Changeset 541

Timestamp:

Aug 12, 2015 12:22:54 AM (9 years ago)

Author:

anonymous

Message:

v2.2.0-3: Fixed auth password hashing verification issues. Updated hyperlinkTxt() with option. Updated tests.

Location:

trunk

Files:

• docs/version.txt (modified) (1 diff)
• lib/Auth_SQL.inc.php (modified) (6 diffs)
• lib/Prefs.inc.php (modified) (1 diff)
• lib/Utilities.inc.php (modified) (2 diffs)
• tests/AppTest.php (modified) (2 diffs)
• tests/AuthSQLTest.php (modified) (4 diffs)
• tests/Auth_SQLTest.php (deleted)
• tests/LockTest.php (modified) (5 diffs)
• tests/UtilitiesTest.php (modified) (3 diffs)
• tests/phpunit.xml (modified) (1 diff)
• tests/run_tests.sh (modified) (1 diff)

trunk/docs/version.txt

@@ -1 @@
-2.2.0dev
+2.2.0-3

trunk/lib/Auth_SQL.inc.php

@@ -627 +627 @@
             && !empty($_SESSION['_auth_sql'][$this->_ns]['username'])
             && isset($_SESSION['_auth_sql'][$this->_ns]['login_datetime'])
-            && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout']
+            && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > (time() - $this->_params['login_timeout'])
             && isset($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'])
-            && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout']
+            && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > (time() - $this->_params['idle_timeout'])
             && $remote_ip_is_matched
         ) {
@@ -650 +650 @@
         } else if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated']) {
             // User is authenticated, but login has expired.
-            if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - 43200) {
+            if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > (time() - 43200)) {
                 // Only raise message if last session is less than 12 hours old.
                 $app->raiseMsg(_("Your session has expired. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__);
@@ -657 +657 @@
             // Log the reason for login expiration.
             $expire_reasons = array();
-            if (empty($_SESSION['_auth_sql'][$this->_ns]['username'])) {
+            if (!isset($_SESSION['_auth_sql'][$this->_ns]['username']) || empty($_SESSION['_auth_sql'][$this->_ns]['username'])) {
                 $expire_reasons[] = 'username not found';
             }
-            if (strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) {
+            if (!isset($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) || strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) <= (time() - $this->_params['login_timeout'])) {
                 $expire_reasons[] = sprintf('login_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['login_datetime'], $this->_params['login_timeout']);
             }
-            if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) {
+            if (!isset($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) || strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= (time() - $this->_params['idle_timeout'])) {
                 $expire_reasons[] = sprintf('idle_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'], $this->_params['idle_timeout']);
             }
-            if ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr()) {
+            if (!isset($_SESSION['_auth_sql'][$this->_ns]['remote_ip']) || $_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr()) {
                 if ($this->getParam('match_remote_ip') && !$this->get('match_remote_ip_exempt') && !$user_in_trusted_network) {
                     // There are three cases when a remote IP match will be the cause of a session termination:
@@ -679 +679 @@
             $app->logMsg(sprintf('User_id %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);
         } else {
-            $app->logMsg('No authenticated token in _SESSION', LOG_DEBUG, __FILE__, __LINE__);
+            $app->logMsg('Session is not authenticated', LOG_DEBUG, __FILE__, __LINE__);
         }
 
@@ -943 +943 @@
         switch ($hash_type) {
         case self::ENCRYPT_CRYPT :
-            return $this->encryptPassword($password, $encrypted_password) == $encrypted_password;
+            return $this->encryptPassword($password, $encrypted_password, $hash_type) == $encrypted_password;
 
         case self::ENCRYPT_PLAINTEXT :
@@ -950 +950 @@
         case self::ENCRYPT_SHA1 :
         case self::ENCRYPT_SHA1_HARDENED :
-        default :
-            return $this->encryptPassword($password) == $encrypted_password;
+            return $this->encryptPassword($password, $encrypted_password, $hash_type) == $encrypted_password;
 
