Tests for an old PHP bug in parse_url

It would get confused by URLs with a query portion but no path.

We no longer support any vulnerable versions of PHP, but it would still
be useful to have these tests.

Bug: T212067
Change-Id: I15c15161a668115d68eb2e2f8004826b47148fc1
(cherry picked from commit 489bb4fb981cfe2e81b647c498e329033a4bc72b)

diff --git a/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php b/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php
index b20cfb5..25a2342 100644 (file)
--- a/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php
+++ b/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php
@@ -152,6 +152,46 @@ class WfParseUrlTest extends MediaWikiTestCase {
                                'invalid://test/',
                                false
                        ],
+                       // T212067
+                       [
+                               '//evil.com?example.org/foo/bar',
+                               [
+                                       'scheme' => '',
+                                       'delimiter' => '//',
+                                       'host' => 'evil.com',
+                                       'query' => 'example.org/foo/bar',
+                               ]
+                       ],
+                       [
+                               '//evil.com?example.org/foo/bar?baz#quux',
+                               [
+                                       'scheme' => '',
+                                       'delimiter' => '//',
+                                       'host' => 'evil.com',
+                                       'query' => 'example.org/foo/bar?baz',
+                                       'fragment' => 'quux',
+                               ]
+                       ],
+                       [
+                               '//evil.com?example.org?baz#quux',
+                               [
+                                       'scheme' => '',
+                                       'delimiter' => '//',
+                                       'host' => 'evil.com',
+                                       'query' => 'example.org?baz',
+                                       'fragment' => 'quux',
+                               ]
+                       ],
+                       [
+                               '//evil.com?example.org#quux',
+                               [
+                                       'scheme' => '',
+                                       'delimiter' => '//',
+                                       'host' => 'evil.com',
+                                       'query' => 'example.org',
+                                       'fragment' => 'quux',
+                               ]
+                       ],
                ];
        }
 }