Skip to content
Permalink
Browse files

Fix doc block and use a more generic error message.

  • Loading branch information...
markstory committed Jul 16, 2014
1 parent fcec8ef commit ce126ed55a368de61d1509e0a824dd2a6f4b25fd
Showing with 5 additions and 3 deletions.
  1. +3 −1 src/View/View.php
  2. +2 −2 tests/TestCase/View/ViewTest.php
@@ -872,14 +872,16 @@ protected function _getViewFileName($name = null) {
* @param string $file The path to the template file.
* @param string $path Base path that $file should be inside of.
* @return string The file path
* @throws \Cake\Error\Exception
*/
protected function _checkFilePath($file, $path) {
if (strpos($file, '..') === false) {
return $file;
}
$absolute = realpath($file);
if (strpos($absolute, $path) !== 0) {
throw new Error\MissingViewException(array('file' => $file));
$msg = sprintf('Cannot use "%s" as a template, it is not within any view template path.', $file);
throw new Exception($msg);
}
return $absolute;
}
@@ -517,7 +517,7 @@ public function testGetViewFileNames() {
/**
* Test that getViewFileName() protects against malicious directory traversal.
*
* @expectedException Cake\View\Error\MissingViewException
* @expectedException Cake\Error\Exception
* @return void
*/
public function testGetViewFileNameDirectoryTraversal() {
@@ -616,7 +616,7 @@ public function testGetLayoutFileNamePrefix() {
/**
* Test that getLayoutFileName() protects against malicious directory traversal.
*
* @expectedException Cake\View\Error\MissingViewException
* @expectedException Cake\Error\Exception
* @return void
*/
public function testGetLayoutFileNameDirectoryTraversal() {

0 comments on commit ce126ed

Please sign in to comment.
You can’t perform that action at this time.