|
|
@@ -1156,17 +1156,30 @@ class ResponseTest extends TestCase
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
- * test file with ..
|
|
|
+ * test file with ../
|
|
|
*
|
|
|
* @expectedException \Cake\Network\Exception\NotFoundException
|
|
|
* @expectedExceptionMessage The requested file contains `..` and will not be read.
|
|
|
* @return void
|
|
|
*/
|
|
|
- public function testFileWithPathTraversal()
|
|
|
+ public function testFileWithForwardSlashPathTraversal()
|
|
|
{
|
|
|
$response = new Response();
|
|
|
$response->file('my/../cat.gif');
|
|
|
}
|
|
|
+
|
|
|
+ /**
|
|
|
+ * test file with ..\
|
|
|
+ *
|
|
|
+ * @expectedException \Cake\Network\Exception\NotFoundException
|
|
|
+ * @expectedExceptionMessage The requested file contains `..` and will not be read.
|
|
|
+ * @return void
|
|
|
+ */
|
|
|
+ public function testFileWithBackwardSlashPathTraversal() {
|
|
|
+ $response = new Response();
|
|
|
+ $response->file('my\..\cat.gif');
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* test file with ..
|
|
|
*
|
|
|
@@ -1174,13 +1187,26 @@ class ResponseTest extends TestCase
|
|
|
* @expectedExceptionMessage my/ca..t.gif was not found or not readable
|
|
|
* @return void
|
|
|
*/
|
|
|
- public function testFileWithDotIntheName()
|
|
|
+ public function testFileWithDotsInTheFilename()
|
|
|
{
|
|
|
$response = new Response();
|
|
|
$response->file('my/ca..t.gif');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
+ * test file with .. in a path fragment
|
|
|
+ *
|
|
|
+ * @expectedException \Cake\Network\Exception\NotFoundException
|
|
|
+ * @expectedExceptionMessage my/ca..t/image.gif was not found or not readable
|
|
|
+ * @return void
|
|
|
+ */
|
|
|
+ public function testFileWithDotsInAPathFragment()
|
|
|
+ {
|
|
|
+ $response = new Response();
|
|
|
+ $response->file('my/ca..t/image.gif');
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
* testFile method
|
|
|
*
|
|
|
* @return void
|
Mark Story