[SECURITY] Disallow pht as file extension
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Tests / Unit / Core / SystemEnvironmentBuilderTest.php
1 <?php
2 namespace TYPO3\CMS\Core\Tests\Unit\Core;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * Testcase
19 */
20 class SystemEnvironmentBuilderTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
21 {
22 /**
23 * @var \TYPO3\CMS\Core\Core\SystemEnvironmentBuilder|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface
24 */
25 protected $subject = null;
26
27 /**
28 * Set up testcase
29 *
30 * @return void
31 */
32 protected function setUp()
33 {
34 $this->subject = $this->getAccessibleMock(\TYPO3\CMS\Core\Core\SystemEnvironmentBuilder::class, ['dummy']);
35 }
36
37 /**
38 * Data provider for 'fileDenyPatternMatchesPhpExtension' test case.
39 *
40 * @return array
41 */
42 public function fileDenyPatternMatchesPhpExtensionDataProvider()
43 {
44 $fileName = $this->getUniqueId('filename');
45 $data = [];
46 $phpExtensions = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', 'php,php3,php4,php5,php6,phpsh,phtml,pht', true);
47 foreach ($phpExtensions as $extension) {
48 $data[] = [$fileName . '.' . $extension];
49 $data[] = [$fileName . '.' . $extension . '.txt'];
50 }
51 return $data;
52 }
53
54 /**
55 * Tests whether an accordant PHP extension is denied.
56 *
57 * @test
58 * @dataProvider fileDenyPatternMatchesPhpExtensionDataProvider
59 * @param string $phpExtension
60 */
61 public function fileDenyPatternMatchesPhpExtension($phpExtension)
62 {
63 $this->assertGreaterThan(0, preg_match('/' . FILE_DENY_PATTERN_DEFAULT . '/', $phpExtension), $phpExtension);
64 }
65
66 /**
67 * @test
68 */
69 public function getPathThisScriptCliReadsLocalPartFromArgv()
70 {
71 $fakedLocalPart = $this->getUniqueId('Test');
72 $GLOBALS['_SERVER']['argv'][0] = $fakedLocalPart;
73 $this->assertStringEndsWith($fakedLocalPart, $this->subject->_call('getPathThisScriptCli'));
74 }
75
76 /**
77 * @test
78 */
79 public function getPathThisScriptCliReadsLocalPartFromEnv()
80 {
81 $fakedLocalPart = $this->getUniqueId('Test');
82 unset($GLOBALS['_SERVER']['argv']);
83 $GLOBALS['_ENV']['_'] = $fakedLocalPart;
84 $this->assertStringEndsWith($fakedLocalPart, $this->subject->_call('getPathThisScriptCli'));
85 }
86
87 /**
88 * @test
89 */
90 public function getPathThisScriptCliReadsLocalPartFromServer()
91 {
92 $fakedLocalPart = $this->getUniqueId('Test');
93 unset($GLOBALS['_SERVER']['argv']);
94 unset($GLOBALS['_ENV']['_']);
95 $GLOBALS['_SERVER']['_'] = $fakedLocalPart;
96 $this->assertStringEndsWith($fakedLocalPart, $this->subject->_call('getPathThisScriptCli'));
97 }
98
99 /**
100 * @test
101 */
102 public function getPathThisScriptCliAddsCurrentWorkingDirectoryFromServerEnvironmentToLocalPathOnUnix()
103 {
104 if (TYPO3_OS === 'WIN') {
105 $this->markTestSkipped('Test not available on Windows OS.');
106 }
107 $GLOBALS['_SERVER']['argv'][0] = 'foo';
108 $fakedAbsolutePart = '/' . $this->getUniqueId('Absolute') . '/';
109 $_SERVER['PWD'] = $fakedAbsolutePart;
110 $this->assertStringStartsWith($fakedAbsolutePart, $this->subject->_call('getPathThisScriptCli'));
111 }
112
113 /**
114 * @test
115 */
116 public function getUnifiedDirectoryNameWithTrailingSlashReturnsCorrectPathOnUnix()
117 {
118 if (TYPO3_OS === 'WIN') {
119 $this->markTestSkipped('Test not available on Windows OS.');
120 }
121 $input = '/foo/bar/test.php';
122 $expected = '/foo/bar/';
123 $actual = $this->subject->_call('getUnifiedDirectoryNameWithTrailingSlash', $input);
124 $this->assertEquals($expected, $actual);
125 }
126
127 /**
128 * @test
129 */
130 public function initializeGlobalVariablesUnsetsGlobalErrorArray()
131 {
132 $GLOBALS['error'] = 'foo';
