Annotation of embedaddon/php/ext/libxml/tests/bug61367-write.phpt, revision 1.1.1.1
1.1 misho 1: --TEST--
2: Bug #61367: open_basedir bypass in libxml RSHUTDOWN: write test
3: --SKIPIF--
4: <?php if(!extension_loaded('dom')) echo 'skip'; ?>
5: --INI--
6: open_basedir=.
7: ; Suppress spurious "Trying to get property of non-object" notices
8: error_reporting=E_ALL & ~E_NOTICE
9: --FILE--
10: <?php
11:
12: class StreamExploiter {
13: public function stream_close ( ) {
14: $doc = new DOMDocument;
15: $doc->appendChild($doc->createTextNode('hello'));
16: var_dump($doc->save(dirname(getcwd()) . '/bad'));
17: }
18:
19: public function stream_open ( $path , $mode , $options , &$opened_path ) {
20: return true;
21: }
22: }
23:
24: var_dump(mkdir('test_bug_61367'));
25: var_dump(mkdir('test_bug_61367/base'));
26: var_dump(file_put_contents('test_bug_61367/bad', 'blah'));
27: var_dump(chdir('test_bug_61367/base'));
28:
29: stream_wrapper_register( 'exploit', 'StreamExploiter' );
30: $s = fopen( 'exploit://', 'r' );
31:
32: ?>
33: --CLEAN--
34: <?php
35: @unlink('test_bug_61367/bad');
36: rmdir('test_bug_61367/base');
37: rmdir('test_bug_61367');
38: ?>
39: --EXPECTF--
40: bool(true)
41: bool(true)
42: int(4)
43: bool(true)
44:
45: Warning: DOMDocument::save(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (.) in %s on line %d
46:
47: Warning: DOMDocument::save(%s): failed to open stream: Operation not permitted in %s on line %d
48: bool(false)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>