diff options
| author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-04-05 05:32:06 +0300 |
|---|---|---|
| committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-04-05 05:32:06 +0300 |
| commit | f47db6b1a0a42dcbd64746a0c39f6272db29ba78 (patch) | |
| tree | 650408fcb45e9afdcfab732c1702e9878d268e39 | |
| parent | 7145a6b6cc4b59563ddad5d7626118b502b45a86 (diff) | |
Refactor `PhpMyAdmin\Core::isAllowedDomain` method
Simplifies the requirements and add more unit tests.
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
| -rw-r--r-- | libraries/classes/Core.php | 31 | ||||
| -rw-r--r-- | phpstan-baseline.neon | 10 | ||||
| -rw-r--r-- | psalm-baseline.xml | 3 | ||||
| -rw-r--r-- | test/classes/CoreTest.php | 68 |
4 files changed, 37 insertions, 75 deletions
diff --git a/libraries/classes/Core.php b/libraries/classes/Core.php index 5d22c22dd5..1b015a10f0 100644 --- a/libraries/classes/Core.php +++ b/libraries/classes/Core.php @@ -629,30 +629,17 @@ class Core */ public static function isAllowedDomain(string $url): bool { - $arr = parse_url($url); - - if (! is_array($arr)) { - $arr = []; - } - - // We need host to be set - if (! isset($arr['host']) || strlen($arr['host']) == 0) { + $parsedUrl = parse_url($url); + if ( + ! is_array($parsedUrl) + || ! isset($parsedUrl['host']) + || isset($parsedUrl['user']) + || isset($parsedUrl['pass']) + || isset($parsedUrl['port']) + ) { return false; } - // We do not want these to be present - $blocked = [ - 'user', - 'pass', - 'port', - ]; - foreach ($blocked as $part) { - if (isset($arr[$part]) && strlen((string) $arr[$part]) != 0) { - return false; - } - } - - $domain = $arr['host']; $domainAllowList = [ /* Include current domain */ $_SERVER['SERVER_NAME'], @@ -680,7 +667,7 @@ class Core 'mysqldatabaseadministration.blogspot.com', ]; - return in_array($domain, $domainAllowList); + return in_array($parsedUrl['host'], $domainAllowList, true); } /** diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index 35b2ab3bc0..e033af10e7 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -1701,11 +1701,6 @@ parameters: path: libraries/classes/Core.php - - message: "#^Offset 'pass'\\|'port'\\|'user' does not exist on array\\{host\\: non\\-empty\\-string, scheme\\?\\: string, port\\?\\: int, user\\?\\: string, pass\\?\\: string, path\\?\\: string, query\\?\\: string, fragment\\?\\: string\\}\\.$#" - count: 1 - path: libraries/classes/Core.php - - - message: "#^Method PhpMyAdmin\\\\CreateAddField\\:\\:buildColumnCreationStatement\\(\\) return type has no value type specified in iterable type array\\.$#" count: 1 path: libraries/classes/CreateAddField.php @@ -9051,11 +9046,6 @@ parameters: path: test/classes/Controllers/Server/VariablesControllerTest.php - - message: "#^Method PhpMyAdmin\\\\Tests\\\\CoreTest\\:\\:provideTestIsAllowedDomain\\(\\) return type has no value type specified in iterable type array\\.$#" - count: 1 - path: test/classes/CoreTest.php - - - message: "#^Method PhpMyAdmin\\\\Tests\\\\CoreTest\\:\\:provideTestSafeUnserialize\\(\\) return type has no value type specified in iterable type array\\.$#" count: 1 path: test/classes/CoreTest.php diff --git a/psalm-baseline.xml b/psalm-baseline.xml index 92b3149bea..a9a7201ca9 100644 --- a/psalm-baseline.xml +++ b/psalm-baseline.xml @@ -15269,8 +15269,7 @@ <code>$arr['sarr'][0]</code> <code>$arr['sarr'][0]</code> </MixedArrayAccess> - <MixedInferredReturnType occurrences="6"> - <code>array</code> + <MixedInferredReturnType occurrences="5"> <code>array</code> <code>array</code> <code>array</code> diff --git a/test/classes/CoreTest.php b/test/classes/CoreTest.php index f73f0e3fe0..b76c7d3d1c 100644 --- a/test/classes/CoreTest.php +++ b/test/classes/CoreTest.php @@ -604,14 +604,9 @@ class CoreTest extends AbstractNetworkTestCase } /** - * Test for unserializing - * - * @param string $url URL to test - * @param mixed $expected Expected result - * * @dataProvider provideTestIsAllowedDomain */ - public function testIsAllowedDomain(string $url, $expected): void + public function testIsAllowedDomain(string $url, bool $expected): void { $_SERVER['SERVER_NAME'] = 'server.local'; $this->assertEquals( @@ -621,45 +616,36 @@ class CoreTest extends AbstractNetworkTestCase } /** - * Test data provider - * - * @return array + * @return array<int, array<int, bool|string>> + * @psalm-return list<array{string, bool}> */ public function provideTestIsAllowedDomain(): array { return [ - [ - 'https://www.phpmyadmin.net/', - true, - ], - [ - 'http://duckduckgo.com\\@github.com', - false, - ], - [ - 'https://github.com/', - true, - ], - [ - 'https://github.com:123/', - false, - ], - [ - 'https://user:pass@github.com:123/', - false, - ], - [ - 'https://user:pass@github.com/', - false, - ], - [ - 'https://server.local/', - true, - ], - [ - './relative/', - false, - ], + ['', false], + ['//', false], + ['https://www.phpmyadmin.net/', true], + ['https://www.phpmyadmin.net:123/', false], + ['http://duckduckgo.com\\@github.com', false], + ['https://user:pass@github.com:123/', false], + ['https://user:pass@github.com/', false], + ['https://server.local/', true], + ['./relative/', false], + ['//wiki.phpmyadmin.net', true], + ['//www.phpmyadmin.net', true], + ['//phpmyadmin.net', true], + ['//demo.phpmyadmin.net', true], + ['//docs.phpmyadmin.net', true], + ['//dev.mysql.com', true], + ['//bugs.mysql.com', true], + ['//mariadb.org', true], + ['//mariadb.com', true], + ['//php.net', true], + ['//www.php.net', true], + ['//github.com', true], + ['//www.github.com', true], + ['//www.percona.com', true], + ['//mysqldatabaseadministration.blogspot.com', true], ]; } |