Mercurial > hg > isophonics-drupal-site

annotate core/modules/system/src/Tests/Common/UrlTest.php @ 0:4c8ae668cc8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\system\Tests\Common;
Chris@0 4
Chris@0 5 use Drupal\Component\Utility\UrlHelper;
Chris@0 6 use Drupal\Core\Cache\Cache;
Chris@0 7 use Drupal\Core\Language\Language;
Chris@0 8 use Drupal\Core\Render\RenderContext;
Chris@0 9 use Drupal\Core\Url;
Chris@0 10 use Drupal\simpletest\WebTestBase;
Chris@0 11
Chris@0 12 /**
Chris@0 13 * Confirm that \Drupal\Core\Url,
Chris@0 14 * \Drupal\Component\Utility\UrlHelper::filterQueryParameters(),
Chris@0 15 * \Drupal\Component\Utility\UrlHelper::buildQuery(), and
Chris@0 16 * \Drupal\Core\Utility\LinkGeneratorInterface::generate()
Chris@0 17 * work correctly with various input.
Chris@0 18 *
Chris@0 19 * @group Common
Chris@0 20 */
Chris@0 21 class UrlTest extends WebTestBase {
Chris@0 22
Chris@0 23 public static $modules = ['common_test', 'url_alter_test'];
Chris@0 24
Chris@0 25 /**
Chris@0 26 * Confirms that invalid URLs are filtered in link generating functions.
Chris@0 27 */
Chris@0 28 public function testLinkXSS() {
Chris@0 29 // Test \Drupal::l().
Chris@0 30 $text = $this->randomMachineName();
Chris@0 31 $path = "<SCRIPT>alert('XSS')</SCRIPT>";
Chris@0 32 $encoded_path = "3CSCRIPT%3Ealert%28%27XSS%27%29%3C/SCRIPT%3E";
Chris@0 33
Chris@0 34 $link = \Drupal::l($text, Url::fromUserInput('/' . $path));
Chris@0 35 $this->assertTrue(strpos($link, $encoded_path) !== FALSE && strpos($link, $path) === FALSE, format_string('XSS attack @path was filtered by \Drupal\Core\Utility\LinkGeneratorInterface::generate().', ['@path' => $path]));
Chris@0 36
Chris@0 37 // Test \Drupal\Core\Url.
Chris@0 38 $link = Url::fromUri('base:' . $path)->toString();
Chris@0 39 $this->assertTrue(strpos($link, $encoded_path) !== FALSE && strpos($link, $path) === FALSE, format_string('XSS attack @path was filtered by #theme', ['@path' => $path]));
Chris@0 40 }
Chris@0 41
Chris@0 42 /**
Chris@0 43 * Tests that #type=link bubbles outbound route/path processors' metadata.
Chris@0 44 */
Chris@0 45 public function testLinkBubbleableMetadata() {
Chris@0 46 $cases = [
Chris@0 47 ['Regular link', 'internal:/user', [], ['contexts' => [], 'tags' => [], 'max-age' => Cache::PERMANENT], []],
Chris@0 48 ['Regular link, absolute', 'internal:/user', ['absolute' => TRUE], ['contexts' => ['url.site'], 'tags' => [], 'max-age' => Cache::PERMANENT], []],
Chris@0 49 ['Route processor link', 'route:system.run_cron', [], ['contexts' => ['session'], 'tags' => [], 'max-age' => Cache::PERMANENT], ['placeholders' => []]],
Chris@0 50 ['Route processor link, absolute', 'route:system.run_cron', ['absolute' => TRUE], ['contexts' => ['url.site', 'session'], 'tags' => [], 'max-age' => Cache::PERMANENT], ['placeholders' => []]],
Chris@0 51 ['Path processor link', 'internal:/user/1', [], ['contexts' => [], 'tags' => ['user:1'], 'max-age' => Cache::PERMANENT], []],
Chris@0 52 ['Path processor link, absolute', 'internal:/user/1', ['absolute' => TRUE], ['contexts' => ['url.site'], 'tags' => ['user:1'], 'max-age' => Cache::PERMANENT], []],
Chris@0 53 ];
Chris@0 54
Chris@0 55 foreach ($cases as $case) {
Chris@0 56 list($title, $uri, $options, $expected_cacheability, $expected_attachments) = $case;
Chris@0 57 $expected_cacheability['contexts'] = Cache::mergeContexts($expected_cacheability['contexts'], ['languages:language_interface', 'theme', 'user.permissions']);
Chris@0 58 $link = [
Chris@0 59 '#type' => 'link',
Chris@0 60 '#title' => $title,
Chris@0 61 '#options' => $options,
Chris@0 62 '#url' => Url::fromUri($uri),
Chris@0 63 ];
Chris@0 64 \Drupal::service('renderer')->renderRoot($link);
Chris@0 65 $this->pass($title);
Chris@0 66 $this->assertEqual($expected_cacheability, $link['#cache']);
Chris@0 67 $this->assertEqual($expected_attachments, $link['#attached']);
Chris@0 68 }
Chris@0 69 }
Chris@0 70
Chris@0 71 /**
Chris@0 72 * Tests that default and custom attributes are handled correctly on links.
