begin bookmark model class with URL validation method

author: Christian Weiske <cweiske@cweiske.de> 2011-05-03 09:14:32 +0200
committer: Christian Weiske <cweiske@cweiske.de> 2011-05-03 09:14:32 +0200
commit: 2077464d464e485a978166604faf158b654fb0cb (patch)
tree: 13bd87a71a4688fab923ac2e1d0305de3925997e
parent: 40b4674e471f8b0fbdc77a26eec86018e2ab03ea (diff)
download: semanticscuttle-2077464d464e485a978166604faf158b654fb0cb.tar.gz
semanticscuttle-2077464d464e485a978166604faf158b654fb0cb.tar.bz2
4 files changed, 119 insertions, 0 deletions
diff --git a/data/config.default.php b/data/config.default.php
index af79891..b2c7307 100644
--- a/data/config.default.php
+++ b/data/config.default.php
@@ -463,6 +463,21 @@ $filetypes = array(
 );
 
 /**
+ * Link protocols that are allowed for newly added bookmarks.
+ * This prevents i.e. adding javascript: links.
+ *
+ * @link http://en.wikipedia.org/wiki/URI_scheme
+ *
+ * @var array
+ */
+$allowedProtocols = array(
+    'ftp', 'ftps',
+    'http', 'https',
+    'mailto', 'nntp',
+    'xmpp'
+);
+
+/**
  * Enable the "common bookmark description" functionality
  *
  * @var boolean
diff --git a/src/SemanticScuttle/Model/Bookmark.php b/src/SemanticScuttle/Model/Bookmark.php
new file mode 100644
index 0000000..2cbe38d
--- /dev/null
+++ b/src/SemanticScuttle/Model/Bookmark.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ */
+
+/**
+ * Bookmark model class, keeping the data of a single bookmark.
+ * It will slowly replace the old array style format.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ */
+class SemanticScuttle_Model_Bookmark
+{
+    public static function isValidUrl($url)
+    {
+        $scheme = parse_url($url, PHP_URL_SCHEME);
+        if (array_search($scheme, $GLOBALS['allowedProtocols']) === false) {
+            return false;
+        }
+        return true;
+    }
+
+}
+
+
+?>
+\ No newline at end of file
diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php
index 75e5204..d812124 100644
--- a/src/SemanticScuttle/header.php
+++ b/src/SemanticScuttle/header.php
@@ -82,6 +82,7 @@ require_once 'SemanticScuttle/Service.php';
 require_once 'SemanticScuttle/DbService.php';
 require_once 'SemanticScuttle/Service/Factory.php';
 require_once 'SemanticScuttle/functions.php';
+require_once 'SemanticScuttle/Model/Bookmark.php';
 require_once 'SemanticScuttle/Model/UserArray.php';
 
 if (count($GLOBALS['serviceoverrides']) > 0
diff --git a/tests/Model/BookmarkTest.php b/tests/Model/BookmarkTest.php
new file mode 100644
index 0000000..9f55143
--- /dev/null
+++ b/tests/Model/BookmarkTest.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ */
+
+/**
+ * Unit tests for the SemanticScuttle Bookmark model
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ */
+class Model_BookmarkTest extends TestBase
+{
+    public function testIsValidUrlValid()
+    {
+        $this->assertTrue(
+            SemanticScuttle_Model_Bookmark::isValidUrl(
+                'http://example.org/foo/bar?baz=foorina'
+            )
+        );
+        $this->assertTrue(
+            SemanticScuttle_Model_Bookmark::isValidUrl(
+                'https://example.org/'
+            )
+        );
+        $this->assertTrue(
+            SemanticScuttle_Model_Bookmark::isValidUrl(
+                'ftp://user:pass@example.org/'
+            )
+        );
+        $this->assertTrue(
+            SemanticScuttle_Model_Bookmark::isValidUrl(
+                'mailto:cweiske@example.org'
+            )
+        );
+    }
+
+    public function testIsValidUrlInvalid()
+    {
+        $this->assertFalse(
+            SemanticScuttle_Model_Bookmark::isValidUrl(
+                'javascript:alert("foo")'
+            )
+        );
+        $this->assertFalse(
+            SemanticScuttle_Model_Bookmark::isValidUrl(
+                'foo://example.org/foo/bar'
+            )
+        );
+    }
+
+}
+
+?>
+\ No newline at end of file
author	Christian Weiske <cweiske@cweiske.de>	2011-05-03 09:14:32 +0200
committer	Christian Weiske <cweiske@cweiske.de>	2011-05-03 09:14:32 +0200
commit	2077464d464e485a978166604faf158b654fb0cb (patch)
tree	13bd87a71a4688fab923ac2e1d0305de3925997e
parent	40b4674e471f8b0fbdc77a26eec86018e2ab03ea (diff)
download	semanticscuttle-2077464d464e485a978166604faf158b654fb0cb.tar.gz semanticscuttle-2077464d464e485a978166604faf158b654fb0cb.tar.bz2