Re: [xwiki-devs] [xwiki-notifications] r28861 - in platform/core/branches/xwiki-core-2.2/xwiki-core/src: main/java/com/xpn/xwiki main/java/com/xpn/xwiki/web test/java/com/xpn/xwiki/web

Fri, 14 May 2010 00:37:01 -0700 

On May 13, 2010, at 10:45 PM, sdumitriu (SVN) wrote:

> Author: sdumitriu
> Date: 2010-05-13 22:45:42 +0200 (Thu, 13 May 2010)
> New Revision: 28861
> 
> Modified:
>   
> platform/core/branches/xwiki-core-2.2/xwiki-core/src/main/java/com/xpn/xwiki/XWiki.java
>   
> platform/core/branches/xwiki-core-2.2/xwiki-core/src/main/java/com/xpn/xwiki/web/SkinAction.java
>   
> platform/core/branches/xwiki-core-2.2/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
> Log:
> XWIKI-2580: Improve file access sandboxing
> Fixed.
> Patch from Alex Busenius applied with minor changes.
> Merged from tr...@r28858

[snip]
> 
> Modified: 
> platform/core/branches/xwiki-core-2.2/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
> ===================================================================
> --- 
> platform/core/branches/xwiki-core-2.2/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
>       2010-05-13 20:45:29 UTC (rev 28860)
> +++ 
> platform/core/branches/xwiki-core-2.2/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
>       2010-05-13 20:45:42 UTC (rev 28861)
> @@ -20,6 +20,8 @@
>  */
> package com.xpn.xwiki.web;
> 
> +import java.io.IOException;
> +
> import org.jmock.cglib.MockObjectTestCase;
> 
> /**
> @@ -66,4 +68,54 @@
>     {
>         assertFalse(this.action.isJavascriptMimeType(null));
>     }
> +
> +    public void testIncorrectSkinFile()
> +    {
> +        try {
> +            this.action.getSkinFilePath("../../resources/js/xwiki/xwiki.js", 
> "colibri");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getSkinFilePath("../../../", "colibri");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getSkinFilePath("resources/js/xwiki/xwiki.js", "..");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getSkinFilePath("../resources/js/xwiki/xwiki.js", 
> ".");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +    }
> +

This should be 4 separate tests.

-Vincent


> +    public void testIncorrectResourceFile()
> +    {
> +        try {
> +            this.action.getResourceFilePath("../../skins/js/xwiki/xwiki.js");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getResourceFilePath("../../../");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getResourceFilePath("../../redirect");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +    }
> }
> 
> _______________________________________________
> notifications mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/notifications

_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs

Reply via email to