Chris@0 73 */
Chris@0 74 public function testLinkAttributes() {
Chris@0 75 /** @var \Drupal\Core\Render\RendererInterface $renderer */
Chris@0 76 $renderer = $this->container->get('renderer');
Chris@0 77
Chris@0 78 // Test that hreflang is added when a link has a known language.
Chris@0 79 $language = new Language(['id' => 'fr', 'name' => 'French']);
Chris@0 80 $hreflang_link = [
Chris@0 81 '#type' => 'link',
Chris@0 82 '#options' => [
Chris@0 83 'language' => $language,
Chris@0 84 ],
Chris@0 85 '#url' => Url::fromUri('https://www.drupal.org'),
Chris@0 86 '#title' => 'bar',
Chris@0 87 ];
Chris@0 88 $langcode = $language->getId();
Chris@0 89
Chris@0 90 // Test that the default hreflang handling for links does not override a
Chris@0 91 // hreflang attribute explicitly set in the render array.
Chris@0 92 $hreflang_override_link = $hreflang_link;
Chris@0 93 $hreflang_override_link['#options']['attributes']['hreflang'] = 'foo';
Chris@0 94
Chris@0 95 $rendered = $renderer->renderRoot($hreflang_link);
Chris@0 96 $this->assertTrue($this->hasAttribute('hreflang', $rendered, $langcode), format_string('hreflang attribute with value @langcode is present on a rendered link when langcode is provided in the render array.', ['@langcode' => $langcode]));
Chris@0 97
Chris@0 98 $rendered = $renderer->renderRoot($hreflang_override_link);
Chris@0 99 $this->assertTrue($this->hasAttribute('hreflang', $rendered, 'foo'), format_string('hreflang attribute with value @hreflang is present on a rendered link when @hreflang is provided in the render array.', ['@hreflang' => 'foo']));
Chris@0 100
Chris@0 101 // Test the active class in links produced by
Chris@0 102 // \Drupal\Core\Utility\LinkGeneratorInterface::generate() and #type 'link'.
Chris@0 103 $options_no_query = [];
Chris@0 104 $options_query = [
Chris@0 105 'query' => [
Chris@0 106 'foo' => 'bar',
Chris@0 107 'one' => 'two',
Chris@0 108 ],
Chris@0 109 ];
Chris@0 110 $options_query_reverse = [
Chris@0 111 'query' => [
Chris@0 112 'one' => 'two',
Chris@0 113 'foo' => 'bar',
Chris@0 114 ],
Chris@0 115 ];
Chris@0 116
Chris@0 117 // Test #type link.
Chris@0 118 $path = 'common-test/type-link-active-class';
Chris@0 119
Chris@0 120 $this->drupalGet($path, $options_no_query);
Chris@0 121 $links = $this->xpath('//a[@href = :href and contains(@class, :class)]', [':href' => Url::fromRoute('common_test.l_active_class', [], $options_no_query)->toString(), ':class' => 'is-active']);
Chris@0 122 $this->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page is marked active.');
Chris@0 123
Chris@0 124 $links = $this->xpath('//a[@href = :href and not(contains(@class, :class))]', [':href' => Url::fromRoute('common_test.l_active_class', [], $options_query)->toString(), ':class' => 'is-active']);
Chris@0 125 $this->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page with a query string when the current page has no query string is not marked active.');
Chris@0 126
Chris@0 127 $this->drupalGet($path, $options_query);
Chris@0 128 $links = $this->xpath('//a[@href = :href and contains(@class, :class)]', [':href' => Url::fromRoute('common_test.l_active_class', [], $options_query)->toString(), ':class' => 'is-active']);
Chris@0 129 $this->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page with a query string that matches the current query string is marked active.');
Chris@0 130
Chris@0 131 $links = $this->xpath('//a[@href = :href and contains(@class, :class)]', [':href' => Url::fromRoute('common_test.l_active_class', [], $options_query_reverse)->toString(), ':class' => 'is-active']);
Chris@0 132 $this->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page with a query string that has matching parameters to the current query string but in a different order is marked active.');
Chris@0 133
Chris@0 134 $links = $this->xpath('//a[@href = :href and not(contains(@class, :class))]', [':href' => Url::fromRoute('common_test.l_active_class', [], $options_no_query)->toString(), ':class' => 'is-active']);
Chris@0 135 $this->assertTrue(isset($links[0]), 'A link generated by the link generator to the current page without a query string when the current page has a query string is not marked active.');
Chris@0 136
Chris@0 137 // Test adding a custom class in links produced by
Chris@0 138 // \Drupal\Core\Utility\LinkGeneratorInterface::generate() and #type 'link'.
Chris@0 139 // Test the link generator.
Chris@0 140 $class_l = $this->randomMachineName();
Chris@0 141 $link_l = \Drupal::l($this->randomMachineName(), new Url('<current>', [], ['attributes' => ['class' => [$class_l]]]));
Chris@0 142 $this->assertTrue($this->hasAttribute('class', $link_l, $class_l), format_string('Custom class @class is present on link when requested by l()', ['@class' => $class_l]));
Chris@0 143
Chris@0 144 // Test #type.
Chris@0 145 $class_theme = $this->randomMachineName();
Chris@0 146 $type_link = [
Chris@0 147 '#type' => 'link',
Chris@0 148 '#title' => $this->randomMachineName(),
Chris@0 149 '#url' => Url::fromRoute('<current>'),
Chris@0 150 '#options' => [
Chris@0 151 'attributes' => [
Chris@0 152 'class' => [$class_theme],
Chris@0 153 ],
Chris@0 154 ],
Chris@0 155 ];
Chris@0 156 $link_theme = $renderer->renderRoot($type_link);
Chris@0 157 $this->assertTrue($this->hasAttribute('class', $link_theme, $class_theme), format_string('Custom class @class is present on link when requested by #type', ['@class' => $class_theme]));
Chris@0 158 }
Chris@0 159
Chris@0 160 /**
Chris@0 161 * Tests that link functions support render arrays as 'text'.
Chris@0 162 */
Chris@0 163 public function testLinkRenderArrayText() {
Chris@0 164 /** @var \Drupal\Core\Render\RendererInterface $renderer */
Chris@0 165 $renderer = $this->container->get('renderer');
Chris@0 166
Chris@0 167 // Build a link with the link generator for reference.
Chris@0 168 $l = \Drupal::l('foo', Url::fromUri('https://www.drupal.org'));
Chris@0 169
Chris@0 170 // Test a renderable array passed to the link generator.
Chris@0 171 $renderer->executeInRenderContext(new RenderContext(), function () use ($renderer, $l) {
Chris@0 172 $renderable_text = ['#markup' => 'foo'];
Chris@0 173 $l_renderable_text = \Drupal::l($renderable_text, Url::fromUri('https://www.drupal.org'));
Chris@0 174 $this->assertEqual($l_renderable_text, $l);
Chris@0 175 });
Chris@0 176
Chris@0 177 // Test a themed link with plain text 'text'.
