function CommonURLUnitTest::testDrupalParseUrl

7.x common.test CommonURLUnitTest::testDrupalParseUrl()

Test drupal_parse_url().

File

drupal-7.x/modules/simpletest/tests/common.test, line 178
Tests for common.inc functionality.

Class

CommonURLUnitTest
Tests for URL generation functions.

Code

function testDrupalParseUrl() {
  // Relative URL.
  $url = 'foo/bar?foo=bar&bar=baz&baz#foo';
  $result = array(
    'path' => 'foo/bar',
    'query' => array('foo' => 'bar', 'bar' => 'baz', 'baz' => ''),
    'fragment' => 'foo',
  );
  $this->assertEqual(drupal_parse_url($url), $result, 'Relative URL parsed correctly.');

  // Relative URL that is known to confuse parse_url().
  $url = 'foo/bar:1';
  $result = array(
    'path' => 'foo/bar:1',
    'query' => array(),
    'fragment' => '',
  );
  $this->assertEqual(drupal_parse_url($url), $result, 'Relative URL parsed correctly.');

  // Absolute URL.
  $url = '/foo/bar?foo=bar&bar=baz&baz#foo';
  $result = array(
    'path' => '/foo/bar',
    'query' => array('foo' => 'bar', 'bar' => 'baz', 'baz' => ''),
    'fragment' => 'foo',
  );
  $this->assertEqual(drupal_parse_url($url), $result, 'Absolute URL parsed correctly.');

  // External URL testing.
  $url = 'http://drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';

  // Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
  $this->assertTrue(url_is_external($url), 'Correctly identified an external URL.');

  // Test the parsing of absolute URLs.
  $result = array(
    'path' => 'http://drupal.org/foo/bar',
    'query' => array('foo' => 'bar', 'bar' => 'baz', 'baz' => ''),
    'fragment' => 'foo',
  );
  $this->assertEqual(drupal_parse_url($url), $result, 'External URL parsed correctly.');

  // Verify proper parsing of URLs when clean URLs are disabled.
  $result = array(
    'path' => 'foo/bar',
    'query' => array('bar' => 'baz'),
    'fragment' => 'foo',
  );
  // Non-clean URLs #1: Absolute URL generated by url().
  $url = $GLOBALS['base_url'] . '/?q=foo/bar&bar=baz#foo';
  $this->assertEqual(drupal_parse_url($url), $result, 'Absolute URL with clean URLs disabled parsed correctly.');

  // Non-clean URLs #2: Relative URL generated by url().
  $url = '?q=foo/bar&bar=baz#foo';
  $this->assertEqual(drupal_parse_url($url), $result, 'Relative URL with clean URLs disabled parsed correctly.');

  // Non-clean URLs #3: URL generated by url() on non-Apache webserver.
  $url = 'index.php?q=foo/bar&bar=baz#foo';
  $this->assertEqual(drupal_parse_url($url), $result, 'Relative URL on non-Apache webserver with clean URLs disabled parsed correctly.');

  // Test that drupal_parse_url() does not allow spoofing a URL to force a malicious redirect.
  $parts = drupal_parse_url('forged:http://cwe.mitre.org/data/definitions/601.html');
  $this->assertFalse(valid_url($parts['path'], TRUE), 'drupal_parse_url() correctly parsed a forged URL.');
}