diff options
author | Sam <8619576+samjf@users.noreply.github.com> | 2022-04-11 12:32:52 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-11 12:32:52 +0300 |
commit | e6182097f4a9005de69f34f82c3f76b5c6162473 (patch) | |
tree | 5b3dbf39461c64f81aefad15f544b81ca7946862 /tests | |
parent | f8267dfed779e06f7483d9d952700e8c819cafba (diff) |
Add the request hostname to error & exception logs (#18996)
* Add the hostname to the tracker exception log so multi-tenant domains are easier to debug
* Add hostname to error log to help with debugging
* use Url::getHost and add method to Url class instead
* apply PSR12 code formatting
Co-authored-by: sgiehl <stefan@matomo.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/PHPUnit/Unit/UrlTest.php | 350 |
1 files changed, 180 insertions, 170 deletions
diff --git a/tests/PHPUnit/Unit/UrlTest.php b/tests/PHPUnit/Unit/UrlTest.php index 336eff2757..c6a7bc82a4 100644 --- a/tests/PHPUnit/Unit/UrlTest.php +++ b/tests/PHPUnit/Unit/UrlTest.php @@ -1,4 +1,5 @@ <?php + /** * Matomo - free/libre analytics platform * @@ -20,14 +21,14 @@ class UrlTest extends \PHPUnit\Framework\TestCase { public function testAllMethods() { - $this->assertEquals(Url::getCurrentQueryStringWithParametersModified(array()), Url::getCurrentQueryString()); + $this->assertEquals(Url::getCurrentQueryStringWithParametersModified([]), Url::getCurrentQueryString()); $this->assertEquals(Url::getCurrentUrl(), Url::getCurrentUrlWithoutQueryString()); $this->assertEquals(Url::getCurrentUrl(), Url::getCurrentScheme() . '://' . Url::getCurrentHost() . Url::getCurrentScriptName()); $_SERVER['QUERY_STRING'] = 'q=test'; $parameters = array_keys(Url::getArrayFromCurrentQueryString()); - $parametersNameToValue = array(); + $parametersNameToValue = []; foreach ($parameters as $name) { $parametersNameToValue[$name] = null; } @@ -39,25 +40,25 @@ class UrlTest extends \PHPUnit\Framework\TestCase */ public function getCurrentHosts() { - return array( - array('localhost IPv4', array('127.0.0.1', null, null, null, '127.0.0.1')), - array('localhost IPv6', array('[::1]', null, null, null, '[::1]')), - array('localhost name', array('localhost', null, null, null, 'localhost')), - - array('IPv4 without proxy', array('128.1.2.3', null, null, null, '128.1.2.3')), - array('IPv6 without proxy', array('[2001::b0b]', null, null, null, '[2001::b0b]')), - array('name without proxy', array('example.com', null, null, null, 'example.com')), - - array('IPv4 with one proxy', array('127.0.0.1', '128.1.2.3', 'HTTP_X_FORWARDED_HOST', null, '128.1.2.3')), - array('IPv6 with one proxy', array('[::1]', '[2001::b0b]', 'HTTP_X_FORWARDED_HOST', null, '[2001::b0b]')), - array('name with one IPv4 proxy', array('192.168.1.10', 'example.com', 'HTTP_X_FORWARDED_HOST', null, 'example.com')), - array('name with one IPv6 proxy', array('[::10]', 'www.example.com', 'HTTP_X_FORWARDED_HOST', null, 'www.example.com')), - array('name with one named proxy', array('dmz.example.com', 'www.example.com', 'HTTP_X_FORWARDED_HOST', null, 'www.example.com')), - - array('IPv4 with multiple proxies', array('127.0.0.1', '128.1.2.3, 192.168.1.10', 'HTTP_X_FORWARDED_HOST', '192.168.1.*', '128.1.2.3')), - array('IPv6 with multiple proxies', array('[::1]', '[2001::b0b], [::ffff:192.168.1.10]', 'HTTP_X_FORWARDED_HOST', '::ffff:192.168.1.0/124', '[2001::b0b]')), - array('name with multiple proxies', array('dmz.example.com', 'www.example.com, dmz.example.com', 'HTTP_X_FORWARDED_HOST', 'dmz.example.com', 'www.example.com')), - ); + return [ + ['localhost IPv4', ['127.0.0.1', null, null, null, '127.0.0.1']], + ['localhost IPv6', ['[::1]', null, null, null, '[::1]']], + ['localhost name', ['localhost', null, null, null, 'localhost']], + + ['IPv4 without proxy', ['128.1.2.3', null, null, null, '128.1.2.3']], + ['IPv6 without proxy', ['[2001::b0b]', null, null, null, '[2001::b0b]']], + ['name without proxy', ['example.com', null, null, null, 