Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2024-11-19 11:43:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #7010 from nupplaphil/task/basepath_hardening

Browse source 
Basepath Hardening
This commit is contained in:
Hypolite Petovan 2019-04-14 10:46:06 -04:00 committed by GitHub
commit e01cb50892
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 63 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/Util/BasePath.php
View file

@ -19,15 +19,21 @@ class BasePath
*/ */
public static function create($basePath, array $server = []) public static function create($basePath, array $server = [])
{ {
if (!$basePath && !empty($server['DOCUMENT_ROOT'])) { if ((!$basePath || !is_dir($basePath)) && !empty($server['DOCUMENT_ROOT'])) {
$basePath = $server['DOCUMENT_ROOT']; $basePath = $server['DOCUMENT_ROOT'];
} }
if (!$basePath && !empty($server['PWD'])) { if ((!$basePath || !is_dir($basePath)) && !empty($server['PWD'])) {
$basePath = $server['PWD']; $basePath = $server['PWD'];
} }
return self::getRealPath($basePath); $basePath = self::getRealPath($basePath);
if (!is_dir($basePath)) {
throw new \Exception(sprintf('\'%s\' is not a valid basepath', $basePath));
}
return $basePath;
} }
/** /**

64
tests/src/Util/BasePathTest.php
View file

@ -6,24 +6,68 @@ use Friendica\Util\BasePath;
class BasePathTest extends MockedTest class BasePathTest extends MockedTest
{ {
public function dataPaths()
{
return [
'fullPath' => [
'server' => [],
'input' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'relative' => [
'server' => [],
'input' => 'config',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'document_root' => [
'server' => [
'DOCUMENT_ROOT' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'input' => '/noooop',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'pwd' => [
'server' => [
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'input' => '/noooop',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'no_overwrite' => [
'server' => [
'DOCUMENT_ROOT' => dirname(__DIR__, 3),
'PWD' => dirname(__DIR__, 3),
],
'input' => 'config',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'no_overwrite_if_invalid' => [
'server' => [
'DOCUMENT_ROOT' => '/nopopop',
'PWD' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
],
'input' => '/noatgawe22fafa',
'output' => dirname(__DIR__, 3) . DIRECTORY_SEPARATOR . 'config',
]
];
}
/** /**
* Test the basepath determination * Test the basepath determination
* @dataProvider dataPaths
*/ */
public function testDetermineBasePath() public function testDetermineBasePath(array $server, $input, $output)
{ {
$serverArr = ['DOCUMENT_ROOT' => '/invalid', 'PWD' => '/invalid2']; $this->assertEquals($output, BasePath::create($input, $server));
$this->assertEquals('/valid', BasePath::create('/valid', $serverArr));
} }
/** /**
* Test the basepath determination with DOCUMENT_ROOT and PWD * Test the basepath determination with a complete wrong path
* @expectedException \Exception
* @expectedExceptionMessageRegExp /(.*) is not a valid basepath/
*/ */
public function testDetermineBasePathWithServer() public function testFailedBasePath()
{ {
$serverArr = ['DOCUMENT_ROOT' => '/valid']; BasePath::create('/now23452sgfgas', []);
$this->assertEquals('/valid', BasePath::create('', $serverArr));
$serverArr = ['PWD' => '/valid_too'];
$this->assertEquals('/valid_too', BasePath::create('', $serverArr));
} }
} }