diff --git a/data/config.default.php b/data/config.default.php index af79891..b2c7307 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -462,6 +462,21 @@ $filetypes = array( 'video' => array('avi', 'mov', 'mp4', 'mpeg', 'mpg', 'wmv') ); +/** + * Link protocols that are allowed for newly added bookmarks. + * This prevents i.e. adding javascript: links. + * + * @link http://en.wikipedia.org/wiki/URI_scheme + * + * @var array + */ +$allowedProtocols = array( + 'ftp', 'ftps', + 'http', 'https', + 'mailto', 'nntp', + 'xmpp' +); + /** * Enable the "common bookmark description" functionality * diff --git a/src/SemanticScuttle/Model/Bookmark.php b/src/SemanticScuttle/Model/Bookmark.php new file mode 100644 index 0000000..2cbe38d --- /dev/null +++ b/src/SemanticScuttle/Model/Bookmark.php @@ -0,0 +1,38 @@ + + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +/** + * Bookmark model class, keeping the data of a single bookmark. + * It will slowly replace the old array style format. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Model_Bookmark +{ + public static function isValidUrl($url) + { + $scheme = parse_url($url, PHP_URL_SCHEME); + if (array_search($scheme, $GLOBALS['allowedProtocols']) === false) { + return false; + } + return true; + } + +} + + +?> \ No newline at end of file diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php index 75e5204..d812124 100644 --- a/src/SemanticScuttle/header.php +++ b/src/SemanticScuttle/header.php @@ -82,6 +82,7 @@ require_once 'SemanticScuttle/Service.php'; require_once 'SemanticScuttle/DbService.php'; require_once 'SemanticScuttle/Service/Factory.php'; require_once 'SemanticScuttle/functions.php'; +require_once 'SemanticScuttle/Model/Bookmark.php'; require_once 'SemanticScuttle/Model/UserArray.php'; if (count($GLOBALS['serviceoverrides']) > 0 diff --git a/tests/Model/BookmarkTest.php b/tests/Model/BookmarkTest.php new file mode 100644 index 0000000..9f55143 --- /dev/null +++ b/tests/Model/BookmarkTest.php @@ -0,0 +1,65 @@ + + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +/** + * Unit tests for the SemanticScuttle Bookmark model + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class Model_BookmarkTest extends TestBase +{ + public function testIsValidUrlValid() + { + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'http://example.org/foo/bar?baz=foorina' + ) + ); + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'https://example.org/' + ) + ); + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'ftp://user:pass@example.org/' + ) + ); + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'mailto:cweiske@example.org' + ) + ); + } + + public function testIsValidUrlInvalid() + { + $this->assertFalse( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'javascript:alert("foo")' + ) + ); + $this->assertFalse( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'foo://example.org/foo/bar' + ) + ); + } + +} + +?> \ No newline at end of file