Annotation of embedaddon/php/ext/libxml/tests/bug61367-write.phpt, revision 1.1.1.2
1.1 misho 1: --TEST--
2: Bug #61367: open_basedir bypass in libxml RSHUTDOWN: write test
3: --SKIPIF--
4: <?php if(!extension_loaded('dom')) echo 'skip'; ?>
5: --INI--
6: open_basedir=.
7: --FILE--
8: <?php
9:
10: class StreamExploiter {
11: public function stream_close ( ) {
12: $doc = new DOMDocument;
13: $doc->appendChild($doc->createTextNode('hello'));
14: var_dump($doc->save(dirname(getcwd()) . '/bad'));
15: }
16:
17: public function stream_open ( $path , $mode , $options , &$opened_path ) {
18: return true;
19: }
20: }
21:
22: var_dump(mkdir('test_bug_61367'));
23: var_dump(mkdir('test_bug_61367/base'));
24: var_dump(file_put_contents('test_bug_61367/bad', 'blah'));
25: var_dump(chdir('test_bug_61367/base'));
26:
27: stream_wrapper_register( 'exploit', 'StreamExploiter' );
28: $s = fopen( 'exploit://', 'r' );
29:
30: ?>
31: --CLEAN--
32: <?php
33: @unlink('test_bug_61367/bad');
34: rmdir('test_bug_61367/base');
35: rmdir('test_bug_61367');
36: ?>
37: --EXPECTF--
38: bool(true)
39: bool(true)
40: int(4)
41: bool(true)
42:
43: Warning: DOMDocument::save(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (.) in %s on line %d
44:
45: Warning: DOMDocument::save(%s): failed to open stream: Operation not permitted in %s on line %d
46: bool(false)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>