summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/config.default.php15
-rw-r--r--src/SemanticScuttle/Model/Bookmark.php38
-rw-r--r--src/SemanticScuttle/header.php1
-rw-r--r--tests/Model/BookmarkTest.php65
4 files changed, 119 insertions, 0 deletions
diff --git a/data/config.default.php b/data/config.default.php
index af79891..b2c7307 100644
--- a/data/config.default.php
+++ b/data/config.default.php
@@ -463,6 +463,21 @@ $filetypes = array(
);
/**
+ * Link protocols that are allowed for newly added bookmarks.
+ * This prevents i.e. adding javascript: links.
+ *
+ * @link http://en.wikipedia.org/wiki/URI_scheme
+ *
+ * @var array
+ */
+$allowedProtocols = array(
+ 'ftp', 'ftps',
+ 'http', 'https',
+ 'mailto', 'nntp',
+ 'xmpp'
+);
+
+/**
* Enable the "common bookmark description" functionality
*
* @var boolean
diff --git a/src/SemanticScuttle/Model/Bookmark.php b/src/SemanticScuttle/Model/Bookmark.php
new file mode 100644
index 0000000..2cbe38d
--- /dev/null
+++ b/src/SemanticScuttle/Model/Bookmark.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license GPL http://www.gnu.org/licenses/gpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+
+/**
+ * Bookmark model class, keeping the data of a single bookmark.
+ * It will slowly replace the old array style format.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license GPL http://www.gnu.org/licenses/gpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+class SemanticScuttle_Model_Bookmark
+{
+ public static function isValidUrl($url)
+ {
+ $scheme = parse_url($url, PHP_URL_SCHEME);
+ if (array_search($scheme, $GLOBALS['allowedProtocols']) === false) {
+ return false;
+ }
+ return true;
+ }
+
+}
+
+
+?> \ No newline at end of file
diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php
index 75e5204..d812124 100644
--- a/src/SemanticScuttle/header.php
+++ b/src/SemanticScuttle/header.php
@@ -82,6 +82,7 @@ require_once 'SemanticScuttle/Service.php';
require_once 'SemanticScuttle/DbService.php';
require_once 'SemanticScuttle/Service/Factory.php';
require_once 'SemanticScuttle/functions.php';
+require_once 'SemanticScuttle/Model/Bookmark.php';
require_once 'SemanticScuttle/Model/UserArray.php';
if (count($GLOBALS['serviceoverrides']) > 0
diff --git a/tests/Model/BookmarkTest.php b/tests/Model/BookmarkTest.php
new file mode 100644
index 0000000..9f55143
--- /dev/null
+++ b/tests/Model/BookmarkTest.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license GPL http://www.gnu.org/licenses/gpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+
+/**
+ * Unit tests for the SemanticScuttle Bookmark model
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license GPL http://www.gnu.org/licenses/gpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+class Model_BookmarkTest extends TestBase
+{
+ public function testIsValidUrlValid()
+ {
+ $this->assertTrue(
+ SemanticScuttle_Model_Bookmark::isValidUrl(
+ 'http://example.org/foo/bar?baz=foorina'
+ )
+ );
+ $this->assertTrue(
+ SemanticScuttle_Model_Bookmark::isValidUrl(
+ 'https://example.org/'
+ )
+ );
+ $this->assertTrue(
+ SemanticScuttle_Model_Bookmark::isValidUrl(
+ 'ftp://user:pass@example.org/'
+ )
+ );
+ $this->assertTrue(
+ SemanticScuttle_Model_Bookmark::isValidUrl(
+ 'mailto:cweiske@example.org'
+ )
+ );
+ }
+
+ public function testIsValidUrlInvalid()
+ {
+ $this->assertFalse(
+ SemanticScuttle_Model_Bookmark::isValidUrl(
+ 'javascript:alert("foo")'
+ )
+ );
+ $this->assertFalse(
+ SemanticScuttle_Model_Bookmark::isValidUrl(
+ 'foo://example.org/foo/bar'
+ )
+ );
+ }
+
+}
+
+?> \ No newline at end of file