aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorPaweł Sroka <srokap@gmail.com>2013-07-23 08:28:30 +0200
committerPaweł Sroka <srokap@gmail.com>2013-11-04 03:34:21 +0100
commit6eec301f33ff3e618d591d429de7edf30277e972 (patch)
treea9cdbe1325bfb70cd31f8e05b744a5c521b2d5c7 /engine
parentd53447f7e6b3277f3249d9a70e56ec01a90c3a60 (diff)
downloadelgg-6eec301f33ff3e618d591d429de7edf30277e972.tar.gz
elgg-6eec301f33ff3e618d591d429de7edf30277e972.tar.bz2
Enhanced test
Diffstat (limited to 'engine')
-rw-r--r--engine/tests/regression/trac_bugs.php16
1 files changed, 15 insertions, 1 deletions
diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php
index e6773c8af..ea39253df 100644
--- a/engine/tests/regression/trac_bugs.php
+++ b/engine/tests/regression/trac_bugs.php
@@ -375,12 +375,26 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
}
public function test_ElggXMLElement_does_not_load_external_entities() {
+ $elLast = libxml_disable_entity_loader(false);
+
$payload = file_get_contents(dirname(dirname(__FILE__)) . '/test_files/xxe/request.xml');
- $payload = sprintf($payload, 'file://' . realpath(dirname(dirname(__FILE__)) . '/test_files/xxe/external_entity.txt'));
+ $path = realpath(dirname(dirname(__FILE__)) . '/test_files/xxe/external_entity.txt');
+ $path = str_replace('\\', '/', $path);
+ if ($path[0] != '/') {
+ $path = '/' . $path;
+ }
+ $path = 'file://' . $path;
+ $payload = sprintf($payload, $path);
$el = new ElggXMLElement($payload);
$chidren = $el->getChildren();
$content = $chidren[0]->getContent();
$this->assertNoPattern('/secret/', $content);
+
+ //make sure the test is valid
+ $element = new SimpleXMLElement($payload);
+ $this->assertPattern('/secret/', (string)$element->methodName);
+
+ libxml_disable_entity_loader($elLast);
}
}