diff options
| author | Christian Stocker <chregu@php.net> | 2011-09-12 12:44:49 +0000 |
|---|---|---|
| committer | Christian Stocker <chregu@php.net> | 2011-09-12 12:44:49 +0000 |
| commit | cc2fd6412129c8d8849751f409cc7b1ff7c705ba (patch) | |
| tree | 1d0aed58a6fb9965528d1b93b77b6e8ed2b1f83f /ext/xsl/tests | |
| parent | 9bbb03391fc6197a2bb6fb8e3e3973b9d0cd8385 (diff) | |
| download | php-git-cc2fd6412129c8d8849751f409cc7b1ff7c705ba.tar.gz | |
Added test for XSL bug 54446
Diffstat (limited to 'ext/xsl/tests')
| -rw-r--r-- | ext/xsl/tests/bug54446.phpt | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/ext/xsl/tests/bug54446.phpt b/ext/xsl/tests/bug54446.phpt new file mode 100644 index 0000000000..f00b118ff8 --- /dev/null +++ b/ext/xsl/tests/bug54446.phpt @@ -0,0 +1,95 @@ +--TEST-- +Bug #54446 (Arbitrary file creation via libxslt 'output' extension) +--SKIPIF-- +<?php +if (!extension_loaded('xsl')) die("skip Extension XSL is required\n"); +?> +--FILE-- +<?php +include("prepare.inc"); + +$outputfile = dirname(__FILE__)."/bug54446test.txt"; +if (file_exists($outputfile)) { + unlink($outputfile); +} + +$sXsl = <<<EOT +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:sax="http://icl.com/saxon" + extension-element-prefixes="sax"> + + <xsl:template match="/"> + <sax:output href="$outputfile" method="text"> + <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/> + </sax:output> + </xsl:template> + +</xsl:stylesheet> +EOT; + +$xsl->loadXML( $sXsl ); + +# START XSLT +$proc->importStylesheet( $xsl ); + +# TRASNFORM & PRINT +print $proc->transformToXML( $dom ); + + +if (file_exists($outputfile)) { + print "$outputfile exists, but shouldn't!\n"; +} else { + print "OK, no file created\n"; +} + +#SET NO SECURITY PREFS +$proc->setSecurityPrefs(XSL_SECPREF_NONE); + +# TRASNFORM & PRINT +print $proc->transformToXML( $dom ); + + +if (file_exists($outputfile)) { + print "OK, file exists\n"; +} else { + print "$outputfile doesn't exist, but should!\n"; +} + +unlink($outputfile); + +#SET SECURITY PREFS AGAIN +$proc->setSecurityPrefs( XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY); + +# TRASNFORM & PRINT +print $proc->transformToXML( $dom ); + +if (file_exists($outputfile)) { + print "$outputfile exists, but shouldn't!\n"; +} else { + print "OK, no file created\n"; +} + + +--EXPECTF-- +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s + +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d +OK, no file created +OK, file exists + +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s + +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d +OK, no file created +--CREDITS-- +Christian Stocker, chregu@php.net + |