php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-21 06:51:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
badfe4fbdadffde92135aeb8c60135cd262c8e01
archived-php-src/ext/libxml/tests/bug61367-read_2.phpt
Niels Dossche 7c0dfc5cf5 Fix GH-11160: Few tests failed building with new libxml 2.11.0 
It's possible to categorise the failures into 2 categories:
  - Changed error message. In this case we either duplicate the test and
    modify the error message. Or if the change in error message is
    small, we use the EXPECTF matchers to make the test compatible with both
    old and new versions of libxml2.
  - Missing warnings. This is caused by a change in libxml2 where the
    parser started using SAX APIs internally [1]. In this case the
    error_type passed to php_libxml_internal_error_handler() changed from
    PHP_LIBXML_ERROR to PHP_LIBXML_CTX_WARNING because it internally
    started to use the SAX handlers instead of the generic handlers.
    However, for the SAX handlers the current input stack is empty, so
    nothing is actually printed. I fixed this by falling back to a
    regular warning without a filename & line number reference, which
    mimicks the old behaviour. Furthermore, this change now also shows
    an additional warning in a test which was previously hidden.

[1] 9a82b94a94

Closes GH-11162.
2023-05-06 23:10:07 +02:00

62 lines
1.5 KiB
PHP
Raw Blame History

--TEST--
Bug #61367: open_basedir bypass in libxml RSHUTDOWN: read test
--EXTENSIONS--
dom
--SKIPIF--
<?php
if (LIBXML_VERSION < 20912) die('skip For libxml2 >= 2.9.12 only');
?>
--INI--
open_basedir=.
--FILE--
<?php
/*
* Note: Using error_reporting=E_ALL & ~E_NOTICE to suppress "Trying to get property of non-object" notices.
*/
class StreamExploiter {
public function stream_close ( ) {
$doc = new DOMDocument;
$doc->resolveExternals = true;
$doc->substituteEntities = true;
$dir = htmlspecialchars(dirname(getcwd()));
$dir = str_replace('\\', '/', $dir); // fix for windows
$doc->loadXML( <<<XML
<!DOCTYPE doc [
<!ENTITY file SYSTEM "file:///$dir/bad">
]>
<doc>&file;</doc>
XML
);
print $doc->documentElement->firstChild->nodeValue;
}
public function stream_open ( $path , $mode , $options , &$opened_path ) {
return true;
}
}
var_dump(mkdir('test_bug_61367-read'));
var_dump(mkdir('test_bug_61367-read/base'));
var_dump(file_put_contents('test_bug_61367-read/bad', 'blah'));
var_dump(chdir('test_bug_61367-read/base'));
stream_wrapper_register( 'exploit', 'StreamExploiter' );
$s = fopen( 'exploit://', 'r' );
?>
--CLEAN--
<?php
unlink('test_bug_61367-read/bad');
rmdir('test_bug_61367-read/base');
rmdir('test_bug_61367-read');
?>
--EXPECTF--
bool(true)
bool(true)
int(4)
bool(true)
Warning: DOMDocument::loadXML(): %Sfailed to load external entity "file:///%s/test_bug_61367-read/bad" in %s on line %d
Warning: Attempt to read property "nodeValue" on null in %s on line %d
Reference in New Issue View Git Blame Copy Permalink