'example.com']], + + ['IPv4 with one proxy', ['127.0.0.1', '128.1.2.3', 'HTTP_X_FORWARDED_HOST', null, '128.1.2.3']], + ['IPv6 with one proxy', ['[::1]', '[2001::b0b]', 'HTTP_X_FORWARDED_HOST', null, '[2001::b0b]']], + ['name with one IPv4 proxy', ['192.168.1.10', 'example.com', 'HTTP_X_FORWARDED_HOST', null, 'example.com']], + ['name with one IPv6 proxy', ['[::10]', 'www.example.com', 'HTTP_X_FORWARDED_HOST', null, 'www.example.com']], + ['name with one named proxy', ['dmz.example.com', 'www.example.com', 'HTTP_X_FORWARDED_HOST', null, 'www.example.com']], + + ['IPv4 with multiple proxies', ['127.0.0.1', '128.1.2.3, 192.168.1.10', 'HTTP_X_FORWARDED_HOST', '192.168.1.*', '128.1.2.3']], + ['IPv6 with multiple proxies', ['[::1]', '[2001::b0b], [::ffff:192.168.1.10]', 'HTTP_X_FORWARDED_HOST', '::ffff:192.168.1.0/124', '[2001::b0b]']], + ['name with multiple proxies', ['dmz.example.com', 'www.example.com, dmz.example.com', 'HTTP_X_FORWARDED_HOST', 'dmz.example.com', 'www.example.com']], + ]; } /** @@ -67,8 +68,8 @@ class UrlTest extends \PHPUnit\Framework\TestCase { Url::setHost($test[0]); $_SERVER['HTTP_X_FORWARDED_HOST'] = $test[1]; - Config::getInstance()->General['proxy_host_headers'] = array($test[2]); - Config::getInstance()->General['proxy_ips'] = array($test[3]); + Config::getInstance()->General['proxy_host_headers'] = [$test[2]]; + Config::getInstance()->General['proxy_ips'] = [$test[3]]; Config::getInstance()->General['enable_trusted_host_check'] = 0; $this->assertEquals($test[4], Url::getCurrentHost(), $description); } @@ -76,7 +77,7 @@ class UrlTest extends \PHPUnit\Framework\TestCase /** * @dataProvider getProtocol */ - public function test_getCurrentScheme_ProtoHeaderShouldPrecedenceHttpsHeader($proto) + public function testGetCurrentSchemeProtoHeaderShouldPrecedenceHttpsHeader($proto) { $_SERVER['HTTPS'] = 'on'; $_SERVER['HTTP_X_FORWARDED_PROTO'] = $proto; @@ -89,7 +90,7 @@ class UrlTest extends \PHPUnit\Framework\TestCase /** * @dataProvider getProtocol */ - public function test_getCurrentScheme_shouldDetectSecureFromHttpsHeader() + public function testGetCurrentSchemeShouldDetectSecureFromHttpsHeader() { $_SERVER['HTTPS'] = 'on'; $this->assertEquals('https', Url::getCurrentScheme()); @@ -100,14 +101,14 @@ class UrlTest extends \PHPUnit\Framework\TestCase /** * @dataProvider getProtocol */ - public function test_getCurrentScheme_shouldBeHttpByDefault() + public function testGetCurrentSchemeShouldBeHttpByDefault() { $this->assertEquals('http', Url::getCurrentScheme()); } public function getProtocol() { - return array(array('http'), array('https')); + return [['http'], ['https']]; } /** @@ -115,86 +116,86 @@ class UrlTest extends \PHPUnit\Framework\TestCase */ public function getLocalUrls() { - return array( + return [ // simple cases - array('www.example.com', 'http://www.example.com/path/index.php', '/path/index.php', 'http://www.example.com/path/index.php', true), - array('www.example.com', 'http://www.example.com/path/index.php?module=X', '/path/index.php', 'http://www.example.com/path/', true), - array('www.example.com', 'http://www.example.com/path/', '/path/index.php', 'http://www.example.com/path/index.php?module=Y', true), - array('www.example.com', 'http://www.example.com/path/#anchor', '/path/index.php', 'http://www.example.com/path/?query', true), - array('localhost:8080', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true), - array('www.example.com', 'http://www.example.com/path/', '/path/', 'http://www.example.com/path2/', true), + ['www.example.com', 'http://www.example.com/path/index.php', '/path/index.php', 'http://www.example.com/path/index.php', true], + ['www.example.com', 'http://www.example.com/path/index.php?module=X', '/path/index.php', 'http://www.example.com/path/', true], + ['www.example.com', 'http://www.example.com/path/', '/path/index.php', 'http://www.example.com/path/index.php?module=Y', true], + ['www.example.com', 