adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-19 02:56:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing security vulnerabilities in the test suite runner.

Browse source
This commit is contained in:
Mark Story 2010-04-22 23:17:11 -04:00
parent 215333e56f
commit 813a3af19c
1 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
cake/tests/lib/test_manager.php
View file

@ -70,7 +70,7 @@ class TestManager {
$this->appTest = true;
}
if (isset($_GET['plugin'])) {
$this->pluginTest = $_GET['plugin'];
$this->pluginTest = htmlentities($_GET['plugin']);
}
}
@ -131,8 +131,11 @@ class TestManager {
function runTestCase($testCaseFile, &$reporter, $testing = false) {
$testCaseFileWithPath = $this->_getTestsPath() . DS . $testCaseFile;
if (!file_exists($testCaseFileWithPath)) {
trigger_error(sprintf(__('Test case %s cannot be found', true), $testCaseFile), E_USER_ERROR);
if (!file_exists($testCaseFileWithPath) || strpos($testCaseFileWithPath, '..')) {
trigger_error(
sprintf(__("Test case %s cannot be found", true), htmlentities($testCaseFile)),
E_USER_ERROR
);
return false;
}
@ -156,8 +159,14 @@ class TestManager {
function runGroupTest($groupTestName, &$reporter) {
$filePath = $this->_getTestsPath('groups') . DS . strtolower($groupTestName) . $this->_groupExtension;
if (!file_exists($filePath)) {
trigger_error(sprintf(__('Group test %s cannot be found at %s', true), $groupTestName, $filePath), E_USER_ERROR);
if (!file_exists($filePath) || strpos($testCaseFileWithPath, '..')) {
trigger_error(sprintf(
__("Group test %s cannot be found at %s", true),
htmlentities($groupTestName),
htmlentities($filePath)
),
E_USER_ERROR
);
}
require_once $filePath;