diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-04-15 20:45:46 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-04-15 20:45:46 +0000 |
| commit | bb62eec3ceb19212dec2ad988f73cae32a5af23f (patch) | |
| tree | 89b3a247f20fa51b9f970dedafc85e2d09a1eac4 /modules | |
| parent | 383f7e5721a69668a2f95b84649b7ff1770bc9f5 (diff) | |
| download | brdo-bb62eec3ceb19212dec2ad988f73cae32a5af23f.tar.gz brdo-bb62eec3ceb19212dec2ad988f73cae32a5af23f.tar.bz2 | |
#396224 - SA-CORE-2009-03 - Disallow nulls and slashes from file names in theme.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/simpletest/tests/theme.test | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/modules/simpletest/tests/theme.test b/modules/simpletest/tests/theme.test new file mode 100644 index 000000000..f63b51571 --- /dev/null +++ b/modules/simpletest/tests/theme.test @@ -0,0 +1,54 @@ +<?php +// $Id$ + +/** + * @file + * Tests for the theme API. + */ + +/** + * Unit tests for the theme API. + */ +class TemplateUnitTest extends DrupalWebTestCase { + function getInfo() { + return array( + 'name' => t('Theme API'), + 'description' => t('Test low-level theme template functions.'), + 'group' => t('Theme'), + ); + } + + /** + * Test function template_page_suggestions() for SA-CORE-2009-003. + */ + function testTemplateSuggestions() { + // Set the front page as something random otherwise the CLI + // test runner fails. + variable_set('site_frontpage', 'nobody-home'); + $args = array('node', '1', 'edit'); + $suggestions = template_page_suggestions($args); + $this->assertEqual($suggestions, array('page-node', 'page-node-1', 'page-node-edit'), t('Found expected node edit page template suggestions')); + // Check attack vectors. + $args = array('node', '\\1'); + $suggestions = template_page_suggestions($args); + $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\ from template suggestions')); + $args = array('node', '1/'); + $suggestions = template_page_suggestions($args); + $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid / from template suggestions')); + $args = array('node', "1\0"); + $suggestions = template_page_suggestions($args); + $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\0 from template suggestions')); + // Tests for drupal_discover_template() + $suggestions = array('page'); + $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Safe template discovered')); + $suggestions = array('page'); + $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions, '\\.tpl.php'), 'themes/garland/page.tpl.php', t('Unsafe extension fixed')); + $suggestions = array('page\\'); + $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Unsafe template suggestion fixed')); + $suggestions = array('page/'); + $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Unsafe template suggestion fixed')); + $suggestions = array("page\0"); + $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Unsafe template suggestion fixed')); + } + +} |