'http://www.example.com/path/#anchor', '/path/index.php', 'http://www.example.com/path/?query', true], + ['localhost:8080', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true], + ['www.example.com', 'http://www.example.com/path/', '/path/', 'http://www.example.com/path2/', true], // ignore port - array('www.example.com', 'http://www.example.com:80/path/index.php', '/path/index.php', 'http://www.example.com/path/index.php', true), - array('www.example.com', 'http://www.example.com/path/index.php', '/path/index.php', 'http://www.example.com:80/path/index.php', true), + ['www.example.com', 'http://www.example.com:80/path/index.php', '/path/index.php', 'http://www.example.com/path/index.php', true], + ['www.example.com', 'http://www.example.com/path/index.php', '/path/index.php', 'http://www.example.com:80/path/index.php', true], - array('localhost', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true), - array('localhost', 'http://localhost/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true), - array('localhost', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost/path/index.php', true), + ['localhost', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true], + ['localhost', 'http://localhost/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true], + ['localhost', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost/path/index.php', true], - array('localhost:8080', 'http://localhost/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true), - array('localhost:8080', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost/path/index.php', true), - array('localhost:8080', 'http://localhost/path/index.php', '/path/index.php', 'http://localhost/path/index.php', true), - array('localhost:8080', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true), + ['localhost:8080', 'http://localhost/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true], + ['localhost:8080', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost/path/index.php', true], + ['localhost:8080', 'http://localhost/path/index.php', '/path/index.php', 'http://localhost/path/index.php', true], + ['localhost:8080', 'http://localhost:8080/path/index.php', '/path/index.php', 'http://localhost:8080/path/index.php', true], // IPv6 - array('[::1]', 'http://[::1]/path/index.php', '/path/index.php', 'http://[::1]/path/index.php', true), - array('[::1]:8080', 'http://[::1]:8080/path/index.php', '/path/index.php', 'http://[::1]/path/index.php', true), - array('[::1]:8080', 'http://[::1]/path/index.php', '/path/index.php', 'http://[::1]:8080/path/index.php', true), + ['[::1]', 'http://[::1]/path/index.php', '/path/index.php', 'http://[::1]/path/index.php', true], + ['[::1]:8080', 'http://[::1]:8080/path/index.php', '/path/index.php', 'http://[::1]/path/index.php', true], + ['[::1]:8080', 'http://[::1]/path/index.php', '/path/index.php', 'http://[::1]:8080/path/index.php', true], // undefined SCRIPT URI - array('www.example.com', null, '/path/index.php', 'http://www.example.com/path/index.php', true), - array('localhost:8080', null, '/path/index.php', 'http://localhost:8080/path/index.php', true), - array('127.0.0.1:8080', null, '/path/index.php', 'http://127.0.0.1:8080/path/index.php', true), - array('[::1]', null, '/path/index.php', 'http://[::1]/path/index.php', true), - array('[::1]:8080', null, '/path/index.php', 'http://[::1]:8080/path/index.php', true), + ['www.example.com', null, '/path/index.php', 'http://www.example.com/path/index.php', true], + ['localhost:8080', null, '/path/index.php', 'http://localhost:8080/path/index.php', true], + ['127.0.0.1:8080', null, '/path/index.php', 'http://127.0.0.1:8080/path/index.php', true], + ['[::1]', null, '/path/index.php', 'http://[::1]/path/index.php', true], + ['[::1]:8080', null, '/path/index.php', 'http://[::1]:8080/path/index.php', true], // Apache+Rails anomaly in SCRIPT_URI - array('www.example.com', 'http://www.example.com/path/#anchor', 'http://www.example.com/path/index.php', 'http://www.example.com/path/?query', true), + ['www.example.com', 'http://www.example.com/path/#anchor', 'http://www.example.com/path/index.php', 'http://www.example.com/path/?query', true], // mangled HTTP_HOST - array('www.example.com', 'http://example.com/path/#anchor', '/path/index.php', 'http://example.com/path/referrer', true), + ['www.example.com', 'http://example.com/path/#anchor', '/path/index.php', 'http://example.com/path/referrer', true], // suppressed Referrer - array('www.example.com', 'http://www.example.com/path/#anchor', '/path/index.php', null, true), - array('www.example.com', 'http://www.example.com/path/#anchor', '/path/index.php', '', true), + ['www.example.com', 'http://www.example.com/path/#anchor', '/path/index.php', null, true], + ['www.example.com', 'http://www.example.com/path/#anchor', '/path/index.php', '', true], // mismatched scheme or host - array('www.example.com', 'http://www.example.com/path/?module=X', '/path/index.php', 'ftp://www.example.com/path/index.php', false), - array('www.example.com', 'http://www.example.com/path/?module=X', '/path/index.php', 'http://example.com/path/index.php', false), - array('www.example.com', 'http://www.example.com/path/', '/path/', 'http://crsf.example.com/path/', false), - ); + ['www.example.com', 'http://www.example.com/path/?module=X', '/path/index.php', 'ftp://www.example.com/path/index.php', false], + ['www.example.com', 'http://www.example.com/path/?module=X', '/path/index.php', 'http://example.com/path/index.php', false], + ['www.example.com', 'http://www.example.com/path/', '/path/', 'http://crsf.example.com/path/', false], + ]; } /** * @dataProvider getIsLocalHost */ - public function test_isLocalHost($expectedIsLocal, $host) + public function testIsLocalHost($expectedIsLocal, $host) { $this->assertSame($expectedIsLocal, Url::isLocalHost($host)); } public function getIsLocalHost() { - return array( - array($isLocal = false, '127.0.0.2'), - array($isLocal = false, '192.168.1.1'), - array($isLocal = false, '10.1.1.1'), - array($isLocal = false, '172.30.1.1'), + return [ + [$isLocal = false, '127.0.0.2'], + [$isLocal = false, '192.168.1.1'], + [$isLocal = false, '10.1.1.1'], + [$isLocal = false, '172.30.1.1'], - array($isLocal = true, 'localhost'), - array($isLocal = true, '127.0.0.1'), - array($isLocal = true, '::1'), - array($isLocal = true, '[::1]'), + [$isLocal = true, 'localhost'], + [$isLocal = true, '127.0.0.1'], + [$isLocal = true, '::1'], + [$isLocal = true, '[::1]'], // with port - array($isLocal = false, '172.30.1.1:80'), - array($isLocal = false, '3ffe:1900:4545:3:200:f8ff:fe21:67cf:1005'), - array($isLocal = true, 'localhost:3000'), - array($isLocal = true, '127.0.0.1:213424'), - array($isLocal = true, '::1:345'), - array($isLocal = true, '[::1]:443'), - ); + [$isLocal = false, '172.30.1.1:80'], + [$isLocal = false, '3ffe:1900:4545:3:200:f8ff:fe21:67cf:1005'], + [$isLocal = true, 'localhost:3000'], + [$isLocal = true, '127.0.0.1:213424'], + [$isLocal = true, '::1:345'], + [$isLocal = true, '[::1]:443'], + ]; } /** @@ -206,7 +207,7 @@ class UrlTest extends \PHPUnit\Framework\TestCase $_SERVER['SCRIPT_URI'] = $scripturi; $_SERVER['REQUEST_URI'] = $requesturi; Config::getInstance()->General['enable_trusted_host_check'] = 1; - Config::getInstance()->General['trusted_hosts'] = array($httphost); + Config::getInstance()->General['trusted_hosts'] = [$httphost]; $urlToTest = $testurl; $this->assertEquals($result, Url::isLocalUrl($urlToTest)); } @@ -216,12 +217,11 @@ class UrlTest extends \PHPUnit\Framework\TestCase */ public function getCurrentUrlWithoutFilename() { - return array( - array('http://example.com/', false, 'example.com', '/'), - array('https://example.org/', true, 'example.org', '/'), - array('https://example.net/piwik/', 'on', 'example.net', '/piwik/'), - ); - + return [ + ['http://example.com/', false, 'example.com', '/'], + ['https://example.org/', true, 'example.org', '/'], + ['https://example.net/piwik/', 'on', 'example.net', '/piwik/'], + ]; } /** @@ -240,26 +240,26 @@ class UrlTest extends \PHPUnit\Framework\TestCase $_SERVER['REQUEST_URI'] = $path; $_SERVER['HTTP_HOST'] = $host; - Config::getInstance()->General['trusted_hosts'] = array($host); + Config::getInstance()->General['trusted_hosts'] = [$host]; $url = Url::getCurrentUrlWithoutFilename(); $this->assertEquals($expected, $url); } - public function test_getCurrentScriptName() + public function testGetCurrentScriptName() { $this->resetGlobalVariables(); - $tests = array( - array('/', 'http://example.com/', null), - array('/', '/', null), - array('/index.php', '/index.php', null), - array('/index.php', '/index.php?module=Foo', null), - array('/index.php', '/index.php/route/1', '/route/1'), - array('/index.php', '/index.php#<img src=http://matomo.org', ''), - array('/index.php', '/index.php/route/2?module=Bar', '/route/2'), - array('/path/index.php', '/path/index.php/route/3/?module=Fu&action=Bar#Hash', '/route/3/'), - ); + $tests = [ + ['/', 'http://example.com/', null], + ['/', '/', null], + ['/index.php', '/index.php', null], + ['/index.php', '/index.php?module=Foo', null], + ['/index.php', '/index.php/route/1', '/route/1'], + ['/index.php', '/index.php#<img src=http://matomo.org', ''], + ['/index.php', '/index.php/route/2?module=Bar', '/route/2'], + ['/path/index.php', '/path/index.php/route/3/?module=Fu&action=Bar#Hash', '/route/3/'], + ]; foreach ($tests as $test) { list($expected, $uri, $pathInfo) = $test; @@ -277,25 +277,25 @@ class UrlTest extends \PHPUnit\Framework\TestCase */ public function getValidHostData() { - return array( + return [ // $expected, $host, $trustedHosts, $description - array(true, 'example.com', array('example.com'), 'Naked domain'), - array(true, 'example.net', array('example.com', 'example.net'), 'Multiple domains'), - array(true, 'piwik.example.com', array('piwik.example.com'), 'Fully qualified domain name'), - array(true, 'piwik.example.com', array('example.com'), 'Valid subdomain'), - array(false, 'example.net', array('example.com'), 'Invalid domain'), - array(false, '.example.com', array('piwik.example.com'), 'Invalid subdomain'), - array(false, 'example-com', array('example.com'), 'Regex should match . literally'), - array(false, 'www.attacker.com?example.com', array('example.com'), 'Spoofed host'), - array(false, 'example.com.attacker.com', array('example.com'), 'Spoofed subdomain'), - array(true, 'example.com.', array('example.com'), 'Trailing . on host is actually valid'), - array(true, 'www-dev.example.com', array('example.com'), 'host with dashes is valid'), - array(false, 'www.example.com:8080', array('example.com'), 'host:port is valid'), - array(true, 'www.example.com:8080', array('example.com:8080'), 'host:port is valid'), - array(false, 'www.whatever.com', array('*.whatever.com'), 'regex char is escaped'), - array(false, 'www.whatever.com', array('www.whatever.com/abc'), 'with path starting with /a does not throw error'), - array(false, 'www.whatever.com', array('www.whatever.com/path/here'), 'with path starting with /p does not throw error'), - ); + [true, 'example.com', ['example.com'], 'Naked domain'], + [true, 'example.net', ['example.com', 'example.net'], 'Multiple domains'], + [true, 'piwik.example.com', ['piwik.example.com'], 'Fully qualified domain name'], + [true, 'piwik.example.com', ['example.com'], 'Valid subdomain'], + [false, 'example.net', ['example.com'], 'Invalid domain'], + [false, '.example.com', ['piwik.example.com'], 'Invalid subdomain'], + [false, 'example-com', ['example.com'], 'Regex should match . literally'], + [false, 'www.attacker.com?example.com', ['example.com'], 'Spoofed host'], + [false, 'example.com.attacker.com', ['example.com'], 'Spoofed subdomain'], + [true, 