function SystemArchiverTest::_testArchiverOutOfPath
Helper to test out-of-path extraction protection.
1 call to SystemArchiverTest::_testArchiverOutOfPath()
- SystemArchiverTest::testArchiverOutOfPath in modules/
system/ system.test - Tests out-of-path extraction protection.
File
-
modules/
system/ system.test, line 3259
Class
- SystemArchiverTest
- Test case for Archiver classes.
Code
public function _testArchiverOutOfPath($archive, $message) {
$src_tarball = DRUPAL_ROOT . '/modules/system/tests/' . $archive;
$tarball = file_directory_temp() . '/' . $archive;
file_unmanaged_copy($src_tarball, $tarball);
try {
$archiver = archiver_get_archiver($tarball);
} catch (Exception $e) {
// The file's not there (this is not part of the test).
$this->assertTrue(FALSE, $e);
return;
}
$extract_dir = file_directory_temp() . '/testArchiverTarball';
$caught_exception = FALSE;
try {
// Drupal's \ArchiverTar::extract() doesn't support symlinks, so we have
// to access the underlying Archive_Tar object.
$archiver->getArchive()
->extract($extract_dir, FALSE, TRUE);
} catch (Exception $e) {
$caught_exception = strpos($e->getMessage(), 'Out-of-path file extraction') !== FALSE;
}
$this->assertTrue($caught_exception, $message);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.