smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

added security test case

Browse Source
This commit is contained in:
Uwe Tews
2018-04-26 21:37:38 +02:00
parent 18d15d7669
commit 05ce67754a
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionFetchTest.php
View File

@@ -54,7 +54,7 @@ class PluginFunctionFetchTest extends PHPUnit_Smarty
* test {fetch file=...} access to file from path not aloo/wed by security settings * test {fetch file=...} access to file from path not aloo/wed by security settings
* *
* @expectedException SmartyException * @expectedException SmartyException
* @expectedExceptionMessage not trusted file pat * @expectedExceptionMessage not trusted file path
* @run InSeparateProcess * @run InSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
*/ */
@@ -65,4 +65,21 @@ class PluginFunctionFetchTest extends PHPUnit_Smarty
$this->smarty->enableSecurity(); $this->smarty->enableSecurity();
$result = $this->smarty->fetch('string:{fetch file=\''. $dir[0]. '../../../../../etc/passwd\'}'); $result = $this->smarty->fetch('string:{fetch file=\''. $dir[0]. '../../../../../etc/passwd\'}');
} }
/**
* test {fetch file=...} access to file from path not aloo/wed by security settings
*
* @expectedException SmartyException
* @expectedExceptionMessage not trusted file path
* @run InSeparateProcess
* @preserveGlobalState disabled
*/
public function testFetchSecurity2()
{
$this->cleanDirs();
$dir=$this->smarty->getTemplateDir();
$this->smarty->enableSecurity();
$this->smarty->setTemplateDir('/templates');
$result = $this->smarty->fetch('string:{fetch file="/templates/../etc/passwd"}');
}
} }