         case self::ENCRYPT_PASSWORD_BCRYPT :
         case self::ENCRYPT_PASSWORD_DEFAULT :
             return password_verify($password, $encrypted_password);
-        }
-
-        $app->logMsg(sprintf('Unknown hash type: %s', $hash_type), LOG_WARNING, __FILE__, __LINE__);
-        return false;
+
+        default :
+            $app->logMsg(sprintf('Unknown hash type: %s', $hash_type), LOG_WARNING, __FILE__, __LINE__);
+            return false;
+        }
+
     }
 

trunk/lib/Prefs.inc.php

@@ -87 +87 @@
         'user_id' => null,
 
-        // How long before we force a reload of the persistent prefs data? 3600 = once every hour.
-        'load_timeout' => 3600,
+        // How long before we force a reload of the persistent prefs data? 300 = every five minutes.
+        'load_timeout' => 300,
 
         // Name of database table to store prefs.

trunk/lib/Utilities.inc.php

@@ -215 +215 @@
 * @access   public
 * @param    string  $text   Text to search for URLs.
+* @param    bool    $strict True to only include URLs starting with a scheme (http:// ftp:// im://), or false to include URLs starting with 'www.'.
 * @param    mixed   $length Number of characters to truncate URL, or NULL to disable truncating.
 * @param    string  $delim  Delimiter to append, indicate truncation.
 * @return   string          Same input text, but URLs hyperlinked.
 * @author   Quinn Comendant <quinn@strangecode.com>
-* @version  1.0
+* @version  2.0
 * @since    22 Mar 2015 23:29:04
 */
-function hyperlinkTxt($text, $length=null, $delim='
')
-{
-    return preg_replace_callback(
-        // Inspired by @stephenhay's regex from https://mathiasbynens.be/demo/url-regex
-        // Here we capture the full URL into the first match and only the first X characters into the second match.
-        sprintf('@\b(?<!")(?<!\')(?<!=)(((?:https?|s?ftps?)://[^\s/$.?#].[^\s]{0,%s})[^\s]*)@iS', $length),
-        // Use an anonymous function to decide when to append the delim.
-        // Also encode special chars with oTxt().
-        function ($m) use ($length, $delim) {
-            if (is_null($length) || $m[1] == $m[2]) {
-                // If not truncating, or URL was not truncated.
-                return sprintf('<a href="%s">%s</a>', oTxt($m[1]), oTxt($m[1]));
-            } else {
-                // Truncated URL.
-                return sprintf('<a href="%s">%s%s</a>', oTxt($m[1]), oTxt(trim($m[2])), $delim);
-            }
-        },
-        $text
+function hyperlinkTxt($text, $strict=false, $length=null, $delim='
')
+{
+    // Capture the full URL into the first match and only the first X characters into the second match.
+    // This will match URLs not preceeded by " ' or = (URLs inside an attribute) or ` (Markdown quoted) or double-scheme (http://http://www.asdf.com)
+    // Valid URL characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~:/?#[]@!$&'()*+,;=
+    $regex = '@
+        \b                              # Start with a word-boundary.
+        (?<!"|\'|=|>|`|[\w-]{2}://)     # Negative look-behind to exclude URLs already in <a> tag, Markdown quoted, or double SCHEME://
+        (                               # Begin match 1
+            (                           # Begin match 2
+                (?:[\w-]{2,}://%s)      # URL starts with SCHEME:// or www. (if strict = false)
+                [^\s/$.?#]+             # Any domain-valid characters
+                \.                      # At least one point
+                [^\s"`<>]{1,%s}         # Match 2 is limited to a maximum of LENGTH valid URL characters
+            )
+            [^\s"`<>]*                  # Match 1 continues with any further valid URL characters
+            [^\P{Any}%s\s
<>«»"—–]      # Final character not a space or common end-of-sentence punctuation (.,:;?!, etc). Using double negation set, see http://stackoverflow.com/a/4786560/277303
+        )
+        @Suxi
+    ';
+    $regex = sprintf($regex,
+        ($strict ? '' : '|www\.'), // Strict=false allows URLs beginning with www.
+        $length,
+        ($strict ? '' : '?!.,:;)\'-') // Strict=false excludes these characters from set of the last character of URL.
     );
+
+    // Use a callback function to decide when to append the delim.
+    // Also encode special chars with oTxt().
+    return preg_replace_callback($regex, function ($m) use ($length, $delim) {
+        $url = $m[1];
+        $truncated_url = $m[2];
+        $absolute_url = preg_replace('!^www\.!', 'http://www.', $url);
+        if (is_null($length) || $url == $truncated_url) {
+            // If not truncating, or URL was not truncated.
+            $display_url = preg_replace('!^[\w-]{2,}://!', '', $url);
+            return sprintf('<a href="%s">%s</a>', oTxt($absolute_url), $display_url);
+        } else {
+            // Truncated URL.
+            $display_url = preg_replace('!^[\w-]{2,}://!', '', trim($truncated_url));
+            return sprintf('<a href="%s">%s%s</a>', oTxt($absolute_url), $display_url, $delim);
+        }
+    }, $text);
 }
 
@@ -452 +476 @@
 function URLSlug($str)
 {
-    $slug = preg_replace(array('/[^\w]+/', '/^-+|-+$/'), array('-', ''), $str);
+    $slug = preg_replace(array('/\W+/u', '/^-+|-+$/'), array('-', ''), $str);
     $slug = strtolower($slug);
     return $slug;

trunk/tests/AppTest.php

@@ -112 +112 @@
     function test_printraisedmessages()
     {
+        $app =& App::getInstance();
         ob_start();
         $this->test_raisemsg();  //had to add this line for phpunit ver. 3.7 ///
-        $app =& App::getInstance();
         $app->printraisedmessages();
         $result = ob_get_clean();
@@ -145 +145 @@
     {
         $app =& App::getInstance();
+        $app->setParam(array('session_use_trans_sid' => true));
         ob_start();
         $app->printhiddensession();

trunk/tests/AuthSQLTest.php

@@ -71 +71 @@
         ");
         $_SESSION = AuthSQLTest::$shared_session;
+
+        // Sessions require client IP addr.
+        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
     }
 
@@ -206 +209 @@
     function test_generatepassword()
     {
-        $result = $this->Auth_SQL->generatepassword('xCVcvd');
-        $this->assertRegExp('/[bcdfghjklmnprstvwxzBCDFGHJKLMNPRSTVWXZaeiouyAEIOUY0123456789!@#%&*-=+.?][bcdfghjklmnprstvwxzBCDFGHJKLMNPRSTVWXZ][aeiouyAEIOUY][bcdfghjklmnprstvwxz][aeiouy][0123456789]/', $result, 'Generated password does not match intended pattern');
+        $result = $this->Auth_SQL->generatepassword(10);
+        $this->assertEquals(14, strlen($result));
     }
 
     function test_encryptpassword()
     {
-        $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_MD5));
-        $result = $this->Auth_SQL->encryptpassword('123');
+        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5);
         $this->assertEquals('202cb962ac59075b964b07152d234b70', $result);
-
-        $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED));
-        $result = $this->Auth_SQL->encryptpassword('123');
-        $this->assertEquals('c55e4ac608a8768ecd758fab971b0646', $result);
-
-        $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1));
-        $result = $this->Auth_SQL->encryptpassword('123');
+        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5));
+
+        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5_HARDENED);
+        $this->assertEquals('1f0f8d357a96eb97f24371ebf53dcaf6', $result);
+        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5_HARDENED));
+
+        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1);
         $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $result);
-
-        $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED));
-        $result = $this->Auth_SQL->encryptpassword('123');
-        $this->assertEquals('33d90af96a5928ac93cbd41fc436e8c55d2768c2', $result);
-
-        $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_PLAINTEXT));
-        $result = $this->Auth_SQL->encryptpassword('123');
+        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1));
+
+        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1_HARDENED);
+        $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $result);
+        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1_HARDENED));
+
+        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_PLAINTEXT);
         $this->assertEquals('123', $result);
-
-        $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_CRYPT));
-        $result = $this->Auth_SQL->encryptpassword('123', 'saltstring');
-        $this->assertEquals('saEZ6MlWYV9nQ', $result);
+        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PLAINTEXT));
+
+        $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_CRYPT);
+        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_CRYPT));
+
+        if (function_exists('password_hash')) {
+            // Only available in PHP >= 5.5
+            $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_BCRYPT);
+            $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_BCRYPT));
+
+            $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_DEFAULT);
+            $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_DEFAULT));
+        }
     }
 
