smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update for {fetch} plugin

Browse Source
This commit is contained in:
Uwe Tews
2018-04-26 12:59:14 +02:00
parent c4f3d4fb98
commit d59e6804fc
1 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionFetchTest.php
View File

@@ -20,7 +20,7 @@ class PluginFunctionFetchTest extends PHPUnit_Smarty
$this->setUpSmarty(dirname(__FILE__));
}
public function testInit()
public function testInit()
{
$this->cleanDirs();
}
@@ -46,22 +46,23 @@ class PluginFunctionFetchTest extends PHPUnit_Smarty
* @preserveGlobalState disabled
*/
public function testFetchInvalidUri()
{
$result = $this->smarty->fetch('string:{fetch file="https://foo.smarty.net/foo.dat"}');
}
{
$result = $this->smarty->fetch('string:{fetch file="https://foo.smarty.net/foo.dat"}');
}
/**
* test {fetch file=...} access to file from path not aloowed by security settings
* test {fetch file=...} access to file from path not aloo/wed by security settings
*
* @expectedException SmartyException
* @expectedExceptionMessage not allowed by security setting
* @expectedExceptionMessage not trusted file pat
* @run InSeparateProcess
* @preserveGlobalState disabled
*/
public function testFetchSecurity()
{
$dir=$this->smarty->getTemplateDir();
$this->smarty->enableSecurity();
$result = $this->smarty->fetch('string:{fetch file=\''. $dir[0]. '..\..\..\..\..\etc\passwd\'}');
}
{
$this->cleanDirs();
$dir=$this->smarty->getTemplateDir();
$this->smarty->enableSecurity();
$result = $this->smarty->fetch('string:{fetch file=\''. $dir[0]. '../../../../../etc/passwd\'}');
}
}