Merge pull request #7010 from nupplaphil/task/basepath_hardening
Basepath Hardening
This commit is contained in:
commit
e01cb50892
2 changed files with 63 additions and 13 deletions
|
@ -19,15 +19,21 @@ class BasePath
|
||||||
*/
|
*/
|
||||||
public static function create($basePath, array $server = [])
|
public static function create($basePath, array $server = [])
|
||||||
{
|
{
|
||||||
if (!$basePath && !empty($server['DOCUMENT_ROOT'])) {
|
if ((!$basePath || !is_dir($basePath)) && !empty($server['DOCUMENT_ROOT'])) {
|
||||||
$basePath = $server['DOCUMENT_ROOT'];
|
$basePath = $server['DOCUMENT_ROOT'];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$basePath && !empty($server['PWD'])) {
|
if ((!$basePath || !is_dir($basePath)) && !empty($server['PWD'])) {
|
||||||
$basePath = $server['PWD'];
|
$basePath = $server['PWD'];
|
||||||
}
|
}
|
||||||
|
|
||||||
return self::getRealPath($basePath);
|
$basePath = self::getRealPath($basePath);
|
||||||
|
|
||||||
|
if (!is_dir($basePath)) {
|
||||||
|
throw new \Exception(sprintf('\'%s\' is not a valid basepath', $basePath));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $basePath;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -6,24 +6,68 @@ use Friendica\Util\BasePath;
|
||||||
|
|
||||||
class BasePathTest extends MockedTest
|
class BasePathTest extends MockedTest
|
||||||
{
|
{
|
||||||
|
public function dataPaths()
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'fullPath' => [
|
||||||
|
'server' => [],
|
||||||
|
'input' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'relative' => [
|
||||||
|
'server' => [],
|
||||||
|
'input' => 'config',
|
||||||
|
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'document_root' => [
|
||||||
|
'server' => [
|
||||||
|
'DOCUMENT_ROOT' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'input' => '/noooop',
|
||||||
|
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'pwd' => [
|
||||||
|
'server' => [
|
||||||
|
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'input' => '/noooop',
|
||||||
|
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'no_overwrite' => [
|
||||||
|
'server' => [
|
||||||
|
'DOCUMENT_ROOT' => dirname(__DIR__, 3),
|
||||||
|
'PWD' => dirname(__DIR__, 3),
|
||||||
|
],
|
||||||
|
'input' => 'config',
|
||||||
|
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'no_overwrite_if_invalid' => [
|
||||||
|
'server' => [
|
||||||
|
'DOCUMENT_ROOT' => '/nopopop',
|
||||||
|
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
],
|
||||||
|
'input' => '/noatgawe22fafa',
|
||||||
|
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
|
||||||
|
]
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test the basepath determination
|
* Test the basepath determination
|
||||||
|
* @dataProvider dataPaths
|
||||||
*/
|
*/
|
||||||
public function testDetermineBasePath()
|
public function testDetermineBasePath(array $server, $input, $output)
|
||||||
{
|
{
|
||||||
$serverArr = ['DOCUMENT_ROOT' => '/invalid', 'PWD' => '/invalid2'];
|
$this->assertEquals($output, BasePath::create($input, $server));
|
||||||
$this->assertEquals('/valid', BasePath::create('/valid', $serverArr));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test the basepath determination with DOCUMENT_ROOT and PWD
|
* Test the basepath determination with a complete wrong path
|
||||||
|
* @expectedException \Exception
|
||||||
|
* @expectedExceptionMessageRegExp /(.*) is not a valid basepath/
|
||||||
*/
|
*/
|
||||||
public function testDetermineBasePathWithServer()
|
public function testFailedBasePath()
|
||||||
{
|
{
|
||||||
$serverArr = ['DOCUMENT_ROOT' => '/valid'];
|
BasePath::create('/now23452sgfgas', []);
|
||||||
$this->assertEquals('/valid', BasePath::create('', $serverArr));
|
|
||||||
|
|
||||||
$serverArr = ['PWD' => '/valid_too'];
|
|
||||||
$this->assertEquals('/valid_too', BasePath::create('', $serverArr));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue