Почетна Преглед Помоћ
Пријавите се
SoftwareDesign
/
csu3_am335x
8
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Грана: master
Гране Ознаке
csu3_am335x
/
EVSE
/
GPL
/
php-8.1.12
/
ext
/
xsl
/
tests
/
bug54446_with_ini.phpt

bug54446_with_ini.phpt 2.5 KB
Пермалинк Историја Датотека

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. --TEST--
    2. 

  2. Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
    3. 

  3. --EXTENSIONS--
    4. 

  4. xsl
    5. 

  5. --FILE--
    6. 

  6. <?php
    7. 

  7. include("prepare.inc");
    8. 

  8. 

  9. $outputfile = __DIR__."/bug54446test_with_ini.txt";
    10. 

  10. if (file_exists($outputfile)) {
    11. 

  11.     unlink($outputfile);
    12. 

  12. }
    13. 

  13. 

  14. $sXsl = <<<EOT
    15. 

  15. <xsl:stylesheet version="1.0"
    16. 

  16.     xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    17. 

  17.     xmlns:sax="http://icl.com/saxon"
    18. 

  18.     extension-element-prefixes="sax">
    19. 

  19. 

  20.     <xsl:template match="/">
    21. 

  21.         <sax:output href="$outputfile" method="text">
    22. 

  22.             <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
    23. 

  23.         </sax:output>
    24. 

  24.     </xsl:template>
    25. 

  25. 

  26. </xsl:stylesheet>
    27. 

  27. EOT;
    28. 

  28. 

  29. $xsl->loadXML( $sXsl );
    30. 

  30. 

  31. # START XSLT
    32. 

  32. $proc->importStylesheet( $xsl );
    33. 

  33. 

  34. # TRASNFORM & PRINT
    35. 

  35. print $proc->transformToXML( $dom );
    36. 

  36. 

  37. 

  38. if (file_exists($outputfile)) {
    39. 

  39.     print "$outputfile exists, but shouldn't!\n";
    40. 

  40. } else {
    41. 

  41.     print "OK, no file created\n";
    42. 

  42. }
    43. 

  43. 

  44. #SET NO SECURITY PREFS
    45. 

  45. $proc->setSecurityPrefs(XSL_SECPREF_NONE);
    46. 

  46. 

  47. # TRANSFORM & PRINT
    48. 

  48. print $proc->transformToXML( $dom );
    49. 

  49. 

  50. 

  51. if (file_exists($outputfile)) {
    52. 

  52.     print "OK, file exists\n";
    53. 

  53. } else {
    54. 

  54.     print "$outputfile doesn't exist, but should!\n";
    55. 

  55. }
    56. 

  56. 

  57. unlink($outputfile);
    58. 

  58. 

  59. #SET SECURITY PREFS AGAIN
    60. 

  60. $proc->setSecurityPrefs(XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
    61. 

  61. 

  62. # TRANSFORM & PRINT
    63. 

  63. print $proc->transformToXML( $dom );
    64. 

  64. 

  65. if (file_exists($outputfile)) {
    66. 

  66.     print "$outputfile exists, but shouldn't!\n";
    67. 

  67. } else {
    68. 

  68.     print "OK, no file created\n";
    69. 

  69. }
    70. 

  70. 

  71. ?>
    72. 

  72. --EXPECTF--
    73. 

  73. Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
    74. 

  74. 

  75. Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test_with_ini.txt refused in %s on line %d
    76. 

  76. 

  77. Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
    78. 

  78. 

  79. Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test_with_ini.txt denied in %s on line %d
    80. 

  80. OK, no file created
    81. 

  81. OK, file exists
    82. 

  82. 

  83. Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
    84. 

  84. 

  85. Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test_with_ini.txt refused in %s on line %d
    86. 

  86. 

  87. Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
    88. 

  88. 

  89. Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test_with_ini.txt denied in %s on line %d
    90. 

  90. OK, no file created
    91. 

  91. --CREDITS--
    92. 

  92. Christian Stocker, chregu@php.net
    93.