Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.0.x will end 8 May 2023 (12 months).
  • Bug fixes for security issues in 4.0.x will end 13 November 2023 (18 months).
  • PHP version: minimum PHP 7.3.0 Note: the minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is also supported.

Differences Between: [Versions 310 and 400] [Versions 39 and 400]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  namespace core;
  18  
  19  use zip_archive;
  20  
  21  defined('MOODLE_INTERNAL') || die();
  22  
  23  global $CFG;
  24  
  25  require_once($CFG->libdir . '/filestorage/zip_archive.php');
  26  
  27  /**
  28   * Unit tests for /lib/filestorage/zip_archive.php.
  29   *
  30   * @package   core
  31   * @copyright 2020 Université Rennes 2 {@link https://www.univ-rennes2.fr}
  32   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  33   */
  34  class filestorage_zip_archive_test extends \advanced_testcase {
  35      /**
  36       * Test mangle_pathname() method.
  37       *
  38       * @dataProvider pathname_provider
  39       *
  40       * @param string $string   Parameter sent to mangle_pathname method.
  41       * @param string $expected Expected return value.
  42       */
  43      public function test_mangle_pathname($string, $expected) {
  44          $ziparchive = new zip_archive();
  45  
  46          $method = new \ReflectionMethod('zip_archive', 'mangle_pathname');
  47          $method->setAccessible(true);
  48  
  49          $result = $method->invoke($ziparchive, $string);
  50          $this->assertSame($expected, $result);
  51      }
  52  
  53      /**
  54       * Provide some tested pathnames and expected results.
  55       *
  56       * @return array Array of tested pathnames and expected results.
  57       */
  58      public function pathname_provider() {
  59          return [
  60              // Test a string.
  61              ['my file.pdf', 'my file.pdf'],
  62  
  63              // Test a string with MS separator.
  64              ['c:\temp\my file.pdf', 'c:/temp/my file.pdf'],
  65  
  66              // Test a string with 2 consecutive dots.
  67              ['my file..pdf', 'my file.pdf'],
  68  
  69              // Test a string with 3 consecutive dots.
  70              ['my file...pdf', 'my file.pdf'],
  71  
  72              // Test a string beginning with leading slash.
  73              ['/tmp/my file.pdf', 'tmp/my file.pdf'],
  74  
  75              // Test some path traversal attacks.
  76              ['../../../../../etc/passwd', 'etc/passwd'],
  77              ['../', ''],
  78              ['.../...//', ''],
  79              ['.', ''],
  80          ];
  81      }
  82  }