");
$result = $original;
unset($result['a'], $result['b']['e'], $result['c']);
$this
->assertEqual(UrlHelper::filterQueryParameters($original, [
'a',
'b[e]',
'c',
]), $result, "'a', 'b[e]', 'c' were removed.");
}
public function testDrupalParseUrl() {
foreach ([
'',
'/',
'https://www.drupal.org/',
] as $absolute) {
foreach ([
'',
'index.php/',
] as $script) {
foreach ([
'',
'foo/bar',
] as $path) {
$url = $absolute . $script . $path . '?foo=bar&bar=baz&baz#foo';
$expected = [
'path' => $absolute . $script . $path,
'query' => [
'foo' => 'bar',
'bar' => 'baz',
'baz' => '',
],
'fragment' => 'foo',
];
$this
->assertEqual(UrlHelper::parse($url), $expected, 'URL parsed correctly.');
}
}
}
$url = 'foo/bar:1';
$result = [
'path' => 'foo/bar:1',
'query' => [],
'fragment' => '',
];
$this
->assertEqual(UrlHelper::parse($url), $result, 'Relative URL parsed correctly.');
$url = 'https://www.drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
$this
->assertTrue(UrlHelper::isExternal($url), 'Correctly identified an external URL.');
$parts = UrlHelper::parse('forged:http://cwe.mitre.org/data/definitions/601.html');
$this
->assertFalse(UrlHelper::isValid($parts['path'], TRUE), '\\Drupal\\Component\\Utility\\UrlHelper::isValid() correctly parsed a forged URL.');
}
public function testExternalUrls() {
$test_url = 'https://www.drupal.org/';
$url = $test_url . '#drupal';
$result = Url::fromUri($url)
->toString();
$this
->assertEqual($url, $result, 'External URL with fragment works without a fragment in $options.');
$url = $test_url . '#drupal';
$fragment = $this
->randomMachineName(10);
$result = Url::fromUri($url, [
'fragment' => $fragment,
])
->toString();
$this
->assertEqual($test_url . '#' . $fragment, $result, 'External URL fragment is overridden with a custom fragment in $options.');
$url = $test_url . '?drupal=awesome';
$result = Url::fromUri($url)
->toString();
$this
->assertEqual($url, $result);
$url = $test_url . '?120=1';
$result = Url::fromUri($url)
->toString();
$this
->assertEqual($url, $result);
$url = $test_url;
$query = [
'awesome' => 'drupal',
];
$result = Url::fromUri($url, [
'query' => $query,
])
->toString();
$this
->assertSame('https://www.drupal.org/?awesome=drupal', $result);
$url = $test_url . '?drupal=awesome';
$query = [
'awesome' => 'drupal',
];
$result = Url::fromUri($url, [
'query' => $query,
])
->toString();
$this
->assertEqual('https://www.drupal.org/?drupal=awesome&awesome=drupal', $result);
}
}