diff options
| author | Mario <mario@mariovavti.com> | 2022-03-23 18:38:03 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2022-03-23 18:38:03 +0000 |
| commit | a41c7caa182117b2b7b820550cc20dff8be2c0f0 (patch) | |
| tree | 19611241fd496b778c2f412ab9ebcc4fb34843bd /tests | |
| parent | bddeab3ac11efaf786ddb2a6ce3f73d8c06790ab (diff) | |
| parent | b3ca31bce7ed0dd5777458005718ba96985cbdc2 (diff) | |
| download | volse-hubzilla-a41c7caa182117b2b7b820550cc20dff8be2c0f0.tar.gz volse-hubzilla-a41c7caa182117b2b7b820550cc20dff8be2c0f0.tar.bz2 volse-hubzilla-a41c7caa182117b2b7b820550cc20dff8be2c0f0.zip | |
Merge branch 'security-fixes-lfi-xss-open-redirect' into 'dev'
Security fixes
See merge request hubzilla/core!2017
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/unit/AntiXSSTest.php | 20 | ||||
| -rw-r--r-- | tests/unit/includes/NetworkTest.php | 33 |
2 files changed, 53 insertions, 0 deletions
diff --git a/tests/unit/AntiXSSTest.php b/tests/unit/AntiXSSTest.php index b45042a1e..09642726f 100644 --- a/tests/unit/AntiXSSTest.php +++ b/tests/unit/AntiXSSTest.php @@ -24,6 +24,26 @@ class AntiXSSTest extends TestCase { $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); } + /** + * @dataProvider urlTestProvider + */ + public function testEscapeURL($url, $expected) : void { + $this->assertEquals($expected, escape_url($url)); + } + + public function urlTestProvider() : array { + return [ + [ + "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>", + "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>" + ], + [ + "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='", + "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='" + ], + ]; + } + /** *xmlify and unxmlify */ diff --git a/tests/unit/includes/NetworkTest.php b/tests/unit/includes/NetworkTest.php new file mode 100644 index 000000000..0b9b42e00 --- /dev/null +++ b/tests/unit/includes/NetworkTest.php @@ -0,0 +1,33 @@ +<?php +/** + * tests function from include/network.php + * + * @package test.util + */ + +use PHPUnit\Framework\TestCase; + +require_once('include/network.php'); + +class NetworkTest extends TestCase { + + public function setup() : void { + \App::set_baseurl("https://mytest.org"); + } + + /** + * @dataProvider localUrlTestProvider + */ + public function testIsLocalURL($url, $expected) { + $this->assertEquals($expected, is_local_url($url)); + } + + public function localUrlTestProvider() : array { + return [ + [ '/some/path', true ], + [ 'https://mytest.org/some/path', true ], + [ 'https://other.site/some/path', false ], + ]; + } +} + |