/**
* Adds a bookmark to the database.
*
+ * Security checks are being made here, but no error reasons will be
+ * returned. It is the responsibility of the code that calls
+ * addBookmark() to verify the data.
+ *
* @param string $address Full URL of the bookmark
* @param string $title Bookmark title
* @param string $description Long bookmark description
* @param boolean $fromImport True when the bookmark is from an import.
* @param integer $sId ID of user who creates the bookmark.
*
- * @return integer Bookmark ID
+ * @return mixed Integer bookmark ID if saving succeeded, false in
+ * case of an error. Error reasons are not returned.
*/
public function addBookmark(
$address, $title, $description, $privateNote, $status, $tags,
}
$address = $this->normalize($address);
+ if (!SemanticScuttle_Model_Bookmark::isValidUrl($address)) {
+ return false;
+ }
/*
* Note that if date is NULL, then it's added with a date and
$this->assertEquals('myShortName', $bm['bShort']);
}
- public function testHardCharactersInBookmarks()
+ public function testAddBookmarkInvalidUrl()
+ {
+ $retval = $this->bs->addBookmark(
+ 'javascript:alert(123)', 'title', 'desc', 'priv',
+ 0, array()
+ );
+ $this->assertFalse($retval, 'Bookmark with invalid URL was accepted');
+ }
+
+ public function testAddBookmarkWithSpecialCharacters()
{
$bs = $this->bs;
$title = "title&é\"'(-è_çà)=";
projects / semanticscuttle.git / commitdiff