function CommonURLUnitTest::testDrupalParseUrl in Drupal 7
Test drupal_parse_url().
File
- modules/
simpletest/ tests/ common.test, line 178 - Tests for common.inc functionality.
Class
- CommonURLUnitTest
- Tests for URL generation functions.
Code
function testDrupalParseUrl() {
// Relative URL.
$url = 'foo/bar?foo=bar&bar=baz&baz#foo';
$result = array(
'path' => 'foo/bar',
'query' => array(
'foo' => 'bar',
'bar' => 'baz',
'baz' => '',
),
'fragment' => 'foo',
);
$this
->assertEqual(drupal_parse_url($url), $result, 'Relative URL parsed correctly.');
// Relative URL that is known to confuse parse_url().
$url = 'foo/bar:1';
$result = array(
'path' => 'foo/bar:1',
'query' => array(),
'fragment' => '',
);
$this
->assertEqual(drupal_parse_url($url), $result, 'Relative URL parsed correctly.');
// Absolute URL.
$url = '/foo/bar?foo=bar&bar=baz&baz#foo';
$result = array(
'path' => '/foo/bar',
'query' => array(
'foo' => 'bar',
'bar' => 'baz',
'baz' => '',
),
'fragment' => 'foo',
);
$this
->assertEqual(drupal_parse_url($url), $result, 'Absolute URL parsed correctly.');
// External URL testing.
$url = 'http://drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
// Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
$this
->assertTrue(url_is_external($url), 'Correctly identified an external URL.');
// External URL without an explicit protocol.
$url = '//drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
$this
->assertTrue(url_is_external($url), 'Correctly identified an external URL without a protocol part.');
// Internal URL starting with a slash.
$url = '/drupal.org';
$this
->assertFalse(url_is_external($url), 'Correctly identified an internal URL with a leading slash.');
// Test the parsing of absolute URLs.
$url = 'http://drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
$result = array(
'path' => 'http://drupal.org/foo/bar',
'query' => array(
'foo' => 'bar',
'bar' => 'baz',
'baz' => '',
),
'fragment' => 'foo',
);
$this
->assertEqual(drupal_parse_url($url), $result, 'External URL parsed correctly.');
// Verify proper parsing of URLs when clean URLs are disabled.
$result = array(
'path' => 'foo/bar',
'query' => array(
'bar' => 'baz',
),
'fragment' => 'foo',
);
// Non-clean URLs #1: Absolute URL generated by url().
$url = $GLOBALS['base_url'] . '/?q=foo/bar&bar=baz#foo';
$this
->assertEqual(drupal_parse_url($url), $result, 'Absolute URL with clean URLs disabled parsed correctly.');
// Non-clean URLs #2: Relative URL generated by url().
$url = '?q=foo/bar&bar=baz#foo';
$this
->assertEqual(drupal_parse_url($url), $result, 'Relative URL with clean URLs disabled parsed correctly.');
// Non-clean URLs #3: URL generated by url() on non-Apache webserver.
$url = 'index.php?q=foo/bar&bar=baz#foo';
$this
->assertEqual(drupal_parse_url($url), $result, 'Relative URL on non-Apache webserver with clean URLs disabled parsed correctly.');
// Test that drupal_parse_url() does not allow spoofing a URL to force a malicious redirect.
$parts = drupal_parse_url('forged:http://cwe.mitre.org/data/definitions/601.html');
$this
->assertFalse(valid_url($parts['path'], TRUE), 'drupal_parse_url() correctly parsed a forged URL.');
}