Fixed bug #15936: [Caching framework] Entry identifier needs to be sanitized in FileB...
authorChristian Kuhn <lolli@schwarzbu.ch>
Tue, 26 Oct 2010 21:37:48 +0000 (21:37 +0000)
committerChristian Kuhn <lolli@schwarzbu.ch>
Tue, 26 Oct 2010 21:37:48 +0000 (21:37 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-4@9204 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/cache/backend/class.t3lib_cache_backend_filebackend.php
tests/t3lib/cache/backend/t3lib_cache_backend_filebackendTest.php

index b183748..c248914 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-10-26  Christian Kuhn  <lolli@schwarzbu.ch>
+
+       * Fixed bug #15936: [Caching framework] Entry identifier needs to be sanitized in FileBackend
+
 2010-10-25  Stanislas Rolland  <typo3@sjbr.ca>
 
        * Fixed bug #16087: htmlArea RTE: Missing soft hyphen entity in CharacterMap
index bdbcaa0..cf95d0a 100644 (file)
@@ -222,6 +222,13 @@ class t3lib_cache_backend_FileBackend extends t3lib_cache_backend_AbstractBacken
                        );
                }
 
+               if ($entryIdentifier !== basename($entryIdentifier)) {
+                       throw new InvalidArgumentException(
+                               'The specified entry identifier must not contain a path segment.',
+                               1282073032
+                       );
+               }
+
                $this->remove($entryIdentifier);
 
                $temporaryCacheEntryPathAndFilename = $this->root . $this->cacheDirectory . uniqid() . '.temp';
@@ -271,6 +278,13 @@ class t3lib_cache_backend_FileBackend extends t3lib_cache_backend_AbstractBacken
         * @api
         */
        public function get($entryIdentifier) {
+               if ($entryIdentifier !== basename($entryIdentifier)) {
+                       throw new InvalidArgumentException(
+                               'The specified entry identifier must not contain a path segment.',
+                               1282073033
+                       );
+               }
+
                $pathAndFilename = $this->root . $this->cacheDirectory . $entryIdentifier;
                if ($this->isCacheFileExpired($pathAndFilename)) {
                        return FALSE;
@@ -288,6 +302,13 @@ class t3lib_cache_backend_FileBackend extends t3lib_cache_backend_AbstractBacken
         * @api
         */
        public function has($entryIdentifier) {
+               if ($entryIdentifier !== basename($entryIdentifier)) {
+                       throw new InvalidArgumentException(
+                               'The specified entry identifier must not contain a path segment.',
+                               1282073034
+                       );
+               }
+
                return !$this->isCacheFileExpired($this->root . $this->cacheDirectory . $entryIdentifier);
        }
 
@@ -301,6 +322,13 @@ class t3lib_cache_backend_FileBackend extends t3lib_cache_backend_AbstractBacken
         * @api
         */
        public function remove($entryIdentifier) {
+               if ($entryIdentifier !== basename($entryIdentifier)) {
+                       throw new InvalidArgumentException(
+                               'The specified entry identifier must not contain a path segment.',
+                               1282073035
+                       );
+               }
+
                $pathAndFilename = $this->root . $this->cacheDirectory . $entryIdentifier;
                if (!file_exists($pathAndFilename)) {
                        return FALSE;
@@ -499,6 +527,13 @@ class t3lib_cache_backend_FileBackend extends t3lib_cache_backend_AbstractBacken
         * @api
         */
        public function requireOnce($entryIdentifier) {
+               if ($entryIdentifier !== basename($entryIdentifier)) {
+                       throw new InvalidArgumentException(
+                               'The specified entry identifier must not contain a path segment.',
+                               1282073036
+                       );
+               }
+
                $pathAndFilename = $this->root . $this->cacheDirectory . $entryIdentifier;
                return ($this->isCacheFileExpired($pathAndFilename)) ? FALSE : require_once($pathAndFilename);
        }
index 780f44e..0facd7f 100644 (file)
@@ -298,6 +298,102 @@ class t3lib_cache_backend_FileBackendTest extends tx_phpunit_testcase {
        }
 
