mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-14 20:50:30 +01:00
Code Issues Releases Wiki Activity

Merge pull request from marc1706/ticket/13568-asc

Browse Source 
[ticket/13568] Validate imagick path as readable absolute path

closes
This commit is contained in:
Nicofuma 2015-03-29 19:50:19 +02:00
commit d9f4964d91
4 changed files with 175 additions and 5 deletions

2
phpBB/includes/acp/acp_attachments.php

@ -153,7 +153,7 @@ class acp_attachments
'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'path', 'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'absolute_path', 'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
)

13
phpBB/includes/functions_acp.php

@ -550,6 +550,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
$cfg_array[$config_name] = trim($destination);
// Absolute file path
case 'absolute_path':
case 'absolute_path_writable':
// Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir...
case 'path':
case 'wpath':
@ -568,20 +571,22 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
break;
}
if (!file_exists($phpbb_root_path . $cfg_array[$config_name]))
$path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name];
if (!file_exists($path))
{
$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
}
if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
if (file_exists($path) && !is_dir($path))
{
$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
}
// Check if the path is writable
if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable')
{
if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name]))
if (file_exists($path) && !phpbb_is_writable($path))
{
$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
}

78
tests/functional/acp_attachments_test.php Normal file

@ -0,0 +1,78 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @group functional
*/
class phpbb_functional_acp_attachments_test extends phpbb_functional_test_case
{
public function data_imagick_path_linux()
{
return array(
array('/usr/bin', 'Configuration updated successfully'),
array('/usr/foobar', 'The entered path “/usr/foobar” does not exist.'),
array('/usr/bin/which', 'The entered path “/usr/bin/which” is not a directory.'),
);
}
/**
* @dataProvider data_imagick_path_linux
*/
public function test_imagick_path_linux($imagick_path, $expected)
{
if (strtolower(substr(PHP_OS, 0, 5)) !== 'linux')
{
$this->markTestSkipped('Unable to test linux specific paths on other OS.');
}
$this->login();
$this->admin_login();
$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]' => $imagick_path));
$crawler = self::submit($form);
$this->assertContains($expected, $crawler->filter('#main')->text());
}
public function data_imagick_path_windows()
{
return array(
array('C:\Windows', 'Configuration updated successfully'),
array('C:\Windows\foobar1', 'The entered path “C:\Windows\foobar1” does not exist.'),
array('C:\Windows\explorer.exe', 'The entered path “C:\Windows\explorer.exe” is not a directory.'),
);
}
/**
* @dataProvider data_imagick_path_windows
*/
public function test_imagick_path_windows($imagick_path, $expected)
{
if (strtolower(substr(PHP_OS, 0, 3)) !== 'win')
{
$this->markTestSkipped('Unable to test windows specific paths on other OS.');
}
$this->login();
$this->admin_login();
$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]' => $imagick_path));
$crawler = self::submit($form);
$this->assertContains($expected, $crawler->filter('#main')->text());
}
}

87
tests/functions_acp/validate_config_vars_test.php

@ -162,4 +162,91 @@ class phpbb_functions_acp_validate_config_vars_test extends phpbb_test_case
$this->assertEquals($expected, $phpbb_error);
}
public function data_validate_path_linux()
{
return array(
array('/usr/bin', 'absolute_path', true),
array('/usr/bin/', 'absolute_path:50:200', true),
array('/usr/bin/which', 'absolute_path', 'DIRECTORY_NOT_DIR'),
array('/foo/bar', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
array('C:\Windows', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
array('.', 'absolute_path', true),
array('', 'absolute_path', true),
array('mkdir /foo/bar', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
// Make sure above command didn't do anything
array('/foo/bar', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
);
}
/**
* @dataProvider data_validate_path_linux
*/
public function test_validate_path_linux($path, $validation_type, $expected)
{
if (strtolower(substr(PHP_OS, 0, 5)) !== 'linux')
{
$this->markTestSkipped('Unable to test linux specific paths on other OS.');
}
$error = array();
$config_ary = array(
'path' => $path,
);
validate_config_vars(array(
'path' => array('lang' => 'FOOBAR', 'validate' => $validation_type),
),
$config_ary,
$error
);
}
public function data_validate_path_windows()
{
return array(
array('C:\Windows', 'absolute_path', true),
array('C:\Windows\\', 'absolute_path:50:200', true),
array('C:\Windows\explorer.exe', 'absolute_path', 'DIRECTORY_NOT_DIR'),
array('C:\foobar', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
array('/usr/bin', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
array('.', 'absolute_path', true),
array('', 'absolute_path', true),
array('mkdir C:\Windows\foobar', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
// Make sure above command didn't do anything
array('C:\Windows\foobar', 'absolute_path', 'DIRECTORY_DOES_NOT_EXIST'),
);
}
/**
* @dataProvider data_validate_path_windows
*/
public function test_validate_path_windows($path, $validation_type, $expected)
{
if (strtolower(substr(PHP_OS, 0, 3)) !== 'win')
{
$this->markTestSkipped('Unable to test windows specific paths on other OS.');
}
$error = array();
$config_ary = array(
'path' => $path,
);
validate_config_vars(array(
'path' => array('lang' => 'FOOBAR', 'validate' => $validation_type),
),
$config_ary,
$error
);
if ($expected === true)
{
$this->assertEmpty($error);
}
else
{
$this->assertEquals(array($expected), $error);
}
}
}