'example.com.', ['example.com'], 'Trailing . on host is actually valid'], + [true, 'www-dev.example.com', ['example.com'], 'host with dashes is valid'], + [false, 'www.example.com:8080', ['example.com'], 'host:port is valid'], + [true, 'www.example.com:8080', ['example.com:8080'], 'host:port is valid'], + [false, 'www.whatever.com', ['*.whatever.com'], 'regex char is escaped'], + [false, 'www.whatever.com', ['www.whatever.com/abc'], 'with path starting with /a does not throw error'], + [false, 'www.whatever.com', ['www.whatever.com/path/here'], 'with path starting with /p does not throw error'], + ]; } /** @@ -324,16 +324,16 @@ class UrlTest extends \PHPUnit\Framework\TestCase public function getQueryParameters() { - return array( - array(array(), ''), - array(array('v1', 'v2'), '0=v1&1=v2'), - array(array('key' => 'val'), 'key=val'), - array(array('key' => 'val', 'k2' => 'v2'), 'key=val&k2=v2'), - array(array('key' => 'val', 'k2' => false), 'key=val'), // remove false values - array(array('key' => 'val', 'k2' => null), 'key=val'), // remove null values - array(array('key' => 'val', 'k2' => array('v1', 'v2')), 'key=val&k2[]=v1&k2[]=v2'), - array(array('key' => 'val', 'k2' => array('k1' => 'v1', 'k2' => 'v2')), 'key=val&k2[]=v1&k2[]=v2'), - ); + return [ + [[], ''], + [['v1', 'v2'], '0=v1&1=v2'], + [['key' => 'val'], 'key=val'], + [['key' => 'val', 'k2' => 'v2'], 'key=val&k2=v2'], + [['key' => 'val', 'k2' => false], 'key=val'], // remove false values + [['key' => 'val', 'k2' => null], 'key=val'], // remove null values + [['key' => 'val', 'k2' => ['v1', 'v2']], 'key=val&k2[]=v1&k2[]=v2'], + [['key' => 'val', 'k2' => ['k1' => 'v1', 'k2' => 'v2']], 'key=val&k2[]=v1&k2[]=v2'], + ]; } /** @@ -346,15 +346,25 @@ class UrlTest extends \PHPUnit\Framework\TestCase public function getHostsFromUrl() { - return array( - array(null, null), - array('http://', null), - array('http://www.example.com', 'www.example.com'), - array('http://www.ExaMplE.cOm', 'www.example.com'), - array('http://www.example.com/test/foo?bar=xy', 'www.example.com'), - array('http://127.0.0.1', '127.0.0.1'), - array('example.com', null), - ); + return [ + [null, null], + ['http://', null], + ['http://www.example.com', 'www.example.com'], + ['http://www.ExaMplE.cOm', 'www.example.com'], + ['http://www.example.com/test/foo?bar=xy', 'www.example.com'], + ['http://127.0.0.1', '127.0.0.1'], + ['example.com', null], + ]; + } + + public function testGetRFCValidHostname() + { + $_SERVER['HTTP_HOST'] = 'demo.matomo.org'; + $this->assertEquals('demo.matomo.org', Url::getRFCValidHostname()); + unset($_SERVER['HTTP_HOST']); + $this->assertEquals('matomo.org', Url::getRFCValidHostname('matomo.org')); + $this->assertEquals(false, Url::getRFCValidHostname('matomo org')); + $this->assertEquals(false, Url::getRFCValidHostname('matomo.org;<script')); } /** @@ -367,36 +377,36 @@ class UrlTest extends \PHPUnit\Framework\TestCase public function getIsHostInUrls() { - return array( - array(false, null, null), - array(false, 'http://', array()), - array(false, 'example.com', array()), - array(false, 'www.example.com', array()), - array(false, 'example.com', array('www.example.com')), // not a domain so no "host" - array(true, 'example.com', array('example.com')), - array(true, 'eXamPle.com', array('exaMple.com')), - array(true, 'eXamPle.com', array('http://exaMple.com')), - array(true, 'eXamPle.com', array('http://piwik.org', 'http://www.exaMple.com', 'http://exaMple.com')), // multiple urls one or more are valid but not first one - array(true, 'example.com', array('http://example.com/test')), // url with path but correct host - array(true, 'example.com', array('http://www.example.com')), // subdomains are allowed - array(false, 'example.com', array('http://wwwexample.com')), // it should not be possible to create a similar host and make redirects work again. we allow only subdomains - array(true, 