aliens/SemanticScuttle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

do not add bookmarks with an invalid URL

Browse source
This commit is contained in:
Christian Weiske 2011-05-03 19:10:12 +02:00
parent 218ac05e71
commit fb11021ed7
2 changed files with 19 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/SemanticScuttle/Service/Bookmark.php
View file

@ -435,6 +435,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
/** /**
* Adds a bookmark to the database. * Adds a bookmark to the database.
* *
* Security checks are being made here, but no error reasons will be
* returned. It is the responsibility of the code that calls
* addBookmark() to verify the data.
*
* @param string $address Full URL of the bookmark * @param string $address Full URL of the bookmark
* @param string $title Bookmark title * @param string $title Bookmark title
* @param string $description Long bookmark description * @param string $description Long bookmark description
@ -453,7 +457,8 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* @param boolean $fromImport True when the bookmark is from an import. * @param boolean $fromImport True when the bookmark is from an import.
* @param integer $sId ID of user who creates the bookmark. * @param integer $sId ID of user who creates the bookmark.
* *
* @return integer Bookmark ID * @return mixed Integer bookmark ID if saving succeeded, false in
* case of an error. Error reasons are not returned.
*/ */
public function addBookmark( public function addBookmark(
$address, $title, $description, $privateNote, $status, $tags, $address, $title, $description, $privateNote, $status, $tags,
@ -466,6 +471,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
} }
$address = $this->normalize($address); $address = $this->normalize($address);
if (!SemanticScuttle_Model_Bookmark::isValidUrl($address)) {
return false;
}
/* /*
* Note that if date is NULL, then it's added with a date and * Note that if date is NULL, then it's added with a date and

11
tests/BookmarkTest.php
View file

@ -65,7 +65,16 @@ class BookmarkTest extends TestBase
$this->assertEquals('myShortName', $bm['bShort']); $this->assertEquals('myShortName', $bm['bShort']);
} }
public function testHardCharactersInBookmarks() public function testAddBookmarkInvalidUrl()
{
$retval = $this->bs->addBookmark(
'javascript:alert(123)', 'title', 'desc', 'priv',
0, array()
);
$this->assertFalse($retval, 'Bookmark with invalid URL was accepted');
}
public function testAddBookmarkWithSpecialCharacters()
{ {
$bs = $this->bs; $bs = $this->bs;
$title = "title&é\"'(-è_çà)="; $title = "title&é\"'(-è_çà)=";