Chris@0 178 $type_link_plain_array = [
Chris@0 179 '#type' => 'link',
Chris@0 180 '#title' => 'foo',
Chris@0 181 '#url' => Url::fromUri('https://www.drupal.org'),
Chris@0 182 ];
Chris@0 183 $type_link_plain = $renderer->renderRoot($type_link_plain_array);
Chris@0 184 $this->assertEqual($type_link_plain, $l);
Chris@0 185
Chris@0 186 // Build a themed link with renderable 'text'.
Chris@0 187 $type_link_nested_array = [
Chris@0 188 '#type' => 'link',
Chris@0 189 '#title' => ['#markup' => 'foo'],
Chris@0 190 '#url' => Url::fromUri('https://www.drupal.org'),
Chris@0 191 ];
Chris@0 192 $type_link_nested = $renderer->renderRoot($type_link_nested_array);
Chris@0 193 $this->assertEqual($type_link_nested, $l);
Chris@0 194 }
Chris@0 195
Chris@0 196 /**
Chris@0 197 * Checks for class existence in link.
Chris@0 198 *
Chris@0 199 * @param $link
Chris@0 200 * URL to search.
Chris@0 201 * @param $class
Chris@0 202 * Element class to search for.
Chris@0 203 *
Chris@0 204 * @return bool
Chris@0 205 * TRUE if the class is found, FALSE otherwise.
Chris@0 206 */
Chris@0 207 private function hasAttribute($attribute, $link, $class) {
Chris@0 208 return preg_match('|' . $attribute . '="([^\"\s]+\s+)*' . $class . '|', $link);
Chris@0 209 }
Chris@0 210
Chris@0 211 /**
Chris@0 212 * Tests UrlHelper::filterQueryParameters().
Chris@0 213 */
Chris@0 214 public function testDrupalGetQueryParameters() {
Chris@0 215 $original = [
Chris@0 216 'a' => 1,
Chris@0 217 'b' => [
Chris@0 218 'd' => 4,
Chris@0 219 'e' => [
Chris@0 220 'f' => 5,
Chris@0 221 ],
Chris@0 222 ],
Chris@0 223 'c' => 3,
Chris@0 224 ];
Chris@0 225
Chris@0 226 // First-level exclusion.
Chris@0 227 $result = $original;
Chris@0 228 unset($result['b']);
Chris@0 229 $this->assertEqual(UrlHelper::filterQueryParameters($original, ['b']), $result, "'b' was removed.");
Chris@0 230
Chris@0 231 // Second-level exclusion.
Chris@0 232 $result = $original;
Chris@0 233 unset($result['b']['d']);
Chris@0 234 $this->assertEqual(UrlHelper::filterQueryParameters($original, ['b[d]']), $result, "'b[d]' was removed.");
Chris@0 235
Chris@0 236 // Third-level exclusion.
Chris@0 237 $result = $original;
Chris@0 238 unset($result['b']['e']['f']);
Chris@0 239 $this->assertEqual(UrlHelper::filterQueryParameters($original, ['b[e][f]']), $result, "'b[e][f]' was removed.");
Chris@0 240
Chris@0 241 // Multiple exclusions.
Chris@0 242 $result = $original;
Chris@0 243 unset($result['a'], $result['b']['e'], $result['c']);
Chris@0 244 $this->assertEqual(UrlHelper::filterQueryParameters($original, ['a', 'b[e]', 'c']), $result, "'a', 'b[e]', 'c' were removed.");
Chris@0 245 }
Chris@0 246
Chris@0 247 /**
Chris@0 248 * Tests UrlHelper::parse().
Chris@0 249 */
Chris@0 250 public function testDrupalParseUrl() {
Chris@0 251 // Relative, absolute, and external URLs, without/with explicit script path,
Chris@0 252 // without/with Drupal path.
