Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixing security vulnerabilities in the test suite runner.

  • Loading branch information...
commit 813a3af19c8918b00ca1067a2c78886fa3bcd9bb 1 parent 215333e
@markstory markstory authored
Showing with 14 additions and 5 deletions.
  1. +14 −5 cake/tests/lib/test_manager.php
View
19 cake/tests/lib/test_manager.php
@@ -70,7 +70,7 @@ function TestManager() {
$this->appTest = true;
}
if (isset($_GET['plugin'])) {
- $this->pluginTest = $_GET['plugin'];
+ $this->pluginTest = htmlentities($_GET['plugin']);
}
}
@@ -131,8 +131,11 @@ function runAllTests(&$reporter, $testing = false) {
function runTestCase($testCaseFile, &$reporter, $testing = false) {
$testCaseFileWithPath = $this->_getTestsPath() . DS . $testCaseFile;
- if (!file_exists($testCaseFileWithPath)) {
- trigger_error(sprintf(__('Test case %s cannot be found', true), $testCaseFile), E_USER_ERROR);
+ if (!file_exists($testCaseFileWithPath) || strpos($testCaseFileWithPath, '..')) {
+ trigger_error(
+ sprintf(__("Test case %s cannot be found", true), htmlentities($testCaseFile)),
+ E_USER_ERROR
+ );
return false;
}
@@ -156,8 +159,14 @@ function runTestCase($testCaseFile, &$reporter, $testing = false) {
function runGroupTest($groupTestName, &$reporter) {
$filePath = $this->_getTestsPath('groups') . DS . strtolower($groupTestName) . $this->_groupExtension;
- if (!file_exists($filePath)) {
- trigger_error(sprintf(__('Group test %s cannot be found at %s', true), $groupTestName, $filePath), E_USER_ERROR);
+ if (!file_exists($filePath) || strpos($testCaseFileWithPath, '..')) {
+ trigger_error(sprintf(
+ __("Group test %s cannot be found at %s", true),
+ htmlentities($groupTestName),
+ htmlentities($filePath)
+ ),
+ E_USER_ERROR
+ );
}
require_once $filePath;
Please sign in to comment.
Something went wrong with that request. Please try again.