embedaddon/php/ext/libxml/tests/bug61367-read.phpt - annotate

Return to bug61367-read.phpt CVS log
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / libxml / tests
Annotation of embedaddon/php/ext/libxml/tests/bug61367-read.phpt, revision 1.1

1.1     ! misho       1: --TEST--
        !             2: Bug #61367: open_basedir bypass in libxml RSHUTDOWN: read test
        !             3: --SKIPIF--
        !             4: <?php if(!extension_loaded('dom')) echo 'skip'; ?>
        !             5: --INI--
        !             6: open_basedir=.
        !             7: ; Suppress spurious "Trying to get property of non-object" notices
        !             8: error_reporting=E_ALL & ~E_NOTICE
        !             9: --FILE--
        !            10: <?php
        !            11: 
        !            12: class StreamExploiter {
        !            13:        public function stream_close (  ) {
        !            14:                $doc = new DOMDocument;
        !            15:                $doc->resolveExternals = true;
        !            16:                $doc->substituteEntities = true;
        !            17:                $dir = htmlspecialchars(dirname(getcwd()));
        !            18:                $doc->loadXML( <<<XML
        !            19: <!DOCTYPE doc [
        !            20:        <!ENTITY file SYSTEM "file:///$dir/bad">
        !            21: ]>
        !            22: <doc>&file;</doc>
        !            23: XML
        !            24:                );
        !            25:                print $doc->documentElement->firstChild->nodeValue;
        !            26:        }
        !            27: 
        !            28:        public function stream_open (  $path ,  $mode ,  $options ,  &$opened_path ) {
        !            29:                return true;
        !            30:        }
        !            31: }
        !            32: 
        !            33: var_dump(mkdir('test_bug_61367'));
        !            34: var_dump(mkdir('test_bug_61367/base'));
        !            35: var_dump(file_put_contents('test_bug_61367/bad', 'blah'));
        !            36: var_dump(chdir('test_bug_61367/base'));
        !            37: 
        !            38: stream_wrapper_register( 'exploit', 'StreamExploiter' );
        !            39: $s = fopen( 'exploit://', 'r' );
        !            40: 
        !            41: ?>
        !            42: --CLEAN--
        !            43: <?php
        !            44: unlink('test_bug_61367/bad');
        !            45: rmdir('test_bug_61367/base');
        !            46: rmdir('test_bug_61367');
        !            47: ?>
        !            48: --EXPECTF--
        !            49: bool(true)
        !            50: bool(true)
        !            51: int(4)
        !            52: bool(true)
        !            53: 
        !            54: Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file:///%s/test_bug_61367/bad" in %s on line %d
        !            55: 
        !            56: Warning: DOMDocument::loadXML(): Failure to process entity file in Entity, line: 4 in %s on line %d
        !            57: 
        !            58: Warning: DOMDocument::loadXML(): Entity 'file' not defined in Entity, line: 4 in %s on line %d
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>