Changeset 34920 for trunk/tests/phpunit/tests/formatting/EscUrl.php

Timestamp:

10/07/2015 11:38:22 PM (10 years ago)

Author:

johnbillion

Message:

Avoid stripping square brackets from URLs, and instead correctly encode them. Square brackets must be encoded in the path, path parameters, query parameters, and fragment, but must not be encoded in anything up to the domain and port.

Adds tests.

Fixes #16859

File:

• trunk/tests/phpunit/tests/formatting/EscUrl.php (modified) (3 diffs)

trunk/tests/phpunit/tests/formatting/EscUrl.php

@@ -41 +41 @@
 
     function test_all_url_parts() {
-        $url = 'https://user:password@host.example.com:1234/path;p=1?q=2&r=3#fragment';
-        $this->assertEquals( $url, esc_url_raw( $url ) );
-
-        $this->assertEquals( 'https://user:password@host.example.com:1234/path;p=1?q=2&r=3#fragment', esc_url( $url ) );
-
-        $this->assertEquals( 'http://example.com?foo', esc_url( 'http://example.com?foo' ) );
+        $url = 'https://user:pass@host.example.com:1234/path;p=1?query=2&r[]=3#fragment';
+
+        $this->assertEquals( array(
+            'scheme'   => 'https',
+            'host'     => 'host.example.com',
+            'port'     => 1234,
+            'user'     => 'user',
+            'pass'     => 'pass',
+            'path'     => '/path;p=1',
+            'query'    => 'query=2&r[]=3',
+            'fragment' => 'fragment',
+        ), parse_url( $url ) );
+        $this->assertEquals( 'https://user:pass@host.example.com:1234/path;p=1?query=2&r%5B%5D=3#fragment', esc_url_raw( $url ) );
+        $this->assertEquals( 'https://user:pass@host.example.com:1234/path;p=1?query=2&r%5B%5D=3#fragment', esc_url( $url ) );
     }
 
     function test_bare() {
+        $this->assertEquals( 'http://example.com?foo', esc_url( 'example.com?foo' ) );
         $this->assertEquals( 'http://example.com', esc_url( 'example.com' ) );
         $this->assertEquals( 'http://localhost', esc_url( 'localhost' ) );
@@ -127 +136 @@
 
     /**
+     * @ticket 16859
+     */
+    function test_square_brackets() {
+        $this->assertEquals( '/example.php?one%5B%5D=two', esc_url( '/example.php?one[]=two' ) );
+        $this->assertEquals( '?foo%5Bbar%5D=baz', esc_url( '?foo[bar]=baz' ) );
+        $this->assertEquals( '//example.com/?foo%5Bbar%5D=baz', esc_url( '//example.com/?foo[bar]=baz' ) );
+        $this->assertEquals( 'http://example.com/?foo%5Bbar%5D=baz', esc_url( 'example.com/?foo[bar]=baz' ) );
+        $this->assertEquals( 'http://localhost?foo%5Bbar%5D=baz', esc_url( 'localhost?foo[bar]=baz' ) );
+        $this->assertEquals( 'http://example.com/?foo%5Bbar%5D=baz', esc_url( 'http://example.com/?foo[bar]=baz' ) );
+        $this->assertEquals( 'http://example.com/?foo%5Bbar%5D=baz', esc_url( 'http://example.com/?foo%5Bbar%5D=baz' ) );
+        $this->assertEquals( 'http://example.com/?baz=bar&foo%5Bbar%5D=baz', esc_url( 'http://example.com/?baz=bar&foo[bar]=baz' ) );
+        $this->assertEquals( 'http://example.com/?baz=bar&foo%5Bbar%5D=baz', esc_url( 'http://example.com/?baz=bar&foo%5Bbar%5D=baz' ) );
+    }
+
+    /**
+     * Courtesy of http://blog.lunatech.com/2009/02/03/what-every-web-developer-must-know-about-url-encoding
+     */
+    function test_reserved_characters() {
+        $url = "http://example.com/:@-._~!$&'()*+,=;:@-._~!$&'()*+,=:@-._~!$&'()*+,==?/?:@-._~!$%27()*+,;=/?:@-._~!$%27()*+,;==#/?:@-._~!$&'()*+,;=";
+        $this->assertEquals( $url, esc_url_raw( $url ) );
+    }
+
+    /**
      * @ticket 21974
      */
@@ -176 +208 @@
      */
     function test_invalid_charaters() {
-        $this->assertEmpty( esc_url_raw('"^[]<>{}`') );
+        $this->assertEmpty( esc_url_raw('"^<>{}`') );
     }