Return to bug61367-read.phpt CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / libxml / tests

Annotation of embedaddon/php/ext/libxml/tests/bug61367-read.phpt, revision 1.1.1.1

1.1       misho       1: --TEST--
                      2: Bug #61367: open_basedir bypass in libxml RSHUTDOWN: read test
                      3: --SKIPIF--
                      4: <?php if(!extension_loaded('dom')) echo 'skip'; ?>
                      5: --INI--
                      6: open_basedir=.
                      7: ; Suppress spurious "Trying to get property of non-object" notices
                      8: error_reporting=E_ALL & ~E_NOTICE
                      9: --FILE--
                     10: <?php
                     11: 
                     12: class StreamExploiter {
                     13:        public function stream_close (  ) {
                     14:                $doc = new DOMDocument;
                     15:                $doc->resolveExternals = true;
                     16:                $doc->substituteEntities = true;
                     17:                $dir = htmlspecialchars(dirname(getcwd()));
                     18:                $doc->loadXML( <<<XML
                     19: <!DOCTYPE doc [
                     20:        <!ENTITY file SYSTEM "file:///$dir/bad">
                     21: ]>
                     22: <doc>&file;</doc>
                     23: XML
                     24:                );
                     25:                print $doc->documentElement->firstChild->nodeValue;
                     26:        }
                     27: 
                     28:        public function stream_open (  $path ,  $mode ,  $options ,  &$opened_path ) {
                     29:                return true;
                     30:        }
                     31: }
                     32: 
                     33: var_dump(mkdir('test_bug_61367'));
                     34: var_dump(mkdir('test_bug_61367/base'));
                     35: var_dump(file_put_contents('test_bug_61367/bad', 'blah'));
                     36: var_dump(chdir('test_bug_61367/base'));
                     37: 
                     38: stream_wrapper_register( 'exploit', 'StreamExploiter' );
                     39: $s = fopen( 'exploit://', 'r' );
                     40: 
                     41: ?>
                     42: --CLEAN--
                     43: <?php
                     44: unlink('test_bug_61367/bad');
                     45: rmdir('test_bug_61367/base');
                     46: rmdir('test_bug_61367');
                     47: ?>
                     48: --EXPECTF--
                     49: bool(true)
                     50: bool(true)
                     51: int(4)
                     52: bool(true)
                     53: 
                     54: Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file:///%s/test_bug_61367/bad" in %s on line %d
                     55: 
                     56: Warning: DOMDocument::loadXML(): Failure to process entity file in Entity, line: 4 in %s on line %d
                     57: 
                     58: Warning: DOMDocument::loadXML(): Entity 'file' not defined in Entity, line: 4 in %s on line %d