133 $this->subject->_call('initializeGlobalVariables');
134 $this->assertFalse(isset($GLOBALS['error']));
135 }
136
137 /**
138 * @test
139 */
140 public function initializeGlobalVariablesSetsGlobalTypo3MiscArray()
141 {
142 unset($GLOBALS['TYPO3_MISC']);
143 $this->subject->_call('initializeGlobalVariables');
144 $this->assertInternalType('array', $GLOBALS['TYPO3_MISC']);
145 }
146
147 /**
148 * @test
149 */
150 public function initializeGlobalVariablesSetsGlobalT3VarArray()
151 {
152 unset($GLOBALS['T3_VAR']);
153 $this->subject->_call('initializeGlobalVariables');
154 $this->assertInternalType('array', $GLOBALS['T3_VAR']);
155 }
156
157 /**
158 * @test
159 */
160 public function initializeGlobalVariablesSetsGlobalT3ServicesArray()
161 {
162 unset($GLOBALS['T3_SERVICES']);
163 $this->subject->_call('initializeGlobalVariables');
164 $this->assertInternalType('array', $GLOBALS['T3_SERVICES']);
165 }
166
167 /**
168 * Data provider for initializeGlobalTimeTrackingVariablesSetsGlobalVariables
169 *
170 * @return array
171 */
172 public function initializeGlobalTimeTrackingVariablesSetsGlobalVariablesDataProvider()
173 {
174 return [
175 'PARSETIME_START' => ['PARSETIME_START'],
176 'EXEC_TIME' => ['EXEC_TIME'],
177 'ACCESS_TIME' => ['ACCESS_TIME'],
178 'SIM_EXEC_TIME' => ['SIM_EXEC_TIME'],
179 'SIM_ACCESS_TIME' => ['SIM_ACCESS_TIME']
180 ];
181 }
182
183 /**
184 * @test
185 * @dataProvider initializeGlobalTimeTrackingVariablesSetsGlobalVariablesDataProvider
186 * @param string $variable Variable to check for in $GLOBALS
187 */
188 public function initializeGlobalTimeTrackingVariablesSetsGlobalVariables($variable)
189 {
190 unset($GLOBALS[$variable]);
191 $this->subject->_call('initializeGlobalTimeTrackingVariables');
192 $this->assertTrue(isset($GLOBALS[$variable]));
193 }
194
195 /**
196 * @test
197 */
198 public function initializeGlobalTimeTrackingVariablesSetsGlobalTypo3MiscMicrotimeStart()
199 {
200 unset($GLOBALS['TYPO3_MISC']['microtime_start']);
201 $this->subject->_call('initializeGlobalTimeTrackingVariables');
202 $this->assertTrue(isset($GLOBALS['TYPO3_MISC']['microtime_start']));
203 }
204
205 /**
206 * @test
207 */
208 public function initializeGlobalTimeTrackingVariablesRoundsAccessTimeToSixtySeconds()
209 {
210 $this->subject->_call('initializeGlobalTimeTrackingVariables');
211 $this->assertEquals(0, $GLOBALS['ACCESS_TIME'] % 60);
212 }
213
214 /**
215 * @test
216 */
217 public function initializeGlobalTimeTrackingVariablesRoundsSimAccessTimeToSixtySeconds()
218 {
219 $this->subject->_call('initializeGlobalTimeTrackingVariables');
220 $this->assertEquals(0, $GLOBALS['SIM_ACCESS_TIME'] % 60);
221 }
222
223 /**
224 * @test
225 */
226 public function initializeBasicErrorReportingExcludesStrict()
227 {
228 $backupReporting = error_reporting();
229 $this->subject->_call('initializeBasicErrorReporting');
230 $actualReporting = error_reporting();
231 error_reporting($backupReporting);
232 $this->assertEquals(0, $actualReporting & E_STRICT);
233 }
234
235 /**
236 * @test
237 */
238 public function initializeBasicErrorReportingExcludesNotice()
239 {
240 $backupReporting = error_reporting();
241 $this->subject->_call('initializeBasicErrorReporting');
242 $actualReporting = error_reporting();
243 error_reporting($backupReporting);
244 $this->assertEquals(0, $actualReporting & E_NOTICE);
245 }
246
247 /**
248 * @test
249 */
250 public function initializeBasicErrorReportingExcludesDeprecated()
251 {
252 $backupReporting = error_reporting();
253 $this->subject->_call('initializeBasicErrorReporting');
254 $actualReporting = error_reporting();
255 error_reporting($backupReporting);
256 $this->assertEquals(0, $actualReporting & E_DEPRECATED);
257 }
258 }