[BACK]Return to bug61367-read.phpt CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / libxml / tests

Annotation of embedaddon/php/ext/libxml/tests/bug61367-read.phpt, revision 1.1.1.2

1.1       misho       1: --TEST--
                      2: Bug #61367: open_basedir bypass in libxml RSHUTDOWN: read test
                      3: --SKIPIF--
                      4: <?php if(!extension_loaded('dom')) echo 'skip'; ?>
                      5: --INI--
                      6: open_basedir=.
                      7: error_reporting=E_ALL & ~E_NOTICE
                      8: --FILE--
                      9: <?php
1.1.1.2 ! misho      10: /*
        !            11:  * Note: Using error_reporting=E_ALL & ~E_NOTICE to suppress "Trying to get property of non-object" notices.
        !            12:  */
1.1       misho      13: class StreamExploiter {
                     14:        public function stream_close (  ) {
                     15:                $doc = new DOMDocument;
                     16:                $doc->resolveExternals = true;
                     17:                $doc->substituteEntities = true;
                     18:                $dir = htmlspecialchars(dirname(getcwd()));
1.1.1.2 ! misho      19:                $dir = str_replace('\\', '/', $dir); // fix for windows
1.1       misho      20:                $doc->loadXML( <<<XML
                     21: <!DOCTYPE doc [
                     22:        <!ENTITY file SYSTEM "file:///$dir/bad">
                     23: ]>
                     24: <doc>&file;</doc>
                     25: XML
                     26:                );
                     27:                print $doc->documentElement->firstChild->nodeValue;
                     28:        }
                     29: 
                     30:        public function stream_open (  $path ,  $mode ,  $options ,  &$opened_path ) {
                     31:                return true;
                     32:        }
                     33: }
                     34: 
                     35: var_dump(mkdir('test_bug_61367'));
                     36: var_dump(mkdir('test_bug_61367/base'));
                     37: var_dump(file_put_contents('test_bug_61367/bad', 'blah'));
                     38: var_dump(chdir('test_bug_61367/base'));
                     39: 
                     40: stream_wrapper_register( 'exploit', 'StreamExploiter' );
                     41: $s = fopen( 'exploit://', 'r' );
                     42: 
                     43: ?>
                     44: --CLEAN--
                     45: <?php
                     46: unlink('test_bug_61367/bad');
                     47: rmdir('test_bug_61367/base');
                     48: rmdir('test_bug_61367');
                     49: ?>
                     50: --EXPECTF--
                     51: bool(true)
                     52: bool(true)
                     53: int(4)
                     54: bool(true)
                     55: 
                     56: Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file:///%s/test_bug_61367/bad" in %s on line %d
                     57: 
                     58: Warning: DOMDocument::loadXML(): Failure to process entity file in Entity, line: 4 in %s on line %d
                     59: 
                     60: Warning: DOMDocument::loadXML(): Entity 'file' not defined in Entity, line: 4 in %s on line %d
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>