Project

General

Profile

Bug #22651 » 14389-phtml-fileext_v2_4-3.patch

Administrator Admin, 2010-05-20 15:57

View differences:

tests/core/core_constants_testcase.php (Revision 0)
<?php
/***************************************************************
* Copyright notice
*
* (c) 2010 Oliver Hader <oliver@typo3.org>
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
/**
* Test case for basic core related constants
*
* @author Oliver Hader <oliver@typo3.org>
*
* @package TYPO3
*/
class core_constants_testcase extends tx_phpunit_testcase {
/**
* Tests whether an accordant PHP extension is denied.
*
* @param string $phpExtension
* @dataProvider phpExtensionsDataProvider
* @test
*/
public function doesFileDenyPatternMatchesPhpExtension($phpExtension) {
$this->assertGreaterThan(0, preg_match('/' . FILE_DENY_PATTERN_DEFAULT . '/', $phpExtension), $phpExtension);
}
/**
* Data provider for 'doesFileDenyPatternProtectPhpExtension' test case.
*
* @return array
*/
public function phpExtensionsDataProvider() {
$fileName = uniqid('filename');
$data = array();
$phpExtensions = t3lib_div::trimExplode(',', PHP_EXTENSIONS_DEFAULT, TRUE);
foreach ($phpExtensions as $extension) {
$data[] = array($fileName . '.' . $extension);
$data[] = array($fileName . '.' . $extension . '.txt');
}
return $data;
}
}
?>
t3lib/config_default.php (Arbeitskopie)
if (!defined ('PATH_typo3conf')) die ('The configuration path was not properly defined!');
//Security related constant: Default value of fileDenyPattern
define('FILE_DENY_PATTERN_DEFAULT', '\.php[3-6]?(\..*)?$|^\.htaccess$');
define('FILE_DENY_PATTERN_DEFAULT', '\.(php[3-6]?|phpsh|phtml|inc)(\..*)?$|^\.htaccess$');
//Security related constant: Comma separated list of file extensions that should be registered as php script file extensions
define('PHP_EXTENSIONS_DEFAULT', 'php,php3,php4,php5,php6,phpsh,inc');
define('PHP_EXTENSIONS_DEFAULT', 'php,php3,php4,php5,php6,phpsh,inc,phtml');
$TYPO3_CONF_VARS = array(
'GFX' => array( // Configuration of the image processing features in TYPO3. 'IM' and 'GD' are short for ImageMagick and GD library respectively.
(4-4/12)