From d59e6804fcadaf170cce5a1c12cb42287942eeee Mon Sep 17 00:00:00 2001 From: Uwe Tews Date: Thu, 26 Apr 2018 12:59:14 +0200 Subject: [PATCH] Update for {fetch} plugin --- .../PluginFunctionFetchTest.php | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionFetchTest.php b/tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionFetchTest.php index d59776f4..3e070165 100644 --- a/tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionFetchTest.php +++ b/tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionFetchTest.php @@ -20,7 +20,7 @@ class PluginFunctionFetchTest extends PHPUnit_Smarty $this->setUpSmarty(dirname(__FILE__)); } - public function testInit() + public function testInit() { $this->cleanDirs(); } @@ -46,22 +46,23 @@ class PluginFunctionFetchTest extends PHPUnit_Smarty * @preserveGlobalState disabled */ public function testFetchInvalidUri() - { - $result = $this->smarty->fetch('string:{fetch file="https://foo.smarty.net/foo.dat"}'); - } + { + $result = $this->smarty->fetch('string:{fetch file="https://foo.smarty.net/foo.dat"}'); + } /** - * test {fetch file=...} access to file from path not aloowed by security settings + * test {fetch file=...} access to file from path not aloo/wed by security settings * * @expectedException SmartyException - * @expectedExceptionMessage not allowed by security setting + * @expectedExceptionMessage not trusted file pat * @run InSeparateProcess * @preserveGlobalState disabled */ public function testFetchSecurity() - { - $dir=$this->smarty->getTemplateDir(); - $this->smarty->enableSecurity(); - $result = $this->smarty->fetch('string:{fetch file=\''. $dir[0]. '..\..\..\..\..\etc\passwd\'}'); - } + { + $this->cleanDirs(); + $dir=$this->smarty->getTemplateDir(); + $this->smarty->enableSecurity(); + $result = $this->smarty->fetch('string:{fetch file=\''. $dir[0]. '../../../../../etc/passwd\'}'); + } }