Chris@0 253 foreach (['', '/', 'https://www.drupal.org/'] as $absolute) {
Chris@0 254 foreach (['', 'index.php/'] as $script) {
Chris@0 255 foreach (['', 'foo/bar'] as $path) {
Chris@0 256 $url = $absolute . $script . $path . '?foo=bar&bar=baz&baz#foo';
Chris@0 257 $expected = [
Chris@0 258 'path' => $absolute . $script . $path,
Chris@0 259 'query' => ['foo' => 'bar', 'bar' => 'baz', 'baz' => ''],
Chris@0 260 'fragment' => 'foo',
Chris@0 261 ];
Chris@0 262 $this->assertEqual(UrlHelper::parse($url), $expected, 'URL parsed correctly.');
Chris@0 263 }
Chris@0 264 }
Chris@0 265 }
Chris@0 266
Chris@0 267 // Relative URL that is known to confuse parse_url().
Chris@0 268 $url = 'foo/bar:1';
Chris@0 269 $result = [
Chris@0 270 'path' => 'foo/bar:1',
Chris@0 271 'query' => [],
Chris@0 272 'fragment' => '',
Chris@0 273 ];
Chris@0 274 $this->assertEqual(UrlHelper::parse($url), $result, 'Relative URL parsed correctly.');
Chris@0 275
Chris@0 276 // Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
Chris@0 277 $url = 'https://www.drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
Chris@0 278 $this->assertTrue(UrlHelper::isExternal($url), 'Correctly identified an external URL.');
Chris@0 279
Chris@0 280 // Test that UrlHelper::parse() does not allow spoofing a URL to force a malicious redirect.
Chris@0 281 $parts = UrlHelper::parse('forged:http://cwe.mitre.org/data/definitions/601.html');
Chris@0 282 $this->assertFalse(UrlHelper::isValid($parts['path'], TRUE), '\Drupal\Component\Utility\UrlHelper::isValid() correctly parsed a forged URL.');
Chris@0 283 }
Chris@0 284
Chris@0 285 /**
Chris@0 286 * Tests external URL handling.
Chris@0 287 */
Chris@0 288 public function testExternalUrls() {
Chris@0 289 $test_url = 'https://www.drupal.org/';
Chris@0 290
Chris@0 291 // Verify external URL can contain a fragment.
Chris@0 292 $url = $test_url . '#drupal';
Chris@0 293 $result = Url::fromUri($url)->toString();
Chris@0 294 $this->assertEqual($url, $result, 'External URL with fragment works without a fragment in $options.');
Chris@0 295
Chris@0 296 // Verify fragment can be overridden in an external URL.
Chris@0 297 $url = $test_url . '#drupal';
Chris@0 298 $fragment = $this->randomMachineName(10);
Chris@0 299 $result = Url::fromUri($url, ['fragment' => $fragment])->toString();
Chris@0 300 $this->assertEqual($test_url . '#' . $fragment, $result, 'External URL fragment is overridden with a custom fragment in $options.');
Chris@0 301
Chris@0 302 // Verify external URL can contain a query string.
Chris@0 303 $url = $test_url . '?drupal=awesome';
Chris@0 304 $result = Url::fromUri($url)->toString();
Chris@0 305 $this->assertEqual($url, $result);
Chris@0 306
Chris@0 307 // Verify external URL can be extended with a query string.
Chris@0 308 $url = $test_url;
Chris@0 309 $query = [$this->randomMachineName(5) => $this->randomMachineName(5)];
Chris@0 310 $result = Url::fromUri($url, ['query' => $query])->toString();
Chris@0 311 $this->assertEqual($url . '?' . http_build_query($query, '', '&'), $result, 'External URL can be extended with a query string in $options.');
Chris@0 312
Chris@0 313 // Verify query string can be extended in an external URL.
Chris@0 314 $url = $test_url . '?drupal=awesome';
Chris@0 315 $query = [$this->randomMachineName(5) => $this->randomMachineName(5)];
Chris@0 316 $result = Url::fromUri($url, ['query' => $query])->toString();
Chris@0 317 $this->assertEqual($url . '&' . http_build_query($query, '', '&'), $result);
Chris@0 318 }
Chris@0 319
Chris@0 320 }