Adding more checks into PhpReader that currently exist in Configure.

This commit is contained in:
mark_story 2010-12-04 00:58:02 -05:00
parent 9b55487d4e
commit 6618178e1b
2 changed files with 16 additions and 0 deletions

View file

@ -51,8 +51,13 @@ class PhpReader implements ConfigReaderInterface {
* @param string $key The identifier to read from. If the key has a . it will be treated
* as a plugin prefix.
* @return array Parsed configuration values.
* @throws RuntimeException when files don't exist or they don't contain `$config`.
* InvalidArgumentException when files contain '..' as this could lead to abusive reads.
*/
public function read($key) {
if (strpos($key, '..') !== false) {
throw new InvalidArgumentException(__('Cannot load configuration files with ../ in them.'));
}
list($plugin, $key) = pluginSplit($key);
if ($plugin) {

View file

@ -63,6 +63,17 @@ class PhpReaderTest extends CakeTestCase {
$reader->read('empty');
}
/**
* test reading keys with ../ doesn't work
*
* @expectedException InvalidArgumentException
* @return void
*/
function testReadWithDots() {
$reader = new PhpReader($this->path);
$reader->read('../empty');
}
/**
* test reading from plugins
*