You are here

function UrlTest::testDrupalParseUrl in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/system/src/Tests/Common/UrlTest.php \Drupal\system\Tests\Common\UrlTest::testDrupalParseUrl()

Tests UrlHelper::parse().

File

core/modules/system/src/Tests/Common/UrlTest.php, line 255
Contains \Drupal\system\Tests\Common\UrlTest.

Class

UrlTest
Confirm that \Drupal\Core\Url, \Drupal\Component\Utility\UrlHelper::filterQueryParameters(), \Drupal\Component\Utility\UrlHelper::buildQuery(), and \Drupal\Core\Utility\LinkGeneratorInterface::generate() work correctly with various input.

Namespace

Drupal\system\Tests\Common

Code

function testDrupalParseUrl() {

  // Relative, absolute, and external URLs, without/with explicit script path,
  // without/with Drupal path.
  foreach (array(
    '',
    '/',
    'https://www.drupal.org/',
  ) as $absolute) {
    foreach (array(
      '',
      'index.php/',
    ) as $script) {
      foreach (array(
        '',
        'foo/bar',
      ) as $path) {
        $url = $absolute . $script . $path . '?foo=bar&bar=baz&baz#foo';
        $expected = array(
          'path' => $absolute . $script . $path,
          'query' => array(
            'foo' => 'bar',
            'bar' => 'baz',
            'baz' => '',
          ),
          'fragment' => 'foo',
        );
        $this
          ->assertEqual(UrlHelper::parse($url), $expected, 'URL parsed correctly.');
      }
    }
  }

  // Relative URL that is known to confuse parse_url().
  $url = 'foo/bar:1';
  $result = array(
    'path' => 'foo/bar:1',
    'query' => array(),
    'fragment' => '',
  );
  $this
    ->assertEqual(UrlHelper::parse($url), $result, 'Relative URL parsed correctly.');

  // Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
  $url = 'https://www.drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
  $this
    ->assertTrue(UrlHelper::isExternal($url), 'Correctly identified an external URL.');

  // Test that UrlHelper::parse() does not allow spoofing a URL to force a malicious redirect.
  $parts = UrlHelper::parse('forged:http://cwe.mitre.org/data/definitions/601.html');
  $this
    ->assertFalse(UrlHelper::isValid($parts['path'], TRUE), '\\Drupal\\Component\\Utility\\UrlHelper::isValid() correctly parsed a forged URL.');
}