Skip to content

Commit

Permalink
Merge branch 'fix-check-filename' into fix-check-filename-4.2
Browse files Browse the repository at this point in the history
  • Loading branch information
nanasess committed Sep 8, 2022
2 parents 01ff147 + b60d27d commit b0d5c5b
Show file tree
Hide file tree
Showing 6 changed files with 266 additions and 1 deletion.
3 changes: 3 additions & 0 deletions src/Eccube/Controller/Admin/Content/FileController.php
Original file line number Diff line number Diff line change
Expand Up @@ -488,6 +488,9 @@ protected function normalizePath($path)
*/
protected function checkDir($targetDir, $topDir)
{
if (strpos($targetDir, '..') !== false) {
return false;
}
$targetDir = realpath($targetDir);
$topDir = realpath($topDir);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ public function edit(Request $request, Payment $Payment = null)
// ファイルアップロード
$file = $form['payment_image']->getData();
$fs = new Filesystem();
if ($file && $fs->exists($this->getParameter('eccube_temp_image_dir').'/'.$file)) {
if ($file && strpos($file, '..') === false && $fs->exists($this->getParameter('eccube_temp_image_dir').'/'.$file)) {
$fs->rename(
$this->getParameter('eccube_temp_image_dir').'/'.$file,
$this->getParameter('eccube_save_image_dir').'/'.$file
Expand Down
4 changes: 4 additions & 0 deletions src/Eccube/Form/Type/Admin/ProductType.php
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,10 @@ public function buildForm(FormBuilderInterface $builder, array $options)
private function validateFilePath($form, $dirs)
{
foreach ($form->getData() as $fileName) {
if (strpos($fileName, '..') !== false) {
$form->getRoot()['product_image']->addError(new FormError(trans('admin.product.image__invalid_path')));
break;
}
$fileInDir = array_filter($dirs, function ($dir) use ($fileName) {
$filePath = realpath($dir.'/'.$fileName);
$topDirPath = realpath($dir);
Expand Down
14 changes: 14 additions & 0 deletions tests/Eccube/Tests/Web/Admin/Content/FileControllerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,20 @@ public function testView()
$this->verify();
}

public function testViewWithFailure()
{
$filepath = $this->getUserDataDir().'/aaa.html';
$contents = '<html><body><h1>test</h1></body></html>';
file_put_contents($filepath, $contents);

$crawler = $this->client->request(
'GET',
$this->generateUrl('admin_content_file_view').'?file=/../user_data/aaa.html'
);
$this->assertFalse($this->client->getResponse()->isSuccessful());
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
}

public function testDownload()
{
$filepath = $this->getUserDataDir().'/aaa.html';
Expand Down
69 changes: 69 additions & 0 deletions tests/Eccube/Tests/Web/Admin/Product/ProductControllerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -954,6 +954,75 @@ public function testLoadProductClass()
$this->assertSame(Response::HTTP_OK, $this->client->getResponse()->getStatusCode());
}

/**
* アップロード画像が save_image にコピーされているか確認する.
*/
public function testEditWithImage()
{
$path = __DIR__.'/../../../../../../html/upload';

$fs = new Filesystem();
// アップロード画像が存在する場合は削除しておく
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');

$fs->copy(
$path.'/save_image/sand-1.png',
$path.'/temp_image/new_image.png'
);

$Product = $this->createProduct(null, 0);
$formData = $this->createFormData();
$formData['add_images'][] = 'new_image.png';

$this->client->request(
'POST',
$this->generateUrl('admin_product_product_edit', ['id' => $Product->getId()]),
['admin_product' => $formData]
);

$rUrl = $this->generateUrl('admin_product_product_edit', ['id' => $Product->getId()]);
$this->assertTrue($this->client->getResponse()->isRedirect($rUrl));

$this->assertFileExists($path.'/save_image/new_image.png', 'temp_image の画像が save_imageにコピーされている');
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');
}

/**
* アップロード画像に相対パスが指定された場合は save_image にコピーされない.
*/
public function testEditWithImageFailure()
{
$path = __DIR__.'/../../../../../../html/upload';

$fs = new Filesystem();
// アップロード画像が存在する場合は削除しておく
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');

$fs->copy(
$path.'/save_image/sand-1.png',
$path.'/temp_image/new_image.png'
);

$Product = $this->createProduct(null, 0);
$formData = $this->createFormData();
$formData['add_images'][] = '../temp_image/new_image.png';

$crawler = $this->client->request(
'POST',
$this->generateUrl('admin_product_product_edit', ['id' => $Product->getId()]),
['admin_product' => $formData]
);

$this->assertStringContainsString('画像のパスが不正です。', $crawler->html());

$this->assertFileNotExists($path.'/save_image/new_image.png', 'temp_image の画像が save_imageにコピーされない');
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');
}

