diff options
author | Bishop Bettini <bishop.bettini@gmail.com> | 2018-02-01 21:29:37 -0500 |
---|---|---|
committer | Joe <krakjoe@php.net> | 2018-02-08 10:32:08 +0100 |
commit | d806d0315f96806ff79fcb87e22adfe7a5ca3cf9 (patch) | |
tree | 2b9921b4866937ab2148e8f4b81f0b9475092c55 /ext/phar/tests/bug65414.phpt | |
parent | 01eafceea12913e710b992fd88e5ab1e23662447 (diff) | |
download | php-git-d806d0315f96806ff79fcb87e22adfe7a5ca3cf9.tar.gz |
Fixed bug #65414
Diffstat (limited to 'ext/phar/tests/bug65414.phpt')
-rw-r--r-- | ext/phar/tests/bug65414.phpt | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ext/phar/tests/bug65414.phpt b/ext/phar/tests/bug65414.phpt new file mode 100644 index 0000000000..964ec72870 --- /dev/null +++ b/ext/phar/tests/bug65414.phpt @@ -0,0 +1,36 @@ +--TEST-- +Bug #65414 Injection (A1) in .phar files magic .phar directory +--SKIPIF-- +<?php if (!extension_loaded("phar")) die("skip"); ?> +--INI-- +phar.readonly = 0 +--FILE-- +<?php +$phar = new \Phar(__DIR__ . '/bug65414.phar', 0, 'bug65414.phar'); +$bads = [ + '.phar/injected-1.txt', + '/.phar/injected-2.txt', + '//.phar/injected-3.txt', + '/.phar/', +]; +foreach ($bads as $bad) { + echo $bad . ':'; + try { + $phar->addFromString($bad, 'this content is injected'); + echo 'Failed to throw expected exception'; + } catch (BadMethodCallException $ex) { + echo $ex->getMessage() . PHP_EOL; + } +} +echo 'done' . PHP_EOL; +?> +--CLEAN-- +<?php +unlink(__DIR__ . '/bug65414.phar'); +?> +--EXPECT-- +.phar/injected-1.txt:Cannot create any files in magic ".phar" directory +/.phar/injected-2.txt:Cannot create any files in magic ".phar" directory +//.phar/injected-3.txt:Entry //.phar/injected-3.txt does not exist and cannot be created: phar error: invalid path "//.phar/injected-3.txt" contains double slash +/.phar/:Cannot create any files in magic ".phar" directory +done |