From 95624195af33d2d71f30da7ab4dcae0be434c574 Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 17 Dec 2018 13:20:12 -0500
Subject: [PATCH] Tests for an old PHP bug in parse_url

It would get confused by URLs with a query portion but no path.

We no longer support any vulnerable versions of PHP, but it would still
be useful to have these tests.

Bug: T212067
Change-Id: I15c15161a668115d68eb2e2f8004826b47148fc1
(cherry picked from commit 489bb4fb981cfe2e81b647c498e329033a4bc72b)
---
 .../GlobalFunctions/wfParseUrlTest.php        | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php b/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php
index b20cfb5c22..25a2342953 100644
--- a/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php
+++ b/tests/phpunit/includes/GlobalFunctions/wfParseUrlTest.php
@@ -152,6 +152,46 @@ class WfParseUrlTest extends MediaWikiTestCase {
 				'invalid://test/',
 				false
 			],
+			// T212067
+			[
+				'//evil.com?example.org/foo/bar',
+				[
+					'scheme' => '',
+					'delimiter' => '//',
+					'host' => 'evil.com',
+					'query' => 'example.org/foo/bar',
+				]
+			],
+			[
+				'//evil.com?example.org/foo/bar?baz#quux',
+				[
+					'scheme' => '',
+					'delimiter' => '//',
+					'host' => 'evil.com',
+					'query' => 'example.org/foo/bar?baz',
+					'fragment' => 'quux',
+				]
+			],
+			[
+				'//evil.com?example.org?baz#quux',
+				[
+					'scheme' => '',
+					'delimiter' => '//',
+					'host' => 'evil.com',
+					'query' => 'example.org?baz',
+					'fragment' => 'quux',
+				]
+			],
+			[
+				'//evil.com?example.org#quux',
+				[
+					'scheme' => '',
+					'delimiter' => '//',
+					'host' => 'evil.com',
+					'query' => 'example.org',
+					'fragment' => 'quux',
+				]
+			],
 		];
 	}
 }
-- 
2.20.1