@@ -241 +252 @@
         $db =& DB::getInstance();
 
-        $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED));
+        $this->Auth_SQL->setParam(array('hash_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED));
         $this->Auth_SQL->setpassword(null, '123');
         $qid = $db->query("
@@ -248 +259 @@
         ");
         list($pass) = mysql_fetch_row($qid);
-        $this->assertEquals('33d90af96a5928ac93cbd41fc436e8c55d2768c2', $pass);
+        $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $pass);
     }
 

trunk/tests/LockTest.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -37 +37 @@
 
     function setUp()
-    {   
+    {
         require dirname(__FILE__) . '/_config.inc.php';
         require_once '../lib/Lock.inc.php';
@@ -71 +71 @@
             )
         ");
+
+        // Sessions require client IP addr.
+        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
+
         $this->Auth_SQL->login('testuser', 'testpass');
 
@@ -87 +91 @@
     {
         $db =& DB::getInstance();
-    
+
         unset($this->Lock);
         unset($this->Auth_SQL);

trunk/tests/UtilitiesTest.php

@@ -1 +1 @@
 <?php
-/// FIXME: Tests not implemented.
-return;
-
 /**
  * The Strangecode Codebase - a general application development framework for PHP
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -14 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -36 +33 @@
 class UtilitiesTest extends PHPUnit_Framework_TestCase {
 
-    var $Utilities;
-
-    function UtilitiesTest($name)
-    {
-        $this->PHPUnit_Framework_TestCase($name);
-    }
-
     function setUp()
     {
+        define('_CLI', true);
         require dirname(__FILE__) . '/_config.inc.php';
         require_once '../lib/Utilities.inc.php';
-        $this->Utilities =& new Utilities(PARAM);
+        // $this->Utilities =& new Utilities(PARAM);
     }
 
