From 8cf115081e7a168eb3f3c74b279dac7f4e258287 Mon Sep 17 00:00:00 2001 From: cash Date: Thu, 10 Nov 2011 21:24:47 -0500 Subject: Fixes #4010 not sending naked query strings into add ajax tokens and also fixed a few related bugs in JavaScript --- js/tests/ElggLibTest.js | 22 ++++++++++++++++++++++ js/tests/ElggSecurityTest.js | 40 ++++++++++++++++++++++++++++++++-------- 2 files changed, 54 insertions(+), 8 deletions(-) (limited to 'js/tests') diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js index c53c6331d..a29ebf743 100644 --- a/js/tests/ElggLibTest.js +++ b/js/tests/ElggLibTest.js @@ -105,3 +105,25 @@ ElggLibTest.prototype.testNormalizeUrl = function() { assertEquals(args[1], elgg.normalize_url(args[0])); }); }; + +ElggLibTest.prototype.testParseUrl = function() { + + [ + ["http://www.elgg.org/test/", {'scheme': 'http', 'host': 'www.elgg.org', 'path': '/test/'}], + ["https://www.elgg.org/test/", {'scheme': 'https', 'host': 'www.elgg.org', 'path': '/test/'}], + ["ftp://www.elgg.org/test/", {'scheme': 'ftp', 'host': 'www.elgg.org', 'path': '/test/'}], + ["http://elgg.org/test?val1=one&val2=two", {'scheme': 'http', 'host': 'elgg.org', 'path': '/test', 'query': 'val1=one&val2=two'}], + ["http://elgg.org:8080/", {'scheme': 'http', 'host': 'elgg.org', 'port': 8080, 'path': '/'}], + ["http://elgg.org/test#there", {'scheme': 'http', 'host': 'elgg.org', 'path': '/test', 'fragment': 'there'}], + + ["test?val=one", {'host': 'test', 'query': 'val=one'}], + ["?val=one", {'query': 'val=one'}], + + ["mailto:joe@elgg.org", {'scheme': 'mailto', 'path': 'joe@elgg.org'}], + ["javascript:load()", {'scheme': 'javascript', 'path': 'load()'}] + + ].forEach(function(args) { + assertEquals(args[1], elgg.parse_url(args[0])); + }); +}; + diff --git a/js/tests/ElggSecurityTest.js b/js/tests/ElggSecurityTest.js index c7309d55f..107c0adbd 100644 --- a/js/tests/ElggSecurityTest.js +++ b/js/tests/ElggSecurityTest.js @@ -26,16 +26,42 @@ ElggSecurityTest.prototype.testAddTokenAcceptsObject = function() { assertEquals(expected, elgg.security.addToken(input)); }; -ElggSecurityTest.prototype.testAddTokenAcceptsString = function() { +ElggSecurityTest.prototype.testAddTokenAcceptsRelativeUrl = function() { var input, str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; - - input = ""; - assertEquals('?' + str, elgg.security.addToken(input)); - + + input = "test"; + assertEquals(input + '?' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAcceptsFullUrl = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + + input = "http://elgg.org/"; + assertEquals(input + '?' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAcceptsQueryString = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + input = "?data=sofar"; assertEquals(input + '&' + str, elgg.security.addToken(input)); - + + input = "test?data=sofar"; + assertEquals(input + '&' + str, elgg.security.addToken(input)); + + input = "http://elgg.org/?data=sofar"; + assertEquals(input + '&' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAlreadyAdded = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + + input = "http://elgg.org/?" + str + "&data=sofar"; + assertEquals(input, elgg.security.addToken(input)); }; ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() { @@ -47,5 +73,3 @@ ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() { elgg.security.setToken(json); assertEquals(json, elgg.security.token); }; - - -- cgit v1.2.3