chregu Wed, 05 Oct 2011 18:11:29 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=317801
Log: Added test for Bug 54446 Init a variable to a default value to avoid issues Bug: https://bugs.php.net/54446 (To be documented) Arbitrary file creation via libxslt 'output' extension Changed paths: A php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt U php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c Added: php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt 2011-10-05 18:11:29 UTC (rev 317801) @@ -0,0 +1,95 @@ +--TEST-- +Bug #54446 (Arbitrary file creation via libxslt 'output' extension) +--SKIPIF-- +<?php +if (!extension_loaded('xsl')) die("skip Extension XSL is required\n"); +?> +--FILE-- +<?php +include("prepare.inc"); + +$outputfile = dirname(__FILE__)."/bug54446test.txt"; +if (file_exists($outputfile)) { + unlink($outputfile); +} + +$sXsl = <<<EOT +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"; + xmlns:sax="http://icl.com/saxon"; + extension-element-prefixes="sax"> + + <xsl:template match="/"> + <sax:output href="$outputfile" method="text"> + <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/> + </sax:output> + </xsl:template> + +</xsl:stylesheet> +EOT; + +$xsl->loadXML( $sXsl ); + +# START XSLT +$proc->importStylesheet( $xsl ); + +# TRASNFORM & PRINT +print $proc->transformToXML( $dom ); + + +if (file_exists($outputfile)) { + print "$outputfile exists, but shouldn't!\n"; +} else { + print "OK, no file created\n"; +} + +#SET NO SECURITY PREFS +ini_set("xsl.security_prefs", XSL_SECPREF_NONE); + +# TRASNFORM & PRINT +print $proc->transformToXML( $dom ); + + +if (file_exists($outputfile)) { + print "OK, file exists\n"; +} else { + print "$outputfile doesn't exist, but should!\n"; +} + +unlink($outputfile); + +#SET SECURITY PREFS AGAIN +ini_set("xsl.security_prefs", XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY); + +# TRASNFORM & PRINT +print $proc->transformToXML( $dom ); + +if (file_exists($outputfile)) { + print "$outputfile exists, but shouldn't!\n"; +} else { + print "OK, no file created\n"; +} + + +--EXPECTF-- +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s + +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d +OK, no file created +OK, file exists + +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s + +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d + +Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d +OK, no file created +--CREDITS-- +Christian Stocker, chr...@php.net + Modified: php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c 2011-10-05 17:39:43 UTC (rev 317800) +++ php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c 2011-10-05 18:11:29 UTC (rev 317801) @@ -475,7 +475,7 @@ zval *doXInclude, *member; zend_object_handlers *std_hnd; FILE *f; - int secPrefsError; + int secPrefsError = 0; int secPrefsIni; xsltSecurityPrefsPtr secPrefs = NULL;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
