1
0
Fork 0

Merge pull request #7010 from nupplaphil/task/basepath_hardening

Basepath Hardening
This commit is contained in:
Hypolite Petovan 2019-04-14 10:46:06 -04:00 committed by GitHub
commit e01cb50892
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 63 additions and 13 deletions

View file

@ -19,15 +19,21 @@ class BasePath
*/
public static function create($basePath, array $server = [])
{
if (!$basePath && !empty($server['DOCUMENT_ROOT'])) {
if ((!$basePath || !is_dir($basePath)) && !empty($server['DOCUMENT_ROOT'])) {
$basePath = $server['DOCUMENT_ROOT'];
}
if (!$basePath && !empty($server['PWD'])) {
if ((!$basePath || !is_dir($basePath)) && !empty($server['PWD'])) {
$basePath = $server['PWD'];
}
return self::getRealPath($basePath);
$basePath = self::getRealPath($basePath);
if (!is_dir($basePath)) {
throw new \Exception(sprintf('\'%s\' is not a valid basepath', $basePath));
}
return $basePath;
}
/**

View file

@ -6,24 +6,68 @@ use Friendica\Util\BasePath;
class BasePathTest extends MockedTest
{
public function dataPaths()
{
return [
'fullPath' => [
'server' => [],
'input' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'relative' => [
'server' => [],
'input' => 'config',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'document_root' => [
'server' => [
'DOCUMENT_ROOT' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'input' => '/noooop',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'pwd' => [
'server' => [
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'input' => '/noooop',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'no_overwrite' => [
'server' => [
'DOCUMENT_ROOT' => dirname(__DIR__, 3),
'PWD' => dirname(__DIR__, 3),
],
'input' => 'config',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'no_overwrite_if_invalid' => [
'server' => [
'DOCUMENT_ROOT' => '/nopopop',
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'input' => '/noatgawe22fafa',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
]
];
}
/**
* Test the basepath determination
* @dataProvider dataPaths
*/
public function testDetermineBasePath()
public function testDetermineBasePath(array $server, $input, $output)
{
$serverArr = ['DOCUMENT_ROOT' => '/invalid', 'PWD' => '/invalid2'];
$this->assertEquals('/valid', BasePath::create('/valid', $serverArr));
$this->assertEquals($output, BasePath::create($input, $server));
}
/**
* Test the basepath determination with DOCUMENT_ROOT and PWD
* Test the basepath determination with a complete wrong path
* @expectedException \Exception
* @expectedExceptionMessageRegExp /(.*) is not a valid basepath/
*/
public function testDetermineBasePathWithServer()
public function testFailedBasePath()
{
$serverArr = ['DOCUMENT_ROOT' => '/valid'];
$this->assertEquals('/valid', BasePath::create('', $serverArr));
$serverArr = ['PWD' => '/valid_too'];
$this->assertEquals('/valid_too', BasePath::create('', $serverArr));
BasePath::create('/now23452sgfgas', []);
}
}