adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding more checks into PhpReader that currently exist in Configure.

Browse source
This commit is contained in:
mark_story 2010-12-04 00:58:02 -05:00
parent 9b55487d4e
commit 6618178e1b
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cake/libs/config/php_reader.php
View file

@ -51,8 +51,13 @@ class PhpReader implements ConfigReaderInterface {
* @param string $key The identifier to read from. If the key has a . it will be treated * @param string $key The identifier to read from. If the key has a . it will be treated
* as a plugin prefix. * as a plugin prefix.
* @return array Parsed configuration values. * @return array Parsed configuration values.
* @throws RuntimeException when files don't exist or they don't contain `$config`.
* InvalidArgumentException when files contain '..' as this could lead to abusive reads.
*/ */
public function read($key) { public function read($key) {
if (strpos($key, '..') !== false) {
throw new InvalidArgumentException(__('Cannot load configuration files with ../ in them.'));
}
list($plugin, $key) = pluginSplit($key); list($plugin, $key) = pluginSplit($key);
if ($plugin) { if ($plugin) {

11
cake/tests/cases/libs/config/php_reader.test.php
View file

@ -63,6 +63,17 @@ class PhpReaderTest extends CakeTestCase {
$reader->read('empty'); $reader->read('empty');
} }
/**
* test reading keys with ../ doesn't work
*
* @expectedException InvalidArgumentException
* @return void
*/
function testReadWithDots() {
$reader = new PhpReader($this->path);
$reader->read('../empty');
}
/** /**
* test reading from plugins * test reading from plugins
* *