You are here

function CommonURLUnitTest::testDrupalParseUrl in Drupal 7

Test drupal_parse_url().

File

modules/simpletest/tests/common.test, line 178
Tests for common.inc functionality.

Class

CommonURLUnitTest
Tests for URL generation functions.

Code

function testDrupalParseUrl() {

  // Relative URL.
  $url = 'foo/bar?foo=bar&bar=baz&baz#foo';
  $result = array(
    'path' => 'foo/bar',
    'query' => array(
      'foo' => 'bar',
      'bar' => 'baz',
      'baz' => '',
    ),
    'fragment' => 'foo',
  );
  $this
    ->assertEqual(drupal_parse_url($url), $result, 'Relative URL parsed correctly.');

  // Relative URL that is known to confuse parse_url().
  $url = 'foo/bar:1';
  $result = array(
    'path' => 'foo/bar:1',
    'query' => array(),
    'fragment' => '',
  );
  $this
    ->assertEqual(drupal_parse_url($url), $result, 'Relative URL parsed correctly.');

  // Absolute URL.
  $url = '/foo/bar?foo=bar&bar=baz&baz#foo';
  $result = array(
    'path' => '/foo/bar',
    'query' => array(
      'foo' => 'bar',
      'bar' => 'baz',
      'baz' => '',
    ),
    'fragment' => 'foo',
  );
  $this
    ->assertEqual(drupal_parse_url($url), $result, 'Absolute URL parsed correctly.');

  // External URL testing.
  $url = 'http://drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';

  // Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
  $this
    ->assertTrue(url_is_external($url), 'Correctly identified an external URL.');

  // External URL without an explicit protocol.
  $url = '//drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
  $this
    ->assertTrue(url_is_external($url), 'Correctly identified an external URL without a protocol part.');

  // Internal URL starting with a slash.
  $url = '/drupal.org';
  $this
    ->assertFalse(url_is_external($url), 'Correctly identified an internal URL with a leading slash.');

  // Test the parsing of absolute URLs.
  $url = 'http://drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
  $result = array(
    'path' => 'http://drupal.org/foo/bar',
    'query' => array(
      'foo' => 'bar',
      'bar' => 'baz',
      'baz' => '',
    ),
    'fragment' => 'foo',
  );
  $this
    ->assertEqual(drupal_parse_url($url), $result, 'External URL parsed correctly.');

  // Verify proper parsing of URLs when clean URLs are disabled.
  $result = array(
    'path' => 'foo/bar',
    'query' => array(
      'bar' => 'baz',
    ),
    'fragment' => 'foo',
  );

  // Non-clean URLs #1: Absolute URL generated by url().
  $url = $GLOBALS['base_url'] . '/?q=foo/bar&bar=baz#foo';
  $this
    ->assertEqual(drupal_parse_url($url), $result, 'Absolute URL with clean URLs disabled parsed correctly.');

  // Non-clean URLs #2: Relative URL generated by url().
  $url = '?q=foo/bar&bar=baz#foo';
  $this
    ->assertEqual(drupal_parse_url($url), $result, 'Relative URL with clean URLs disabled parsed correctly.');

  // Non-clean URLs #3: URL generated by url() on non-Apache webserver.
  $url = 'index.php?q=foo/bar&bar=baz#foo';
  $this
    ->assertEqual(drupal_parse_url($url), $result, 'Relative URL on non-Apache webserver with clean URLs disabled parsed correctly.');

  // Test that drupal_parse_url() does not allow spoofing a URL to force a malicious redirect.
  $parts = drupal_parse_url('forged:http://cwe.mitre.org/data/definitions/601.html');
  $this
    ->assertFalse(valid_url($parts['path'], TRUE), 'drupal_parse_url() correctly parsed a forged URL.');
}