diff options
author | Paweł Sroka <srokap@gmail.com> | 2013-07-23 08:28:30 +0200 |
---|---|---|
committer | Paweł Sroka <srokap@gmail.com> | 2013-11-04 03:34:21 +0100 |
commit | 6eec301f33ff3e618d591d429de7edf30277e972 (patch) | |
tree | a9cdbe1325bfb70cd31f8e05b744a5c521b2d5c7 /engine | |
parent | d53447f7e6b3277f3249d9a70e56ec01a90c3a60 (diff) | |
download | elgg-6eec301f33ff3e618d591d429de7edf30277e972.tar.gz elgg-6eec301f33ff3e618d591d429de7edf30277e972.tar.bz2 |
Enhanced test
Diffstat (limited to 'engine')
-rw-r--r-- | engine/tests/regression/trac_bugs.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index e6773c8af..ea39253df 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -375,12 +375,26 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { } public function test_ElggXMLElement_does_not_load_external_entities() { + $elLast = libxml_disable_entity_loader(false); + $payload = file_get_contents(dirname(dirname(__FILE__)) . '/test_files/xxe/request.xml'); - $payload = sprintf($payload, 'file://' . realpath(dirname(dirname(__FILE__)) . '/test_files/xxe/external_entity.txt')); + $path = realpath(dirname(dirname(__FILE__)) . '/test_files/xxe/external_entity.txt'); + $path = str_replace('\\', '/', $path); + if ($path[0] != '/') { + $path = '/' . $path; + } + $path = 'file://' . $path; + $payload = sprintf($payload, $path);
$el = new ElggXMLElement($payload); $chidren = $el->getChildren(); $content = $chidren[0]->getContent(); $this->assertNoPattern('/secret/', $content); + + //make sure the test is valid + $element = new SimpleXMLElement($payload); + $this->assertPattern('/secret/', (string)$element->methodName); + + libxml_disable_entity_loader($elLast); } } |