[BUGFIX] Untrusted GP data is unserialized in wizard_colorpicker.php and view_help.php
[Packages/TYPO3.CMS.git] / tests / t3lib / class.t3lib_lockTest.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2010-2011 Christian Kuhn <lolli@schwarzbu.ch>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 /**
26 * Testcase for t3lib_lock
27 *
28 * @author Christian Kuhn <lolli@schwarzbu.ch>
29 *
30 * @package TYPO3
31 * @subpackage t3lib
32 */
33
34 class t3lib_lockTest extends tx_phpunit_testcase {
35
36 /**
37 * Enable backup of global and system variables
38 *
39 * @var boolean
40 */
41 protected $backupGlobals = TRUE;
42
43 /**
44 * Exclude TYPO3_DB from backup/ restore of $GLOBALS
45 * because resource types cannot be handled during serializing
46 *
47 * @var array
48 */
49 protected $backupGlobalsBlacklist = array('TYPO3_DB');
50
51 ///////////////////////////////
52 // tests concerning acquire
53 ///////////////////////////////a
54
55 /**
56 * @test
57 */
58 public function acquireFixesPermissionsOnLockFileIfUsingSimpleLogging() {
59 if (TYPO3_OS == 'WIN') {
60 $this->markTestSkipped('acquireFixesPermissionsOnLockFileIfUsingSimpleLogging() test not available on Windows.');
61 }
62
63 // Use a very high id to be unique
64 $instance = new t3lib_lock(999999999, 'simple');
65 $pathOfLockFile = $instance->getResource();
66 $GLOBALS['TYPO3_CONF_VARS']['BE']['fileCreateMask'] = '0777';
67
68 // Acquire lock, get actual file permissions and clean up
69 $instance->acquire();
70 clearstatcache();
71 $resultFilePermissions = substr(decoct(fileperms($pathOfLockFile)), 2);
72 $instance->__destruct();
73
74 $this->assertEquals($resultFilePermissions, '0777');
75 }
76
77 ///////////////////////////////
78 // tests concerning release
79 ///////////////////////////////
80
81 /**
82 * Dataprovider for releaseRemovesLockfileInTypo3TempLocks
83 */
84 public function fileBasedLockMethods() {
85 return array(
86 'simple' => array('simple'),
87 'flock' => array('flock'),
88 );
89 }
90
91 /**
92 * @test
93 * @dataProvider fileBasedLockMethods
94 */
95 public function releaseRemovesLockfileInTypo3TempLocks($lockMethod) {
96 // Use a very high id to be unique
97 $instance = new t3lib_lock(999999999, 'simple');
98 // Disable logging
99 $instance->setEnableLogging(FALSE);
100 // File pointer to current lock file
101 $lockFile = $instance->getResource();
102 $instance->acquire();
103
104 $instance->release();
105
106 $this->assertFalse(is_file($lockFile));
107 }
108
109 /**
110 * Dataprovider for releaseDoesNotRemoveFilesNotWithinTypo3TempLocksDirectory
111 */
112 public function invalidFileReferences() {
113 return array(
114 'simple not within PATH_site' => array('simple', '/tmp/TYPO3-Lock-Test'),
115 'flock not withing PATH_site' => array('flock', '/tmp/TYPO3-Lock-Test'),
116 'simple directory traversal' => array('simple', PATH_site . 'typo3temp/../typo3temp/locks/foo'),
117 'flock directory traversal' => array('flock', PATH_site . 'typo3temp/../typo3temp/locks/foo'),
118 'simple directory traversal 2' => array('simple', PATH_site . 'typo3temp/locks/../locks/foo'),
119 'flock directory traversal 2' => array('flock', PATH_site . 'typo3temp/locks/../locks/foo'),
120 'simple within uploads' => array('simple', PATH_site . 'uploads/TYPO3-Lock-Test'),
121 'flock within uploads' => array('flock', PATH_site . 'uploads/TYPO3-Lock-Test'),
122 );
123 }
124
125 /**
126 * @test
127 * @dataProvider invalidFileReferences
128 */
129 public function releaseDoesNotRemoveFilesNotWithinTypo3TempLocksDirectory($lockMethod, $file) {
130 if (TYPO3_OS === 'WIN') {
131 $this->markTestSkipped('releaseDoesNotRemoveFilesNotWithinTypo3TempLocksDirectory() test not available on Windows.');
132 }
133 // Reflection needs php 5.3.2 or above
134 if (version_compare(phpversion(), '5.3.2', '<')) {
135 $this->markTestSkipped('releaseDoesNotRemoveFilesNotWithinTypo3TempLocksDirectory() test not available with php version smaller than 5.3.2');
136 }
137
138 // Create test file
139 touch($file);
140 if (!is_file($file)) {
141 $this->markTestSkipped('releaseDoesNotRemoveFilesNotWithinTypo3TempLocksDirectory() skipped: Test file could not be created');
142 }
143
144 // Create t3lib_lock instance, set lockfile to invalid path
145 $instance = new t3lib_lock(999999999, $lockMethod);
146 $instance->setEnableLogging(FALSE);
147 $t3libLockReflection = new ReflectionClass('t3lib_lock');
148 $t3libLockReflectionResourceProperty = $t3libLockReflection->getProperty('resource');
149 $t3libLockReflectionResourceProperty->setAccessible(TRUE);
150 $t3libLockReflectionResourceProperty->setValue($instance, $file);
151 $t3libLockReflectionAcquiredProperty = $t3libLockReflection->getProperty('isAcquired');
152 $t3libLockReflectionAcquiredProperty->setAccessible(TRUE);
153 $t3libLockReflectionAcquiredProperty->setValue($instance, TRUE);
154
155 // Call release method
156 $instance->release();
157
158 // Check if file is still there and clean up
159 $fileExists = is_file($file);
160 if (is_file($file)) {
161 unlink($file);
162 }
163
164 $this->assertTrue($fileExists);
165 }
166 }
167 ?>