'example.com', array('http://ftp.exAmple.com/test')), - array(true, 'example.com', array('http://www.exAmple.com/test')), - array(false, 'ftp.example.com', array('http://www.example.com/test')), - array(true, '127.0.0.1', array()), // always trusted host - ); + return [ + [false, null, null], + [false, 'http://', []], + [false, 'example.com', []], + [false, 'www.example.com', []], + [false, 'example.com', ['www.example.com']], // not a domain so no "host" + [true, 'example.com', ['example.com']], + [true, 'eXamPle.com', ['exaMple.com']], + [true, 'eXamPle.com', ['http://exaMple.com']], + [true, 'eXamPle.com', ['http://piwik.org', 'http://www.exaMple.com', 'http://exaMple.com']], // multiple urls one or more are valid but not first one + [true, 'example.com', ['http://example.com/test']], // url with path but correct host + [true, 'example.com', ['http://www.example.com']], // subdomains are allowed + [false, 'example.com', ['http://wwwexample.com']], // it should not be possible to create a similar host and make redirects work again. we allow only subdomains + [true, 'example.com', ['http://ftp.exAmple.com/test']], + [true, 'example.com', ['http://www.exAmple.com/test']], + [false, 'ftp.example.com', ['http://www.example.com/test']], + [true, '127.0.0.1', []], // always trusted host + ]; } public function urlProvider() { - return array( - array('http://example.com/'), - array('https://example.com/'), - array('http://example.com/piwik/'), - array('http://example.com/index.php'), - array('http://example.com/index.php?foo=bar'), - array('http://example.com/index.php/.html?foo=bar', '/.html'), - ); + return [ + ['http://example.com/'], + ['https://example.com/'], + ['http://example.com/piwik/'], + ['http://example.com/index.php'], + ['http://example.com/index.php?foo=bar'], + ['http://example.com/index.php/.html?foo=bar', '/.html'], + ]; } /** @@ -412,14 +422,14 @@ class UrlTest extends \PHPUnit\Framework\TestCase public function urlWithoutQueryStringProvider() { - return array( - array('http://example.com/', 'http://example.com/'), - array('https://example.com/', 'https://example.com/'), - array('http://example.com/piwik/', 'http://example.com/piwik/'), - array('http://example.com/index.php', 'http://example.com/index.php'), - array('http://example.com/index.php?foo=bar', 'http://example.com/index.php'), - array('http://example.com/index.php/.html?foo=bar', 'http://example.com/index.php/.html', '/.html'), - ); + return [ + ['http://example.com/', 'http://example.com/'], + ['https://example.com/', 'https://example.com/'], + ['http://example.com/piwik/', 'http://example.com/piwik/'], + ['http://example.com/index.php', 'http://example.com/index.php'], + ['http://example.com/index.php?foo=bar', 'http://example.com/index.php'], + ['http://example.com/index.php/.html?foo=bar', 'http://example.com/index.php/.html', '/.html'], + ]; } /** @@ -443,7 +453,7 @@ class UrlTest extends \PHPUnit\Framework\TestCase $this->resetGlobalVariables(); // these variables where taken from a bug report - $_SERVER = array( + $_SERVER = [ 'QUERY_STRING' => 'foo=bar', 'PATH_INFO' => '/test.php', // Nginx passed a wrong value here (should be empty) 'SCRIPT_NAME' => '/test.php', @@ -453,7 +463,7 @@ class UrlTest extends \PHPUnit\Framework\TestCase 'SERVER_NAME' => 'example.com', 'HTTP_HOST' => 'example.com', 'PHP_SELF' => '/test.php/test.php', // Nginx passed a wrong value here (should be /test.php) - ); + ]; $expectedUrl = 'http://example.com/test.php?foo=bar'; @@ -462,8 +472,8 @@ class UrlTest extends \PHPUnit\Framework\TestCase private function resetGlobalVariables() { - $names = array('PATH_INFO', 'REQUEST_URI', 'SCRIPT_NAME', 'SCRIPT_FILENAME', 'argv', 'HTTPS', - 'HTTP_HOST', 'QUERY_STRING', 'HTTP_REFERER'); + $names = ['PATH_INFO', 'REQUEST_URI', 'SCRIPT_NAME', 'SCRIPT_FILENAME', 'argv', 'HTTPS', + 'HTTP_HOST', 'QUERY_STRING', 'HTTP_REFERER']; foreach ($names as $name) { unset($_SERVER[$name]); |