     function tearDown()
     {
-        unset($this->Utilities);
+        $app =& App::getInstance();
+        $app->stop();
+    }
+
+    function test_hyperlinkTxt()
+    {
+        $urls = [
+            ' http://www.asdf.com/ ' => ' <a href="http://www.asdf.com/">www.asdf.com/</a> ',
+            ' www.asdf.com/ ' => ' <a href="http://www.asdf.com/">www.asdf.com/</a> ',
+            ' www.asdf.com/? ' => ' <a href="http://www.asdf.com/">www.asdf.com/</a>? ',
+            ' www.asdf.com/?x=y+z ' => ' <a href="http://www.asdf.com/?x=y+z">www.asdf.com/?x=y+z</a> ',
+            ' www.asdf.com/?x=y+ ' => ' <a href="http://www.asdf.com/?x=y+">www.asdf.com/?x=y+</a> ',
+            ' www.asdf.com/?x= ' => ' <a href="http://www.asdf.com/?x=">www.asdf.com/?x=</a> ',
+            ' www.asdf.com/?x ' => ' <a href="http://www.asdf.com/?x">www.asdf.com/?x</a> ',
+            ' www.asdf.com/?❀=🔥 ' => ' <a href="http://www.asdf.com/?❀=🔥">www.asdf.com/?❀=🔥</a> ',
+            ' www.asdf.com? ' => ' <a href="http://www.asdf.com">www.asdf.com</a>? ',
+            ' www.asdf.com! ' => ' <a href="http://www.asdf.com">www.asdf.com</a>! ',
+            ' www.asdf.com. ' => ' <a href="http://www.asdf.com">www.asdf.com</a>. ',
+            ' `www.asdf.com` ' => ' `www.asdf.com` ',
+            ' "www.asdf.com" ' => ' "www.asdf.com" ',
+            ' <www.asdf.com> ' => ' <<a href="http://www.asdf.com">www.asdf.com</a>> ',
+            ' <http://www.asdf.com> ' => ' <<a href="http://www.asdf.com">www.asdf.com</a>> ',
+            ' (http://www.asdf.com) ' => ' (<a href="http://www.asdf.com">www.asdf.com</a>) ',
+            ' (URL: http://www.asdf.com#1) ' => ' (URL: <a href="http://www.asdf.com#1">www.asdf.com#1</a>) ',
+            ' <a href="http://www.example.com/">Click Here</a> ' => ' <a href="http://www.example.com/">Click Here</a> ',
+            ' <a href="http://www.example.com/">http://www.example.com/</a> ' => ' <a href="http://www.example.com/">http://www.example.com/</a> ',
+            ' <a href=http://www.example.com/>http://www.example.com/</a> ' => ' <a href=http://www.example.com/>http://www.example.com/</a> ',
+            ' <a href=\'http://www.example.com/\' >http://www.example.com/</a> ' => ' <a href=\'http://www.example.com/\' >http://www.example.com/</a> ',
+            ' http://foo.com/blah_blah ' => ' <a href="http://foo.com/blah_blah">foo.com/blah_blah</a> ',
+            ' http://foo.com/blah_blah/ ' => ' <a href="http://foo.com/blah_blah/">foo.com/blah_blah/</a> ',
+            ' http://foo.com/blah_blah_(wikipedia) ' => ' <a href="http://foo.com/blah_blah_(wikipedia">foo.com/blah_blah_(wikipedia</a>) ',
+            ' http://foo.com/blah_blah_(wikipedia)_(again) ' => ' <a href="http://foo.com/blah_blah_(wikipedia)_(again">foo.com/blah_blah_(wikipedia)_(again</a>) ',
+            ' http://www.example.com/wpstyle/?p=364 ' => ' <a href="http://www.example.com/wpstyle/?p=364">www.example.com/wpstyle/?p=364</a> ',
+            ' https://www.example.com/foo/?bar=baz&inga=42&quux ' => ' <a href="https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux">www.example.com/foo/?bar=baz&inga=42&quux</a> ',
+            ' http://✪df.ws/123 ' => ' <a href="http://✪df.ws/123">✪df.ws/123</a> ',
+            ' http://userid:password@example.com:8080 ' => ' <a href="http://userid:password@example.com:8080">userid:password@example.com:8080</a> ',
+            ' http://userid:password@example.com:8080/ ' => ' <a href="http://userid:password@example.com:8080/">userid:password@example.com:8080/</a> ',
+            ' http://userid@example.com ' => ' <a href="http://userid@example.com">userid@example.com</a> ',
+            ' http://userid@example.com/ ' => ' <a href="http://userid@example.com/">userid@example.com/</a> ',
+            ' http://userid@example.com:8080 ' => ' <a href="http://userid@example.com:8080">userid@example.com:8080</a> ',
+            ' http://userid@example.com:8080/ ' => ' <a href="http://userid@example.com:8080/">userid@example.com:8080/</a> ',
+            ' http://userid:password@example.com ' => ' <a href="http://userid:password@example.com">userid:password@example.com</a> ',
