diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-07-22 17:26:41 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-07-22 17:38:04 +0200 |
| commit | 882a3c383103802c491404032c5d267e4f5271a0 (patch) | |
| tree | 75267473a962e822fb7c4daf0d98e2b799782ea2 /tests/profilefields | |
| parent | fa3bdedf7bebd64336daaeff7c41b842fa098cf9 (diff) | |
| download | forums-882a3c383103802c491404032c5d267e4f5271a0.tar forums-882a3c383103802c491404032c5d267e4f5271a0.tar.gz forums-882a3c383103802c491404032c5d267e4f5271a0.tar.bz2 forums-882a3c383103802c491404032c5d267e4f5271a0.tar.xz forums-882a3c383103802c491404032c5d267e4f5271a0.zip | |
[ticket/security/211] Make sure website URL only uses http & https schemes
SECURITY-211
Diffstat (limited to 'tests/profilefields')
| -rw-r--r-- | tests/profilefields/type_url_test.php | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/profilefields/type_url_test.php b/tests/profilefields/type_url_test.php index cc37f04f30..aaba227348 100644 --- a/tests/profilefields/type_url_test.php +++ b/tests/profilefields/type_url_test.php @@ -89,6 +89,19 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case 'FIELD_INVALID_URL-field', 'Field should reject invalid URL having multi value parameters', ), + // Not allowed schemes + array( + 'ftp://example.com/', + array(), + 'FIELD_INVALID_URL-field', + 'Field should reject invalid URL having multi value parameters', + ), + array( + 'javascript://alert.com', + array(), + 'FIELD_INVALID_URL-field', + 'Field should reject invalid URL having multi value parameters', + ), // IDN url type profilefields array( |