Annotation of embedaddon/php/ext/xsl/tests/bug54446_with_ini.phpt, revision 1.1.1.2
1.1 misho 1: --TEST--
2: Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
3: --SKIPIF--
4: <?php
5: if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
6: ?>
7: --FILE--
8: <?php
9: include("prepare.inc");
10:
11: $outputfile = dirname(__FILE__)."/bug54446test.txt";
12: if (file_exists($outputfile)) {
13: unlink($outputfile);
14: }
15:
16: $sXsl = <<<EOT
17: <xsl:stylesheet version="1.0"
18: xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
19: xmlns:sax="http://icl.com/saxon"
20: extension-element-prefixes="sax">
21:
22: <xsl:template match="/">
23: <sax:output href="$outputfile" method="text">
24: <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
25: </sax:output>
26: </xsl:template>
27:
28: </xsl:stylesheet>
29: EOT;
30:
31: $xsl->loadXML( $sXsl );
32:
33: # START XSLT
34: $proc->importStylesheet( $xsl );
35:
36: # TRASNFORM & PRINT
37: print $proc->transformToXML( $dom );
38:
39:
40: if (file_exists($outputfile)) {
41: print "$outputfile exists, but shouldn't!\n";
42: } else {
43: print "OK, no file created\n";
44: }
45:
46: #SET NO SECURITY PREFS
47: ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
48:
49: # TRASNFORM & PRINT
50: print $proc->transformToXML( $dom );
51:
52:
53: if (file_exists($outputfile)) {
54: print "OK, file exists\n";
55: } else {
56: print "$outputfile doesn't exist, but should!\n";
57: }
58:
59: unlink($outputfile);
60:
61: #SET SECURITY PREFS AGAIN
62: ini_set("xsl.security_prefs", XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
63:
64: # TRASNFORM & PRINT
65: print $proc->transformToXML( $dom );
66:
67: if (file_exists($outputfile)) {
68: print "$outputfile exists, but shouldn't!\n";
69: } else {
70: print "OK, no file created\n";
71: }
72:
1.1.1.2 ! misho 73: #SET NO SECURITY PREFS with ini, but set them with ->setSecurityPrefs
! 74: ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
! 75: $proc->setSecurityPrefs( XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
! 76:
! 77: print $proc->transformToXML( $dom );
! 78: if (file_exists($outputfile)) {
! 79: print "$outputfile exists, but shouldn't!\n";
! 80: } else {
! 81: print "OK, no file created\n";
! 82: }
! 83:
! 84: #don't throw a warning if both ini and through-the-method have the same value
! 85: $proc->setSecurityPrefs(XSL_SECPREF_NONE);
! 86:
! 87: print $proc->transformToXML( $dom );
! 88:
! 89: if (file_exists($outputfile)) {
! 90: print "OK, file exists\n";
! 91: } else {
! 92: print "$outputfile doesn't exist, but should!\n";
! 93: }
! 94: unlink($outputfile);
! 95:
! 96:
1.1 misho 97:
98: --EXPECTF--
99: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
100:
101: Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
102:
103: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
104:
105: Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
106: OK, no file created
1.1.1.2 ! misho 107:
! 108: Deprecated: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead in %s on line %d
1.1 misho 109: OK, file exists
110:
111: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
112:
113: Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
114:
115: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
116:
117: Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
118: OK, no file created
1.1.1.2 ! misho 119:
! 120: Deprecated: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead in %s on line %d
! 121:
! 122: Notice: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini was not used, since the XsltProcessor->setSecurityPrefs() method was used in %s on line %d
! 123:
! 124: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
! 125:
! 126: Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
! 127:
! 128: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
! 129:
! 130: Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
! 131: OK, no file created
! 132: OK, file exists
1.1 misho 133: --CREDITS--
134: Christian Stocker, chregu@php.net
135:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bug54446_with_ini.phpt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / xsl / tests