From c466a2d2306011b18d7d5f9a1bca0eae5560f980 Mon Sep 17 00:00:00 2001 From: Sem Date: Thu, 3 Nov 2011 03:44:33 +0100 Subject: Fixes #3976. elgg.normalize_url() js function has the fix in #3747. --- js/tests/ElggLibTest.js | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) (limited to 'js/tests/ElggLibTest.js') diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js index dd0267c5c..688a1016c 100644 --- a/js/tests/ElggLibTest.js +++ b/js/tests/ElggLibTest.js @@ -73,12 +73,34 @@ ElggLibTest.prototype.testNormalizeUrl = function() { [ ['', elgg.config.wwwroot], - ['test', elgg.config.wwwroot + 'test'], - ['http://google.com', 'http://google.com'], + ['http://example.com', 'http://example.com'], + ['https://example.com', 'https://example.com'], + ['http://example-time.com', 'http://example-time.com'], ['//example.com', '//example.com'], - ['/page', elgg.config.wwwroot + 'page'], - ['mod/plugin/index.php', elgg.config.wwwroot + 'mod/plugin/index.php'], + + ['ftp://example.com/file', 'ftp://example.com/file', + ['mailto:brett@elgg.org', 'mailto:brett@elgg.org', + ['javascript:alert("test")', 'javascript:alert("test")', + ['app://endpoint', 'app://endpoint', + + ['example.com', 'http://example.com', + ['example.com/subpage', 'http://example.com/subpage', + + ['page/handler', elgg.config.wwwroot + 'page/handler', + ['page/handler?p=v&p2=v2', elgg.config.wwwroot + 'page/handler?p=v&p2=v2', + ['mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php', + ['mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2', + ['rootfile.php', elgg.config.wwwroot + 'rootfile.php', + ['rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2', + + ['/page/handler', elgg.config.wwwroot + 'page/handler', + ['/page/handler?p=v&p2=v2', elgg.config.wwwroot + 'page/handler?p=v&p2=v2', + ['/mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php', + ['/mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2', + ['/rootfile.php', elgg.config.wwwroot + 'rootfile.php', + ['/rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2', + ].forEach(function(args) { assertEquals(args[1], elgg.normalize_url(args[0])); }); -}; \ No newline at end of file +}; -- cgit v1.2.3 From 604a3bc06281de721e27561341299f1bb9f8ea51 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 5 Nov 2011 15:05:13 -0400 Subject: Fixes #3976 fixed unit tests for normalizing urls and standardized the code from the previous merge --- js/lib/elgglib.js | 14 ++++++------- js/tests/ElggLibTest.js | 55 +++++++++++++++++++++++++------------------------ 2 files changed, 35 insertions(+), 34 deletions(-) (limited to 'js/tests/ElggLibTest.js') diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js index 3e38bbad6..ca7914e7c 100644 --- a/js/lib/elgglib.js +++ b/js/lib/elgglib.js @@ -224,8 +224,8 @@ elgg.provide = function(pkg, opt_context) { * child.foo('boo!'); // alert('boo!'); * * - * @param {Function} childCtor Child class. - * @param {Function} parentCtor Parent class. + * @param {Function} Child Child class constructor. + * @param {Function} Parent Parent class constructor. */ elgg.inherit = function(Child, Parent) { Child.prototype = new Parent(); @@ -250,17 +250,17 @@ elgg.normalize_url = function(url) { url = url || ''; elgg.assertTypeOf('string', url); - validated = (function(url){ + validated = (function(url) { url = elgg.parse_url(url); - if(url.scheme){ + if (url.scheme){ url.scheme = url.scheme.toLowerCase(); } - if(url.scheme == 'http' || url.scheme == 'https') { - if(!url.host) { + if (url.scheme == 'http' || url.scheme == 'https') { + if (!url.host) { return false; } /* hostname labels may contain only alphanumeric characters, dots and hypens. */ - if(!(new RegExp("^([a-zA-Z0-9][a-zA-Z0-9\\-\\.]*)$", "i")).test(url.host) || url.host.charAt(-1) == '.'){ + if (!(new RegExp("^([a-zA-Z0-9][a-zA-Z0-9\\-\\.]*)$", "i")).test(url.host) || url.host.charAt(-1) == '.') { return false; } } diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js index 688a1016c..c53c6331d 100644 --- a/js/tests/ElggLibTest.js +++ b/js/tests/ElggLibTest.js @@ -72,33 +72,34 @@ ElggLibTest.prototype.testNormalizeUrl = function() { elgg.config.wwwroot = "http://elgg.org/"; [ - ['', elgg.config.wwwroot], - ['http://example.com', 'http://example.com'], - ['https://example.com', 'https://example.com'], - ['http://example-time.com', 'http://example-time.com'], - ['//example.com', '//example.com'], - - ['ftp://example.com/file', 'ftp://example.com/file', - ['mailto:brett@elgg.org', 'mailto:brett@elgg.org', - ['javascript:alert("test")', 'javascript:alert("test")', - ['app://endpoint', 'app://endpoint', - - ['example.com', 'http://example.com', - ['example.com/subpage', 'http://example.com/subpage', - - ['page/handler', elgg.config.wwwroot + 'page/handler', - ['page/handler?p=v&p2=v2', elgg.config.wwwroot + 'page/handler?p=v&p2=v2', - ['mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php', - ['mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2', - ['rootfile.php', elgg.config.wwwroot + 'rootfile.php', - ['rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2', - - ['/page/handler', elgg.config.wwwroot + 'page/handler', - ['/page/handler?p=v&p2=v2', elgg.config.wwwroot + 'page/handler?p=v&p2=v2', - ['/mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php', - ['/mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2', - ['/rootfile.php', elgg.config.wwwroot + 'rootfile.php', - ['/rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2', + ['', elgg.config.wwwroot], + ['test', elgg.config.wwwroot + 'test'], + ['http://example.com', 'http://example.com'], + ['https://example.com', 'https://example.com'], + ['http://example-time.com', 'http://example-time.com'], + ['//example.com', '//example.com'], + + ['ftp://example.com/file', 'ftp://example.com/file'], + ['mailto:brett@elgg.org', 'mailto:brett@elgg.org'], + ['javascript:alert("test")', 'javascript:alert("test")'], + ['app://endpoint', 'app://endpoint'], + + ['example.com', 'http://example.com'], + ['example.com/subpage', 'http://example.com/subpage'], + + ['page/handler', elgg.config.wwwroot + 'page/handler'], + ['page/handler?p=v&p2=v2', elgg.config.wwwroot + 'page/handler?p=v&p2=v2'], + ['mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php'], + ['mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2'], + ['rootfile.php', elgg.config.wwwroot + 'rootfile.php'], + ['rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2'], + + ['/page/handler', elgg.config.wwwroot + 'page/handler'], + ['/page/handler?p=v&p2=v2', elgg.config.wwwroot + 'page/handler?p=v&p2=v2'], + ['/mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php'], + ['/mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2'], + ['/rootfile.php', elgg.config.wwwroot + 'rootfile.php'], + ['/rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2'], ].forEach(function(args) { assertEquals(args[1], elgg.normalize_url(args[0])); -- cgit v1.2.3 From 6b6cb8e8f70b254d100ba494ea913d99be95fa7d Mon Sep 17 00:00:00 2001 From: cash Date: Thu, 10 Nov 2011 21:24:47 -0500 Subject: Fixes #4010 not sending naked query strings into add ajax tokens and also fixed a few related bugs in JavaScript --- js/lib/ajax.js | 6 +++- js/lib/elgglib.js | 68 +++++++++----------------------------------- js/lib/security.js | 18 ++++++------ js/tests/ElggLibTest.js | 22 ++++++++++++++ js/tests/ElggSecurityTest.js | 40 ++++++++++++++++++++------ 5 files changed, 82 insertions(+), 72 deletions(-) (limited to 'js/tests/ElggLibTest.js') diff --git a/js/lib/ajax.js b/js/lib/ajax.js index 6f6ae052f..b3f39cc42 100644 --- a/js/lib/ajax.js +++ b/js/lib/ajax.js @@ -187,7 +187,11 @@ elgg.action = function(action, options) { options = elgg.ajax.handleOptions(action, options); - options.data = elgg.security.addToken(options.data); + // This is a misuse of elgg.security.addToken() because it is not always a + // full query string with a ?. As such we need a special check for the tokens. + if (!elgg.isString(options.data) || options.data.indexOf('__elgg_ts') == -1) { + options.data = elgg.security.addToken(options.data); + } options.dataType = 'json'; //Always display system messages after actions diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js index ca7914e7c..81209ebd0 100644 --- a/js/lib/elgglib.js +++ b/js/lib/elgglib.js @@ -410,16 +410,6 @@ elgg.parse_url = function(url, component, expand) { // fragment + '(?:#(.*))?)', keys = { - 'mailto': { - 4: "scheme", - 5: "user", - 6: "host", - 9: "path", - 12: "query", - 13: "fragment" - }, - - 'standard': { 1: "scheme", 4: "user", 5: "pass", @@ -428,58 +418,28 @@ elgg.parse_url = function(url, component, expand) { 9: "path", 12: "query", 13: "fragment" - } }, - results = {}, - match_keys, - is_mailto = false; + results = {}; - var re = new RegExp(re_str); - var matches = re.exec(url); - - // if the scheme field is undefined it means we're using a protocol - // without :// and an @. Feel free to fix this in the re if you can >:O - if (matches[1] == undefined) { - match_keys = keys['mailto']; - is_mailto = true; - } else { - match_keys = keys['standard']; + if (url.indexOf('mailto:') === 0) { + results['scheme'] = 'mailto'; + results['path'] = url.replace('mailto:', ''); + return results; } - for (var i in match_keys) { - if (matches[i]) { - results[match_keys[i]] = matches[i]; - } + if (url.indexOf('javascript:') === 0) { + results['scheme'] = 'javascript'; + results['path'] = url.replace('javascript:', ''); + return results; } - // merge everything to path if not standard - if (is_mailto) { - var path = '', - new_results = {}; - - if (typeof(results['user']) != 