[3.1.1] Implement %URI.SecureMunge and %URI.SecureMungeSecretKey, thanks Chris!

- URIFilter->prepare can return false in order to abort loading of the filter - Implemented post URI filtering. Set member variable $post to true to set a URIFilter as such. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1772 48356398-32a2-884e-a903-53898d9a118a
2025-07-31 11:20:13 +02:00 · 2008-05-26 16:26:47 +00:00
parent 3c4346cb1e
commit 322288e6c0
17 changed files with 215 additions and 28 deletions
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@@ -83,6 +83,8 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        $uri_def = new HTMLPurifier_URIDefinitionMock();
        $uri_def->expectOnce('filter', array($uri, '*', '*'));
        $uri_def->setReturnValue('filter', true, array($uri, '*', '*'));
+        $uri_def->expectOnce('postFilter', array($uri, '*', '*'));
+        $uri_def->setReturnValue('postFilter', true, array($uri, '*', '*'));
        $uri_def->setup = true;
        
        // Since definitions are no longer passed by reference, we need
--- a/tests/HTMLPurifier/URIDefinitionTest.php
+++ b/tests/HTMLPurifier/URIDefinitionTest.php
@@ -3,14 +3,16 @@
 class HTMLPurifier_URIDefinitionTest extends HTMLPurifier_URIHarness
 {
    
-    protected function createFilterMock($expect = true, $result = true) {
+    protected function createFilterMock($expect = true, $result = true, $post = false, $setup = true) {
        static $i = 0;
        generate_mock_once('HTMLPurifier_URIFilter');
        $mock = new HTMLPurifier_URIFilterMock();
        if ($expect) $mock->expectOnce('filter');
        else $mock->expectNever('filter');
        $mock->setReturnValue('filter', $result);
+        $mock->setReturnValue('prepare', $setup);
        $mock->name = $i++;
+        $mock->post = $post;
        return $mock;
    }
    
--- a/tests/HTMLPurifier/URIFilter/SecureMungeTest.php
+++ b/tests/HTMLPurifier/URIFilter/SecureMungeTest.php
@@ -0,0 +1,49 @@
+<?php
+
+class HTMLPurifier_URIFilter_SecureMungeTest extends HTMLPurifier_URIFilterHarness
+{
+    
+    function setUp() {
+        parent::setUp();
+        $this->filter = new HTMLPurifier_URIFilter_SecureMunge();
+        $this->setSecureMunge();
+        $this->setSecretKey();
+    }
+    
+    function setSecureMunge($uri = '/redirect.php?url=%s&checksum=%t') {
+        $this->config->set('URI', 'SecureMunge', $uri);
+    }
+    
+    function setSecretKey($key = 'secret') {
+        $this->config->set('URI', 'SecureMungeSecretKey', $key);
+    }
+    
+    function testPreserve() {
+        $this->assertFiltering('/local');
+    }
+    
+    function testStandardMunge() {
+        $this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=0072e2f817fd2844825def74e54443debecf0892');
+    }
+    
+    function testIgnoreUnknownSchemes() {
+        // This should be integration tested as well to be false
+        $this->assertFiltering('javascript:', true);
+    }
+    
+    function testIgnoreUnbrowsableSchemes() {
+        $this->assertFiltering('news:', true);
+    }
+    
+    function testMungeToDirectory() {
+        $this->setSecureMunge('/links/%s/%t');
+        $this->assertFiltering('http://google.com', '/links/http%3A%2F%2Fgoogle.com/0072e2f817fd2844825def74e54443debecf0892');
+    }
+    
+    function testErrorNoSecretKey() {
+        $this->setSecretKey(null);
+        $this->expectError('URI.SecureMunge is being ignored due to lack of value for URI.SecureMungeSecretKey');
+        $this->assertFiltering('http://google.com');
+    }
+    
+}