From a08c09ab17e5b3e76eeee753917662a3e3691830 Mon Sep 17 00:00:00 2001 From: Mark Story Date: Thu, 22 Apr 2010 23:17:11 -0400 Subject: [PATCH] Fixing security vulnerabilities in the test suite runner. --- cake/tests/lib/test_manager.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/cake/tests/lib/test_manager.php b/cake/tests/lib/test_manager.php index dce37e144c6..df6357d3299 100644 --- a/cake/tests/lib/test_manager.php +++ b/cake/tests/lib/test_manager.php @@ -69,7 +69,7 @@ public function __construct() { $this->appTest = true; } if (isset($_GET['plugin'])) { - $this->pluginTest = $_GET['plugin']; + $this->pluginTest = htmlentities($_GET['plugin']); } } @@ -127,8 +127,11 @@ public function runAllTests(&$reporter, $testing = false) { public function runTestCase($testCaseFile, &$reporter, $testing = false) { $testCaseFileWithPath = $this->_getTestsPath() . DS . $testCaseFile; - if (!file_exists($testCaseFileWithPath)) { - trigger_error(sprintf(__('Test case %s cannot be found', true), $testCaseFile), E_USER_ERROR); + if (!file_exists($testCaseFileWithPath) || strpos($testCaseFileWithPath, '..')) { + trigger_error( + sprintf(__("Test case %s cannot be found", true), htmlentities($testCaseFile)), + E_USER_ERROR + ); return false; } @@ -151,8 +154,14 @@ public function runTestCase($testCaseFile, &$reporter, $testing = false) { public function runGroupTest($groupTestName, &$reporter) { $filePath = $this->_getTestsPath('groups') . DS . strtolower($groupTestName) . $this->_groupExtension; - if (!file_exists($filePath)) { - trigger_error(sprintf(__('Group test %s cannot be found at %s', true), $groupTestName, $filePath), E_USER_ERROR); + if (!file_exists($filePath) || strpos($testCaseFileWithPath, '..')) { + trigger_error(sprintf( + __("Group test %s cannot be found at %s", true), + htmlentities($groupTestName), + htmlentities($filePath) + ), + E_USER_ERROR + ); } require_once $filePath;