[SECURITY] Prevent information disclosure in tests bootstrap 20/43120/2
authorNicole Cordes <typo3@cordes.co>
Tue, 8 Sep 2015 08:56:16 +0000 (10:56 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 8 Sep 2015 08:56:29 +0000 (10:56 +0200)
commited1e46f89c8e5f699ced245e873d0eff21e5c75e
treefa05241b8a5f269c3a71f78636d53a63fdcc7f5b
parent045b4ea60779e4bf5510a06d7f956498f7969c69
[SECURITY] Prevent information disclosure in tests bootstrap

Both, the UnitTestsBootstrap and FunctionalTestsBootstrap set
display_errors to 1 which shows errors and warnings by default. If you
call those scripts within web context the files can't be loaded and the
error message shows the website root path. The patch adds proper checks
before files are loaded and exits if an error occurs.

Resolves: #67900
Releases: 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-008
Change-Id: I1e294bcd2f6cd7c2a32f54a890ca2d4a869c9fda
Reviewed-on: http://review.typo3.org/43120
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Build/FunctionalTestsBootstrap.php
typo3/sysext/core/Build/UnitTestsBootstrap.php