Annotation of embedaddon/php/ext/libxml/tests/bug61367-read.phpt, revision 1.1
1.1 ! misho 1: --TEST--
! 2: Bug #61367: open_basedir bypass in libxml RSHUTDOWN: read test
! 3: --SKIPIF--
! 4: <?php if(!extension_loaded('dom')) echo 'skip'; ?>
! 5: --INI--
! 6: open_basedir=.
! 7: ; Suppress spurious "Trying to get property of non-object" notices
! 8: error_reporting=E_ALL & ~E_NOTICE
! 9: --FILE--
! 10: <?php
! 11:
! 12: class StreamExploiter {
! 13: public function stream_close ( ) {
! 14: $doc = new DOMDocument;
! 15: $doc->resolveExternals = true;
! 16: $doc->substituteEntities = true;
! 17: $dir = htmlspecialchars(dirname(getcwd()));
! 18: $doc->loadXML( <<<XML
! 19: <!DOCTYPE doc [
! 20: <!ENTITY file SYSTEM "file:///$dir/bad">
! 21: ]>
! 22: <doc>&file;</doc>
! 23: XML
! 24: );
! 25: print $doc->documentElement->firstChild->nodeValue;
! 26: }
! 27:
! 28: public function stream_open ( $path , $mode , $options , &$opened_path ) {
! 29: return true;
! 30: }
! 31: }
! 32:
! 33: var_dump(mkdir('test_bug_61367'));
! 34: var_dump(mkdir('test_bug_61367/base'));
! 35: var_dump(file_put_contents('test_bug_61367/bad', 'blah'));
! 36: var_dump(chdir('test_bug_61367/base'));
! 37:
! 38: stream_wrapper_register( 'exploit', 'StreamExploiter' );
! 39: $s = fopen( 'exploit://', 'r' );
! 40:
! 41: ?>
! 42: --CLEAN--
! 43: <?php
! 44: unlink('test_bug_61367/bad');
! 45: rmdir('test_bug_61367/base');
! 46: rmdir('test_bug_61367');
! 47: ?>
! 48: --EXPECTF--
! 49: bool(true)
! 50: bool(true)
! 51: int(4)
! 52: bool(true)
! 53:
! 54: Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file:///%s/test_bug_61367/bad" in %s on line %d
! 55:
! 56: Warning: DOMDocument::loadXML(): Failure to process entity file in Entity, line: 4 in %s on line %d
! 57:
! 58: Warning: DOMDocument::loadXML(): Entity 'file' not defined in Entity, line: 4 in %s on line %d
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>