Differences Between: [Versions 310 and 400] [Versions 39 and 400]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 namespace core; 18 19 use zip_archive; 20 21 defined('MOODLE_INTERNAL') || die(); 22 23 global $CFG; 24 25 require_once($CFG->libdir . '/filestorage/zip_archive.php'); 26 27 /** 28 * Unit tests for /lib/filestorage/zip_archive.php. 29 * 30 * @package core 31 * @copyright 2020 Université Rennes 2 {@link https://www.univ-rennes2.fr} 32 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 33 */ 34 class filestorage_zip_archive_test extends \advanced_testcase { 35 /** 36 * Test mangle_pathname() method. 37 * 38 * @dataProvider pathname_provider 39 * 40 * @param string $string Parameter sent to mangle_pathname method. 41 * @param string $expected Expected return value. 42 */ 43 public function test_mangle_pathname($string, $expected) { 44 $ziparchive = new zip_archive(); 45 46 $method = new \ReflectionMethod('zip_archive', 'mangle_pathname'); 47 $method->setAccessible(true); 48 49 $result = $method->invoke($ziparchive, $string); 50 $this->assertSame($expected, $result); 51 } 52 53 /** 54 * Provide some tested pathnames and expected results. 55 * 56 * @return array Array of tested pathnames and expected results. 57 */ 58 public function pathname_provider() { 59 return [ 60 // Test a string. 61 ['my file.pdf', 'my file.pdf'], 62 63 // Test a string with MS separator. 64 ['c:\temp\my file.pdf', 'c:/temp/my file.pdf'], 65 66 // Test a string with 2 consecutive dots. 67 ['my file..pdf', 'my file.pdf'], 68 69 // Test a string with 3 consecutive dots. 70 ['my file...pdf', 'my file.pdf'], 71 72 // Test a string beginning with leading slash. 73 ['/tmp/my file.pdf', 'tmp/my file.pdf'], 74 75 // Test some path traversal attacks. 76 ['../../../../../etc/passwd', 'etc/passwd'], 77 ['../', ''], 78 ['.../...//', ''], 79 ['.', ''], 80 ]; 81 } 82 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body