Skip to content
Permalink
Browse files

Fix plugin view names being able to escape the plugin root directory.

Remove the ability to specify completely arbitrary view files. This is
possibly a breaking change. However, I feel the risks out weigh the
benefits in this situation. Now absolute paths must be located *within*
a configured view path.
  • Loading branch information...
markstory committed Nov 2, 2015
1 parent 3e0b6cc commit d8ace101bf67e74e8e65ff4a84ec2c3ec9981d2d
Showing with 20 additions and 3 deletions.
  1. +20 −0 lib/Cake/Test/Case/View/ViewTest.php
  2. +0 −3 lib/Cake/View/View.php
@@ -395,6 +395,26 @@ public function testGetTemplate() {
$this->assertEquals($expected, $result);
}
/**
* Test that plugin files with absolute file paths are scoped
* to the plugin and do now allow any file path.
*
* @expectedException MissingViewException
* @return void
*/
public function testPluginGetTemplateAbsoluteFail() {
$this->Controller->viewPath = 'Pages';
$this->Controller->action = 'display';
$this->Controller->params['pass'] = array('home');
$view = new TestThemeView($this->Controller);
$expected = CAKE . 'Test' . DS . 'test_app' . DS . 'Plugin' . DS . 'Company' . DS . 'TestPluginThree' . DS . 'View' . DS . 'Pages' . DS . 'index.ctp';
$result = $view->getViewFileName('Company/TestPluginThree./Pages/index');
$this->assertPathEquals($expected, $result);
$view->getViewFileName('Company/TestPluginThree./etc/passwd');
}
/**
* Test getLayoutFileName method on plugin
*
@@ -1002,9 +1002,6 @@ protected function _getViewFileName($name = null) {
$name = $this->viewPath . DS . $subDir . Inflector::underscore($name);
} elseif (strpos($name, DS) !== false) {
if ($name[0] === DS || $name[1] === ':') {
if (is_file($name)) {
return $name;
}
$name = trim($name, DS);
} elseif ($name[0] === '.') {
$name = substr($name, 3);

0 comments on commit d8ace10

Please sign in to comment.
You can’t perform that action at this time.