From 882a3c383103802c491404032c5d267e4f5271a0 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 22 Jul 2017 17:26:41 +0200
Subject: [ticket/security/211] Make sure website URL only uses http & https
 schemes

SECURITY-211
---
 tests/profilefields/type_url_test.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'tests/profilefields')

diff --git a/tests/profilefields/type_url_test.php b/tests/profilefields/type_url_test.php
index cc37f04f30..aaba227348 100644
--- a/tests/profilefields/type_url_test.php
+++ b/tests/profilefields/type_url_test.php
@@ -89,6 +89,19 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
 				'FIELD_INVALID_URL-field',
 				'Field should reject invalid URL having multi value parameters',
 			),
+			// Not allowed schemes
+			array(
+				'ftp://example.com/',
+				array(),
+				'FIELD_INVALID_URL-field',
+				'Field should reject invalid URL having multi value parameters',
+			),
+			array(
+				'javascript://alert.com',
+				array(),
+				'FIELD_INVALID_URL-field',
+				'Field should reject invalid URL having multi value parameters',
+			),
 
 			// IDN url type profilefields
 			array(
-- 
cgit v1.2.3-65-gdbad