/**
* 個別税率編集時のテストデータ
* 更新前の税率 / POST値 / 期待値の配列を返す
Expand Down
175 changes: 175 additions & 0 deletions tests/Eccube/Tests/Web/Admin/Setting/Shop/PaymentControllerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,181 @@ public function testDeleteFailNotFound()
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
}

public function testAddImage()
{
$formData = $this->createFormData();

copy(
__DIR__.'/../../../../../../../html/upload/save_image/sand-1.png',
$this->imageDir.'/sand-1.png'
);
$image = new UploadedFile(
$this->imageDir.'/sand-1.png',
'sand-1.png',
'image/png',
null, null, true
);
$this->client->request('POST',
$this->generateUrl('admin_payment_image_add'),
[
'payment_register' => $formData,
],
[
'payment_register' => ['payment_image_file' => $image],
],
[
'HTTP_X-Requested-With' => 'XMLHttpRequest',
]
);
$this->assertTrue($this->client->getResponse()->isSuccessful());
}

public function testAddImageWithUppercaseSuffix()
{
$formData = $this->createFormData();
copy(
__DIR__.'/../../../../../../../html/upload/save_image/sand-1.png',
$this->imageDir.'/sand-1.PNG'
);
$image = new UploadedFile(
$this->imageDir.'/sand-1.PNG',
'sand-1.PNG',
'image/png',
null, null, true
);

$this->client->request('POST',
$this->generateUrl('admin_payment_image_add'),
[
'payment_register' => $formData,
],
[
'payment_register' => ['payment_image_file' => $image],
],
[
'HTTP_X-Requested-With' => 'XMLHttpRequest',
]
);
$this->assertTrue($this->client->getResponse()->isSuccessful());
}

public function testAddImageNotAjax()
{
$formData = $this->createFormData();

$this->client->request('POST',
$this->generateUrl('admin_payment_image_add'),
[
'payment_register' => $formData,
],
[]
);
$this->assertSame(400, $this->client->getResponse()->getStatusCode());
}

public function testAddImageMineNotSupported()
{
$formData = $this->createFormData();
copy(
__DIR__.'/../../../../../../Fixtures/categories.csv',
$this->imageDir.'/categories.png'
);
$image = new UploadedFile(
$this->imageDir.'/categories.png',
'categories.png',
'image/png',
null, null, true
);

$crawler = $this->client->request('POST',
$this->generateUrl('admin_payment_image_add'),
[
'payment_register' => $formData,
],
[
'payment_register' => ['payment_image_file' => $image],
],
[
'HTTP_X-Requested-With' => 'XMLHttpRequest',
]
);
$this->assertFalse($this->client->getResponse()->isSuccessful());
}

/**
* アップロード画像が save_image にコピーされているか確認する.
*/
public function testEditWithImage()
{
$path = __DIR__.'/../../../../../../../html/upload';

$fs = new Filesystem();
// アップロード画像が存在する場合は削除しておく
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');

$fs->copy(
$path.'/save_image/sand-1.png',
$path.'/temp_image/new_image.png'
);

$formData = $this->createFormData();
$formData['payment_image'] = 'new_image.png';
$Payment = $this->paymentRepository->find(1);

$crawler = $this->client->request('POST',
$this->generateUrl('admin_setting_shop_payment_edit', ['id' => $Payment->getId()]),
[
'payment_register' => $formData,
]
);

$this->expected = true;
$this->actual = $this->client->getResponse()->isRedirection();
$this->verify();

$this->assertFileExists($path.'/save_image/new_image.png', 'temp_image の画像が save_imageにコピーされている');
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');
}

/**
* アップロード画像に相対パスが指定された場合は save_image にコピーされない.
*/
public function testEditWithImageFailure()
{
$path = __DIR__.'/../../../../../../../html/upload';

$fs = new Filesystem();
// アップロード画像が存在する場合は削除しておく
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');

$fs->copy(
$path.'/save_image/sand-1.png',
$path.'/temp_image/new_image.png'
);

$formData = $this->createFormData();
$formData['payment_image'] = '../temp_image/new_image.png';
$Payment = $this->paymentRepository->find(1);

$crawler = $this->client->request('POST',
$this->generateUrl('admin_setting_shop_payment_edit', ['id' => $Payment->getId()]),
[
'payment_register' => $formData,
]
);

$this->expected = true;
$this->actual = $this->client->getResponse()->isRedirection();
$this->verify();

$this->assertFileNotExists($path.'/save_image/new_image.png', 'temp_image の画像が save_imageにコピーされない');
$fs->remove($path.'/temp_image/new_image.png');
$fs->remove($path.'/save_image/new_image.png');
}

public function testMoveSortNo()
{
/** @var Payment[] $Payments */
Expand Down

0 comments on commit b0d5c5b

Please sign in to comment.