Skip to content

Commit 1926d40

Browse files
markstorymarkstory
committed
Fix possibility for spoofed files to pass validation.
Use `is_uploaded_file` to prevent crafty requests that contain bogus files from getting through. A testing stub class was necessary to avoid making significant changes to the test suite.
1 parent 24df4dd commit 1926d40

File tree

2 files changed

+42
-13
lines changed

2 files changed

+42
-13
lines changed

lib/Cake/Test/Case/Utility/ValidationTest.php

Lines changed: 31 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,25 @@ public static function phone($check) {
8888

8989
}
9090

91+
/**
92+
* ValidationStub
93+
*
94+
* @package Cake.Test.Case.Utility
95+
*/
96+
class ValidationStub extends Validation {
97+
98+
/**
99+
* Stub out is_uploaded_file check
100+
*
101+
* @param string $path
102+
* @return void
103+
*/
104+
protected static function _isUploadedFile($path) {
105+
return file_exists($path);
106+
}
107+
108+
}
109+
91110
/**
92111
* Test Case for Validation Class
93112
*
@@ -2405,21 +2424,21 @@ public function testFileSize() {
24052424
* @return void
24062425
*/
24072426
public function testUploadedFileErrorCode() {
2408-
$this->assertFalse(Validation::uploadedFile('derp'));
2427+
$this->assertFalse(ValidationStub::uploadedFile('derp'));
24092428
$invalid = array(
24102429
'name' => 'testing'
24112430
);
2412-
$this->assertFalse(Validation::uploadedFile($invalid));
2431+
$this->assertFalse(ValidationStub::uploadedFile($invalid));
24132432
$file = array(
24142433
'name' => 'cake.power.gif',
24152434
'tmp_name' => CORE_PATH . 'Cake' . DS . 'Test' . DS . 'test_app' . DS . 'webroot/img/cake.power.gif',
24162435
'error' => UPLOAD_ERR_OK,
24172436
'type' => 'image/gif',
24182437
'size' => 201
24192438
);
2420-
$this->assertTrue(Validation::uploadedFile($file));
2439+
$this->assertTrue(ValidationStub::uploadedFile($file));
24212440
$file['error'] = UPLOAD_ERR_NO_FILE;
2422-
$this->assertFalse(Validation::uploadedFile($file), 'Error upload should fail.');
2441+
$this->assertFalse(ValidationStub::uploadedFile($file), 'Error upload should fail.');
24232442
}
24242443

24252444
/**
@@ -2438,11 +2457,11 @@ public function testUploadedFileMimeType() {
24382457
$options = array(
24392458
'types' => array('text/plain')
24402459
);
2441-
$this->assertFalse(Validation::uploadedFile($file, $options), 'Incorrect mimetype.');
2460+
$this->assertFalse(ValidationStub::uploadedFile($file, $options), 'Incorrect mimetype.');
24422461
$options = array(
24432462
'types' => array('image/gif', 'image/png')
24442463
);
2445-
$this->assertTrue(Validation::uploadedFile($file, $options));
2464+
$this->assertTrue(ValidationStub::uploadedFile($file, $options));
24462465
}
24472466

24482467
/**
@@ -2461,24 +2480,24 @@ public function testUploadedFileSize() {
24612480
$options = array(
24622481
'minSize' => 500
24632482
);
2464-
$this->assertFalse(Validation::uploadedFile($file, $options), 'Too small');
2483+
$this->assertFalse(ValidationStub::uploadedFile($file, $options), 'Too small');
24652484
$options = array(
24662485
'maxSize' => 100
24672486
);
2468-
$this->assertFalse(Validation::uploadedFile($file, $options), 'Too big');
2487+
$this->assertFalse(ValidationStub::uploadedFile($file, $options), 'Too big');
24692488
$options = array(
24702489
'minSize' => 100,
24712490
);
2472-
$this->assertTrue(Validation::uploadedFile($file, $options));
2491+
$this->assertTrue(ValidationStub::uploadedFile($file, $options));
24732492
$options = array(
24742493
'maxSize' => 500,
24752494
);
2476-
$this->assertTrue(Validation::uploadedFile($file, $options));
2495+
$this->assertTrue(ValidationStub::uploadedFile($file, $options));
24772496
$options = array(
24782497
'minSize' => 100,
24792498
'maxSize' => 500
24802499
);
2481-
$this->assertTrue(Validation::uploadedFile($file, $options));
2500+
$this->assertTrue(ValidationStub::uploadedFile($file, $options));
24822501
}
24832502

24842503
/**
@@ -2519,6 +2538,6 @@ public function testUploadedFileWithDifferentFileParametersOrder() {
25192538
'size' => 201
25202539
);
25212540
$options = array();
2522-
$this->assertTrue(Validation::uploadedFile($file, $options), 'Wrong order');
2541+
$this->assertTrue(ValidationStub::uploadedFile($file, $options), 'Wrong order');
25232542
}
25242543
}

lib/Cake/Utility/Validation.php

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1036,7 +1036,17 @@ public static function uploadedFile($file, $options = array()) {
10361036
if (isset($options['types']) && !static::mimeType($file, $options['types'])) {
10371037
return false;
10381038
}
1039-
return true;
1039+
return static::_isUploadedFile($file['tmp_name']);
1040+
}
1041+
1042+
/**
1043+
* Helper method that can be stubbed in testing.
1044+
*
1045+
* @param string $path The path to check.
1046+
* @return bool Whether or not the file is an uploaded file.
1047+
*/
1048+
protected static function _isUploadedFile($path) {
1049+
return is_uploaded_file($path);
10401050
}
10411051

10421052
/**

0 commit comments

Comments
 (0)