'undefined' && typeof(results['host']) != 'undefined') { - path = results['user'] + '@' + results['host']; - delete results['user']; - delete results['host']; - } else if (typeof(results['user'])) { - path = results['user']; - delete results['user']; - } else if (typeof(results['host'])) { - path = results['host']; - delete results['host']; - } - - if (typeof(results['path']) != 'undefined') { - results['path'] = path + results['path']; - } else { - results['path'] = path; - } + var re = new RegExp(re_str); + var matches = re.exec(url); - for (var prop in results) { - new_results[prop] = results[prop]; + for (var i in keys) { + if (matches[i]) { + results[keys[i]] = matches[i]; } - - results = new_results; } if (expand && typeof(results['query']) != 'undefined') { diff --git a/js/lib/security.js b/js/lib/security.js index 726c6b767..61aa1cfcd 100644 --- a/js/lib/security.js +++ b/js/lib/security.js @@ -60,7 +60,7 @@ elgg.security.refreshToken = function() { /** - * Add elgg action tokens to an object, URL, or query string. + * Add elgg action tokens to an object, URL, or query string (with a ?). * * @param {Object|string} data * @return {Object} The new data object including action tokens @@ -75,17 +75,17 @@ elgg.security.addToken = function(data) { args = {}, base = ''; - if (parts['host'] == data) { - if (data.indexOf('=') > -1) { + if (parts['host'] == undefined) { + if (data.indexOf('?') === 0) { // query string - args = elgg.parse_str(data); - } else { - // relative URL - base = data + '?'; + base = '?'; + args = elgg.parse_str(parts['query']); } } else { - // a URL - if (typeof parts['query'] != 'undefined') { + // full or relative URL + + if (parts['query'] != undefined) { + // with query string args = elgg.parse_str(parts['query']); } var split = data.split('?'); diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js index c53c6331d..a29ebf743 100644 --- a/js/tests/ElggLibTest.js +++ b/js/tests/ElggLibTest.js @@ -105,3 +105,25 @@ ElggLibTest.prototype.testNormalizeUrl = function() { assertEquals(args[1], elgg.normalize_url(args[0])); }); }; + +ElggLibTest.prototype.testParseUrl = function() { + + [ + ["http://www.elgg.org/test/", {'scheme': 'http', 'host': 'www.elgg.org', 'path': '/test/'}], + ["https://www.elgg.org/test/", {'scheme': 'https', 'host': 'www.elgg.org', 'path': '/test/'}], + ["ftp://www.elgg.org/test/", {'scheme': 'ftp', 'host': 'www.elgg.org', 'path': '/test/'}], + ["http://elgg.org/test?val1=one&val2=two", {'scheme': 'http', 'host': 'elgg.org', 'path': '/test', 'query': 'val1=one&val2=two'}], + ["http://elgg.org:8080/", {'scheme': 'http', 'host': 'elgg.org', 'port': 8080, 'path': '/'}], + ["http://elgg.org/test#there", {'scheme': 'http', 'host': 'elgg.org', 'path': '/test', 'fragment': 'there'}], + + ["test?val=one", {'host': 'test', 'query': 'val=one'}], + ["?val=one", {'query': 'val=one'}], + + ["mailto:joe@elgg.org", {'scheme': 'mailto', 'path': 'joe@elgg.org'}], + ["javascript:load()", {'scheme': 'javascript', 'path': 'load()'}] + + ].forEach(function(args) { + assertEquals(args[1], elgg.parse_url(args[0])); + }); +}; + diff --git a/js/tests/ElggSecurityTest.js b/js/tests/ElggSecurityTest.js index c7309d55f..107c0adbd 100644 --- a/js/tests/ElggSecurityTest.js +++ b/js/tests/ElggSecurityTest.js @@ -26,16 +26,42 @@ ElggSecurityTest.prototype.testAddTokenAcceptsObject = function() { assertEquals(expected, elgg.security.addToken(input)); }; -ElggSecurityTest.prototype.testAddTokenAcceptsString = function() { +ElggSecurityTest.prototype.testAddTokenAcceptsRelativeUrl = function() { var input, str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; - - input = ""; - assertEquals('?' + str, elgg.security.addToken(input)); - + + input = "test"; + assertEquals(input + '?' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAcceptsFullUrl = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + + input = "http://elgg.org/"; + assertEquals(input + '?' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAcceptsQueryString = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + input = "?data=sofar"; assertEquals(input + '&' + str, elgg.security.addToken(input)); - + + input = "test?data=sofar"; + assertEquals(input + '&' + str, elgg.security.addToken(input)); + + input = "http://elgg.org/?data=sofar"; + assertEquals(input + '&' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAlreadyAdded = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + + input = "http://elgg.org/?" + str + "&data=sofar"; + assertEquals(input, elgg.security.addToken(input)); }; ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() { @@ -47,5 +73,3 @@ ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() { elgg.security.setToken(json); assertEquals(json, elgg.security.token); }; - - -- cgit v1.2.3