MAGETWO-92160: Log File Validation

Oleksandr Gorkun · Oleksandr Gorkun · commit 43d3a0ff98ef · 2018-08-16T15:27:50.000+03:00
diff --git a/dev/tests/functional/utils/log.php b/dev/tests/functional/utils/log.php
@@ -5,10 +5,13 @@
  */
 
 if (!isset($_GET['name'])) {
-    throw new \InvalidArgumentException('The name of log file is required for getting logs.');
+    throw new \InvalidArgumentException(
+        'The name of log file is required for getting logs.'
+    );
 }
-
 $name = urldecode($_GET['name']);
-$file = file_get_contents('../../../../var/log/' . $name);
+if (preg_match('/\.\.(\\\|\/)/', $name)) {
+    throw new \InvalidArgumentException('Invalid log file name');
+}
 
-echo serialize($file);
+echo serialize(file_get_contents('../../../../var/log' .'/' .$name));