+            ' http://userid:password@example.com/ ' => ' <a href="http://userid:password@example.com/">userid:password@example.com/</a> ',
+            ' http://142.42.1.1/ ' => ' <a href="http://142.42.1.1/">142.42.1.1/</a> ',
+            ' http://142.42.1.1:8080/ ' => ' <a href="http://142.42.1.1:8080/">142.42.1.1:8080/</a> ',
+            ' http://➡.ws/䚹 ' => ' <a href="http://➡.ws/䚹">➡.ws/䚹</a> ',
+            ' http://⌘.ws ' => ' <a href="http://⌘.ws">⌘.ws</a> ',
+            ' http://⌘.ws/ ' => ' <a href="http://⌘.ws/">⌘.ws/</a> ',
+            ' http://foo.com/blah_(wikipedia)#cite-1 ' => ' <a href="http://foo.com/blah_(wikipedia)#cite-1">foo.com/blah_(wikipedia)#cite-1</a> ',
+            ' http://foo.com/blah_(wikipedia)_blah#cite-1 ' => ' <a href="http://foo.com/blah_(wikipedia)_blah#cite-1">foo.com/blah_(wikipedia)_blah#cite-1</a> ',
+            ' http://foo.com/unicode_(✪)_in_parens ' => ' <a href="http://foo.com/unicode_(✪)_in_parens">foo.com/unicode_(✪)_in_parens</a> ',
+            ' http://foo.com/(something)?after=parens ' => ' <a href="http://foo.com/(something)?after=parens">foo.com/(something)?after=parens</a> ',
+            ' http://☺.damowmow.com/ ' => ' <a href="http://☺.damowmow.com/">☺.damowmow.com/</a> ',
+            ' http://code.google.com/events/#&product=browser ' => ' <a href="http://code.google.com/events/#&amp;product=browser">code.google.com/events/#&product=browser</a> ',
+            ' http://j.mp ' => ' <a href="http://j.mp">j.mp</a> ',
+            ' ftp://foo.bar/baz ' => ' <a href="ftp://foo.bar/baz">foo.bar/baz</a> ',
+            ' http://foo.bar/?q=Test%20URL-encoded%20stuff ' => ' <a href="http://foo.bar/?q=Test%20URL-encoded%20stuff">foo.bar/?q=Test%20URL-encoded%20stuff</a> ',
+            ' http://Ù
+ثال.إختؚار ' => ' <a href="http://Ù
+ثال.إختؚار">Ù
+ثال.إختؚار</a> ',
+            ' http://䟋子.测试 ' => ' <a href="http://䟋子.测试">䟋子.测试</a> ',
+            ' http://à€‰à€Šà€Ÿà€¹à€°à€£.à€ªà€°à¥€à€•à¥à€·à€Ÿ ' => ' <a href="http://à€‰à€Šà€Ÿà€¹à€°à€£.à€ªà€°à¥€à€•à¥à€·à€Ÿ">à€‰à€Šà€Ÿà€¹à€°à€£.à€ªà€°à¥€à€•à¥à€·à€Ÿ</a> ',
+            ' http://-.~_!$&\'()*+,;=:%40:80%2f::::::@example.com ' => ' <a href="http://-.~_!$&amp;&#039;()*+,;=:%40:80%2f::::::@example.com">-.~_!$&\'()*+,;=:%40:80%2f::::::@example.com</a> ',
+            ' http://1337.net ' => ' <a href="http://1337.net">1337.net</a> ',
+            ' http://a.b-c.de ' => ' <a href="http://a.b-c.de">a.b-c.de</a> ',
+            ' http://223.255.255.254 ' => ' <a href="http://223.255.255.254">223.255.255.254</a> ',
+            ' http://x and.co OK?' => ' http://x and.co OK?',
+            ' http://foo.bar?q=Spaces should be encoded ' => ' <a href="http://foo.bar?q=Spaces">foo.bar?q=Spaces</a> should be encoded ',
+            ' https://github.com/search?utf8=✓&q=gif ' => ' <a href="https://github.com/search?utf8=✓&amp;q=gif">github.com/search?utf8=✓&q=gif</a> ',
+            ' https://github.com/search?q=gif&utf8=* ' => ' <a href="https://github.com/search?q=gif&amp;utf8=*">github.com/search?q=gif&utf8=*</a> ',
+            ' https://github.com/search?q=gif&utf8=✓ ' => ' <a href="https://github.com/search?q=gif&amp;utf8=✓">github.com/search?q=gif&utf8=✓</a> ',
+
+            // These are allowed to fuckup due to limitations in our ability to be omnipotent.
+            ' <a href=http://www.example.com/ > http://www.example.com/</a> ' => ' <a href=http://www.example.com/ > <a href="http://www.example.com/">www.example.com/</a></a> ',
+        ];
+        foreach ($urls as $input => $expected) {
+            $result = hyperlinkTxt($input, false);
+            $this->assertEquals($expected, $result, sprintf('Failed with input: %s', $input));
+        }
     }
 

trunk/tests/phpunit.xml

@@ -34 +34 @@
             <file>PayPalTest.php</file>
             <file>VersionTest.php</file>
+            <file>UtilitiesTest.php</file>
         </testsuite>
     </testsuites>

trunk/tests/run_tests.sh

@@ -31 +31 @@
 # Config options go in phpunit.xml
 # phpunit --tap | grep -v '^ok '
-phpunit --stderr
+phpunit --stderr || echo "Something went wrong (if there is no output above, check the php_error_log)";