From bb62eec3ceb19212dec2ad988f73cae32a5af23f Mon Sep 17 00:00:00 2001
From: Angie Byron <webchick@24967.no-reply.drupal.org>
Date: Wed, 15 Apr 2009 20:45:46 +0000
Subject: #396224 - SA-CORE-2009-03 - Disallow nulls and slashes from file
 names in theme.

---
 modules/simpletest/tests/theme.test | 54 +++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 modules/simpletest/tests/theme.test

(limited to 'modules')

diff --git a/modules/simpletest/tests/theme.test b/modules/simpletest/tests/theme.test
new file mode 100644
index 000000000..f63b51571
--- /dev/null
+++ b/modules/simpletest/tests/theme.test
@@ -0,0 +1,54 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * Tests for the theme API.
+ */
+
+/**
+ * Unit tests for the theme API.
+ */
+class TemplateUnitTest extends DrupalWebTestCase {
+  function getInfo() {
+    return array(
+      'name' => t('Theme API'),
+      'description' => t('Test low-level theme template functions.'),
+      'group' => t('Theme'),
+    );
+  }
+
+  /**
+   * Test function template_page_suggestions() for SA-CORE-2009-003.
+   */
+  function testTemplateSuggestions() {
+    // Set the front page as something random otherwise the CLI
+    // test runner fails.
+    variable_set('site_frontpage', 'nobody-home');
+    $args = array('node', '1', 'edit');
+    $suggestions = template_page_suggestions($args);
+    $this->assertEqual($suggestions, array('page-node', 'page-node-1', 'page-node-edit'), t('Found expected node edit page template suggestions'));
+    // Check attack vectors.
+    $args = array('node', '\\1');
+    $suggestions = template_page_suggestions($args);
+    $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\ from template suggestions'));
+    $args = array('node', '1/');
+    $suggestions = template_page_suggestions($args);
+    $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid / from template suggestions'));
+    $args = array('node', "1\0");
+    $suggestions = template_page_suggestions($args);
+    $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\0 from template suggestions'));
+    // Tests for drupal_discover_template()
+    $suggestions = array('page');
+    $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Safe template discovered'));
+    $suggestions = array('page');
+    $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions, '\\.tpl.php'), 'themes/garland/page.tpl.php', t('Unsafe extension fixed'));
+    $suggestions = array('page\\');
+    $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Unsafe template suggestion fixed'));
+    $suggestions = array('page/');
+    $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Unsafe template suggestion fixed'));
+    $suggestions = array("page\0");
+    $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Unsafe template suggestion fixed'));
+  }
+
+}
-- 
cgit v1.2.3