Merge pull request #7010 from nupplaphil/task/basepath_hardening
Basepath Hardening
This commit is contained in:
commit
e01cb50892
2 changed files with 63 additions and 13 deletions
|
@ -19,15 +19,21 @@ class BasePath
|
|||
*/
|
||||
public static function create($basePath, array $server = [])
|
||||
{
|
||||
if (!$basePath && !empty($server['DOCUMENT_ROOT'])) {
|
||||
if ((!$basePath || !is_dir($basePath)) && !empty($server['DOCUMENT_ROOT'])) {
|
||||
$basePath = $server['DOCUMENT_ROOT'];
|
||||
}
|
||||
|
||||
if (!$basePath && !empty($server['PWD'])) {
|
||||
if ((!$basePath || !is_dir($basePath)) && !empty($server['PWD'])) {
|
||||
$basePath = $server['PWD'];
|
||||
}
|
||||
|
||||
return self::getRealPath($basePath);
|
||||
$basePath = self::getRealPath($basePath);
|
||||
|
||||
if (!is_dir($basePath)) {
|
||||
throw new \Exception(sprintf('\'%s\' is not a valid basepath', $basePath));
|
||||
}
|
||||
|
||||
return $basePath;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,24 +6,68 @@ use Friendica\Util\BasePath;
|
|||
|
||||
class BasePathTest extends MockedTest
|
||||
{
|
||||
public function dataPaths()
|
||||
{
|
||||
return [
|
||||
'fullPath' => [
|
||||
'server' => [],
|
||||
'input' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'relative' => [
|
||||
'server' => [],
|
||||
'input' => 'config',
|
||||
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'document_root' => [
|
||||
'server' => [
|
||||
'DOCUMENT_ROOT' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'input' => '/noooop',
|
||||
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'pwd' => [
|
||||
'server' => [
|
||||
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'input' => '/noooop',
|
||||
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'no_overwrite' => [
|
||||
'server' => [
|
||||
'DOCUMENT_ROOT' => dirname(__DIR__, 3),
|
||||
'PWD' => dirname(__DIR__, 3),
|
||||
],
|
||||
'input' => 'config',
|
||||
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'no_overwrite_if_invalid' => [
|
||||
'server' => [
|
||||
'DOCUMENT_ROOT' => '/nopopop',
|
||||
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
],
|
||||
'input' => '/noatgawe22fafa',
|
||||
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the basepath determination
|
||||
* @dataProvider dataPaths
|
||||
*/
|
||||
public function testDetermineBasePath()
|
||||
public function testDetermineBasePath(array $server, $input, $output)
|
||||
{
|
||||
$serverArr = ['DOCUMENT_ROOT' => '/invalid', 'PWD' => '/invalid2'];
|
||||
$this->assertEquals('/valid', BasePath::create('/valid', $serverArr));
|
||||
$this->assertEquals($output, BasePath::create($input, $server));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the basepath determination with DOCUMENT_ROOT and PWD
|
||||
* Test the basepath determination with a complete wrong path
|
||||
* @expectedException \Exception
|
||||
* @expectedExceptionMessageRegExp /(.*) is not a valid basepath/
|
||||
*/
|
||||
public function testDetermineBasePathWithServer()
|
||||
public function testFailedBasePath()
|
||||
{
|
||||
$serverArr = ['DOCUMENT_ROOT' => '/valid'];
|
||||
$this->assertEquals('/valid', BasePath::create('', $serverArr));
|
||||
|
||||
$serverArr = ['PWD' => '/valid_too'];
|
||||
$this->assertEquals('/valid_too', BasePath::create('', $serverArr));
|
||||
BasePath::create('/now23452sgfgas', []);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue