Skip to content
This repository
Browse code

Fixing security vulnerabilities in the test suite runner.

  • Loading branch information...
commit a62e7bdda9fc98c4e9e8b64232c5bd8dd8af9722 1 parent f70f7de
Mark Story authored April 22, 2010

Showing 1 changed file with 11 additions and 5 deletions. Show diff stats Hide diff stats

  1. 16  cake/tests/lib/test_manager.php
16  cake/tests/lib/test_manager.php
@@ -50,7 +50,7 @@ function TestManager() {
50 50
 			$this->appTest = true;
51 51
 		}
52 52
 		if (isset($_GET['plugin'])) {
53  
-			$this->pluginTest = $_GET['plugin'];
  53
+			$this->pluginTest = htmlentities($_GET['plugin']);
54 54
 		}
55 55
 	}
56 56
 /**
@@ -110,8 +110,11 @@ function runTestCase($testCaseFile, &$reporter, $testing = false) {
110 110
 
111 111
 		$testCaseFileWithPath = $manager->_getTestsPath() . DS . $testCaseFile;
112 112
 
113  
-		if (!file_exists($testCaseFileWithPath)) {
114  
-			trigger_error("Test case {$testCaseFile} cannot be found", E_USER_ERROR);
  113
+		if (!file_exists($testCaseFileWithPath) || strpos($testCaseFileWithPath, '..')) {
  114
+			trigger_error(
  115
+				sprintf("Test case %s cannot be found", htmlentities($testCaseFile)),
  116
+				E_USER_ERROR
  117
+			);
115 118
 			return false;
116 119
 		}
117 120
 
@@ -135,8 +138,11 @@ function runGroupTest($groupTestName, &$reporter) {
135 138
 		$manager =& new TestManager();
136 139
 		$filePath = $manager->_getTestsPath('groups') . DS . strtolower($groupTestName) . $manager->_groupExtension;
137 140
 
138  
-		if (!file_exists($filePath)) {
139  
-			trigger_error("Group test {$groupTestName} cannot be found at {$filePath}", E_USER_ERROR);
  141
+		if (!file_exists($filePath) || strpos($testCaseFileWithPath, '..')) {
  142
+			trigger_error(
  143
+				sprintf("Group test %s cannot be found at %s", htmlentities($groupTestName), htmlentities($filePath)),
  144
+				E_USER_ERROR
  145
+			);
140 146
 		}
141 147
 
142 148
 		require_once $filePath;

0 notes on commit a62e7bd

Please sign in to comment.
Something went wrong with that request. Please try again.