        /**
+        * @author Christian Kuhn <lolli@schwarzbu.ch>
+        */
+       public function invalidEntryIdentifiers() {
+               return array(
+                       'trailing slash' => array('/myIdentifer'),
+                       'trailing dot and slash' => array('./myIdentifer'),
+                       'trailing two dots and slash' => array('../myIdentifier'),
+                       'trailing with multiple dots and slashes' => array('.././../myIdentifier'),
+                       'slash in middle part' => array('my/Identifier'),
+                       'dot and slash in middle part' => array('my./Identifier'),
+                       'two dots and slash in middle part' => array('my../Identifier'),
+                       'multiple dots and slashes in middle part' => array('my.././../Identifier'),
+                       'pending slash' => array('myIdentifier/'),
+                       'pending dot and slash' => array('myIdentifier./'),
+                       'pending dots and slash' => array('myIdentifier../'),
+                       'pending multiple dots and slashes' => array('myIdentifier.././../'),
+               );
+       }
+
+       /**
+        * @test
+        * @dataProvider invalidEntryIdentifiers
+        * @expectedException InvalidArgumentException
+        * @author Christian Kuhn <lolli@schwarzbu.ch>
+        */
+       public function setThrowsExceptionForInvalidIdentifier($identifier) {
+               $mockCache = $this->getMock('t3lib_cache_frontend_AbstractFrontend', array(), array(), '', FALSE);
+               $mockCache->expects($this->atLeastOnce())->method('getIdentifier')->will($this->returnValue('UnitTestCache'));
+
+               $backend = $this->getMock('t3lib_cache_backend_FileBackend', array('dummy'), array(), '', TRUE);
+               $backend->setCache($mockCache);
+
+               $backend->set($identifier, 'cache data', array());
+       }
+
+       /**
+        * @test
+        * @dataProvider invalidEntryIdentifiers
+        * @expectedException InvalidArgumentException
+        * @author Christian Kuhn <lolli@schwarzbu.ch>
+        */
+       public function getThrowsExceptionForInvalidIdentifier($identifier) {
+               $mockCache = $this->getMock('t3lib_cache_frontend_AbstractFrontend', array(), array(), '', FALSE);
+               $mockCache->expects($this->atLeastOnce())->method('getIdentifier')->will($this->returnValue('UnitTestCache'));
+
+               $backend = $this->getMock('t3lib_cache_backend_FileBackend', array('dummy'), array(), '', FALSE);
+               $backend->setCache($mockCache);
+
+               $backend->get($identifier);
+       }
+
+       /**
+        * @test
+        * @dataProvider invalidEntryIdentifiers
+        * @expectedException InvalidArgumentException
+        * @author Christian Kuhn <lolli@schwarzbu.ch>
+        */
+       public function hasThrowsExceptionForInvalidIdentifier($identifier) {
+               $backend = $this->getMock('t3lib_cache_backend_FileBackend', array('dummy'), array(), '', FALSE);
+
+               $backend->has($identifier);
+       }
+
+       /**
+        * @test
+        * @dataProvider invalidEntryIdentifiers
+        * @expectedException InvalidArgumentException
+        * @author Christian Kuhn <lolli@schwarzbu.ch>
+        */
+       public function removeThrowsExceptionForInvalidIdentifier($identifier) {
+               $mockCache = $this->getMock('t3lib_cache_frontend_AbstractFrontend', array(), array(), '', FALSE);
+               $mockCache->expects($this->atLeastOnce())->method('getIdentifier')->will($this->returnValue('UnitTestCache'));
+
+               $backend = $this->getMock('t3lib_cache_backend_FileBackend', array('dummy'), array(), '', FALSE);
+               $backend->setCache($mockCache);
+
+               $backend->remove($identifier);
+       }
+
+       /**
+        * @test
+        * @dataProvider invalidEntryIdentifiers
+        * @expectedException InvalidArgumentException
+        * @author Christian Kuhn <lolli@schwarzbu.ch>
+        */
+       public function requireOnceThrowsExceptionForInvalidIdentifier($identifier) {
+               $mockCache = $this->getMock('t3lib_cache_frontend_AbstractFrontend', array(), array(), '', FALSE);
+               $mockCache->expects($this->atLeastOnce())->method('getIdentifier')->will($this->returnValue('UnitTestCache'));
+
+               $backend = $this->getMock('t3lib_cache_backend_FileBackend', array('dummy'), array(), '', FALSE);
+               $backend->setCache($mockCache);
+
+               $backend->requireOnce($identifier);
+       }
+
+       /**
         * @test
         * @author Robert Lemke <robert@typo3.org>
         * @author Karsten Dambekalns <karsten@typo3.org>