Merge branch '3.3' into 3.4
* 3.3: fixed tests Disallow viewing dot-files in Profiler
This commit is contained in:
commit
46a848cff4
@ -162,7 +162,7 @@ class FormExtensionDivLayoutTest extends AbstractDivLayoutTest
|
|||||||
*/
|
*/
|
||||||
public function testIsRootForm($expected, FormView $formView)
|
public function testIsRootForm($expected, FormView $formView)
|
||||||
{
|
{
|
||||||
$this->assertSame($expected, $this->extension->isRootForm($formView));
|
$this->assertSame($expected, twig_is_root_form($formView));
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function renderForm(FormView $view, array $vars = array())
|
protected function renderForm(FormView $view, array $vars = array())
|
||||||
|
@ -385,7 +385,7 @@ class ProfilerController
|
|||||||
|
|
||||||
$filename = $this->baseDir.DIRECTORY_SEPARATOR.$file;
|
$filename = $this->baseDir.DIRECTORY_SEPARATOR.$file;
|
||||||
|
|
||||||
if (preg_match("'(^|[/\\\\])\.\.?([/\\\\]|$)'", $file) || !is_readable($filename)) {
|
if (preg_match("'(^|[/\\\\])\.'", $file) || !is_readable($filename)) {
|
||||||
throw new NotFoundHttpException(sprintf('The file "%s" cannot be opened.', $file));
|
throw new NotFoundHttpException(sprintf('The file "%s" cannot be opened.', $file));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -14,6 +14,7 @@ namespace Symfony\Bundle\WebProfilerBundle\Tests\Controller;
|
|||||||
use PHPUnit\Framework\TestCase;
|
use PHPUnit\Framework\TestCase;
|
||||||
use Symfony\Bundle\WebProfilerBundle\Controller\ProfilerController;
|
use Symfony\Bundle\WebProfilerBundle\Controller\ProfilerController;
|
||||||
use Symfony\Bundle\WebProfilerBundle\Csp\ContentSecurityPolicyHandler;
|
use Symfony\Bundle\WebProfilerBundle\Csp\ContentSecurityPolicyHandler;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||||
use Symfony\Component\HttpKernel\Profiler\Profile;
|
use Symfony\Component\HttpKernel\Profiler\Profile;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
|
||||||
@ -46,6 +47,42 @@ class ProfilerControllerTest extends TestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider getOpenFileCases
|
||||||
|
*/
|
||||||
|
public function testOpeningDisallowedPaths($path, $isAllowed)
|
||||||
|
{
|
||||||
|
$urlGenerator = $this->getMockBuilder('Symfony\Component\Routing\Generator\UrlGeneratorInterface')->getMock();
|
||||||
|
$twig = $this->getMockBuilder('Twig\Environment')->disableOriginalConstructor()->getMock();
|
||||||
|
$profiler = $this
|
||||||
|
->getMockBuilder('Symfony\Component\HttpKernel\Profiler\Profiler')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$controller = new ProfilerController($urlGenerator, $profiler, $twig, array(), 'bottom', null, __DIR__.'/../..');
|
||||||
|
|
||||||
|
try {
|
||||||
|
$response = $controller->openAction(Request::create('/_wdt/open', Request::METHOD_GET, array('file' => $path)));
|
||||||
|
$this->assertEquals(200, $response->getStatusCode());
|
||||||
|
$this->assertTrue($isAllowed);
|
||||||
|
} catch (NotFoundHttpException $e) {
|
||||||
|
$this->assertFalse($isAllowed);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getOpenFileCases()
|
||||||
|
{
|
||||||
|
return array(
|
||||||
|
array('README.md', true),
|
||||||
|
array('composer.json', true),
|
||||||
|
array('Controller/ProfilerController.php', true),
|
||||||
|
array('.gitignore', false),
|
||||||
|
array('../TwigBundle/README.md', false),
|
||||||
|
array('Controller/../README.md', false),
|
||||||
|
array('Controller/./ProfilerController.php', false),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider provideCspVariants
|
* @dataProvider provideCspVariants
|
||||||
*/
|
*/
|
||||||
|
Reference in New Issue
Block a user