Follow-up to bug #16593: Added unit tests
authorOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:43:03 +0000 (13:43 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:43:03 +0000 (13:43 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-4@9800 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
tests/t3lib/t3lib_divTest.php

index 5ad14e4..cf4c795 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@
        * Fixed bug #16362: Directory traversal attack in em_unzip
        * Fixed bug #16485: Cross-Site Scripting in showpic functionality
        * Fixed bug #16593: It is possible to bypass 'verifyFilenameAgainstDenyPattern'
+       * Follow-up to bug #16593: Added unit tests
 
 2010-12-07  Christian Kuhn  <lolli@schwarzbu.ch>
 
index dc01a29..aeac59a 100644 (file)
@@ -1767,5 +1767,41 @@ class t3lib_divTest extends tx_phpunit_testcase {
                $this->assertEquals('someFile', $fileInfo['filebody']);
                $this->assertEquals('png', $fileInfo['fileext']);
        }
+
+       /**
+        * Data provider for validPathStrDetectsInvalidCharacters.
+        *
+        * @return array
+        */
+       public function validPathStrInvalidCharactersDataProvider() {
+               return array(
+                       'double slash in path' => array('path//path'),
+                       'backslash in path' => array('path\\path'),
+                       'directory up in path' => array('path/../path'),
+                       'directory up at the beginning' => array('../path'),
+                       'NUL character in path' => array("path\x00path"),
+                       'BS character in path' => array("path\x08path"),
+               );
+       }
+
+       /**
+        * Tests whether invalid characters are detected.
+        *
+        * @param string $path
+        * @dataProvider validPathStrInvalidCharactersDataProvider
+        * @test
+        */
+       public function validPathStrDetectsInvalidCharacters($path) {
+               $this->assertNull(t3lib_div::validPathStr($path));
+       }
+
+       /**
+        * Tests whether verifyFilenameAgainstDenyPattern detects the null character.
+        *
+        * @test
+        */
+       public function verifyFilenameAgainstDenyPatternDetectsNullCharacter() {
+               $this->assertFalse(t3lib_div::verifyFilenameAgainstDenyPattern("image\x00.gif"));
+       }
 }
 ?>
\ No newline at end of file