77 */
88namespace Magento \Framework \Filesystem \Directory ;
99
10+ use Magento \Framework \Exception \ValidatorException ;
1011use Magento \TestFramework \Helper \Bootstrap ;
1112
1213/**
@@ -34,13 +35,66 @@ public function testGetAbsolutePath()
3435 $ this assertContains ('_files/foo/bar ' , $ dirgetAbsolutePath ('bar ' ));
3536 }
3637
38+ public function testGetAbsolutePathOutside ()
39+ {
40+ $ exceptions0 ;
41+ $ dir$ this getDirectoryInstance ('foo ' );
42+ try {
43+ $ dirgetAbsolutePath ('../../Directory/ReadTest.php ' );
44+ } catch (ValidatorException $ exception
45+ $ exceptions
46+ }
47+ try {
48+ $ dirgetAbsolutePath ('//./..///../Directory/ReadTest.php ' );
49+ } catch (ValidatorException $ exception
50+ $ exceptions
51+ }
52+ try {
53+ $ dirgetAbsolutePath ('\..\..\Directory\ReadTest.php ' );
54+ } catch (ValidatorException $ exception
55+ $ exceptions
56+ }
57+ $ this assertEquals (3 , $ exceptions
58+ }
59+
3760 public function testGetRelativePath ()
3861 {
3962 $ dir$ this getDirectoryInstance ('foo ' );
63+ $ this assertEquals (
64+ 'file_three.txt ' ,
65+ $ dirgetRelativePath ('file_three.txt ' )
66+ );
4067 $ this assertEquals ('' , $ dirgetRelativePath ());
4168 $ this assertEquals ('bar ' , $ dirgetRelativePath (__DIR__ . '/../_files/foo/bar ' ));
4269 }
4370
71+ public function testGetRelativePathOutside ()
72+ {
73+ $ exceptions0 ;
74+ $ dir$ this getDirectoryInstance ('foo ' );
75+ try {
76+ $ dirgetRelativePath (__DIR__ .'/ReadTest.php ' );
77+ } catch (ValidatorException $ exception
78+ $ exceptions
79+ }
80+ try {
81+ $ dirgetRelativePath (__DIR__ .'//./..////Directory/ReadTest.php ' );
82+ } catch (ValidatorException $ exception
83+ $ exceptions
84+ }
85+ try {
86+ $ dirgetRelativePath (__DIR__ .'\..\Directory\ReadTest.php ' );
87+ } catch (ValidatorException $ exception
88+ $ exceptions
89+ }
90+ try {
91+ $ dirgetRelativePath ('../../Directory/ReadTest.php ' );
92+ } catch (ValidatorException $ exception
93+ $ exceptions
94+ }
95+ $ this assertEquals (4 , $ exceptions
96+ }
97+
4498 /**
4599 * Test for read method
46100 *
@@ -72,6 +126,28 @@ public function readProvider()
72126 ];
73127 }
74128
129+ public function testReadOutside ()
130+ {
131+ $ exceptions0 ;
132+ $ dir$ this getDirectoryInstance ('foo ' );
133+ try {
134+ $ dirread ('../../Directory/ReadTest.php ' );
135+ } catch (ValidatorException $ exception
136+ $ exceptions
137+ }
138+ try {
139+ $ dirread ('//./..///../Directory/ReadTest.php ' );
140+ } catch (ValidatorException $ exception
141+ $ exceptions
142+ }
143+ try {
144+ $ dirread ('\..\..\Directory\ReadTest.php ' );
145+ } catch (ValidatorException $ exception
146+ $ exceptions
147+ }
148+ $ this assertEquals (3 , $ exceptions
149+ }
150+
75151 /**
76152 * Test for search method
77153 *
@@ -103,6 +179,28 @@ public function searchProvider()
103179 ];
104180 }
105181
182+ public function testSearchOutside ()
183+ {
184+ $ exceptions0 ;
185+ $ dir$ this getDirectoryInstance ('foo ' );
186+ try {
187+ $ dirsearch ('/*/*.txt ' , '../../Directory/ReadTest.php ' );
188+ } catch (ValidatorException $ exception
189+ $ exceptions
190+ }
191+ try {
192+ $ dirsearch ('/*/*.txt ' , '//./..///../Directory/ReadTest.php ' );
193+ } catch (ValidatorException $ exception
194+ $ exceptions
195+ }
196+ try {
197+ $ dirsearch ('/*/*.txt ' , '\..\..\Directory\ReadTest.php ' );
198+ } catch (ValidatorException $ exception
199+ $ exceptions
200+ }
201+ $ this assertEquals (3 , $ exceptions
202+ }
203+
106204 /**
107205 * Test for isExist method
108206 *
@@ -127,6 +225,28 @@ public function existsProvider()
127225 return [['foo ' , 'bar ' , true ], ['foo ' , 'bar/baz/ ' , true ], ['foo ' , 'bar/notexists ' , false ]];
128226 }
129227
228+ public function testIsExistOutside ()
229+ {
230+ $ exceptions0 ;
231+ $ dir$ this getDirectoryInstance ('foo ' );
232+ try {
233+ $ dirisExist ('../../Directory/ReadTest.php ' );
234+ } catch (ValidatorException $ exception
235+ $ exceptions
236+ }
237+ try {
238+ $ dirisExist ('//./..///../Directory/ReadTest.php ' );
239+ } catch (ValidatorException $ exception
240+ $ exceptions
241+ }
242+ try {
243+ $ dirisExist ('\..\..\Directory\ReadTest.php ' );
244+ } catch (ValidatorException $ exception
245+ $ exceptions
246+ }
247+ $ this assertEquals (3 , $ exceptions
248+ }
249+
130250 /**
131251 * Test for stat method
132252 *
@@ -168,6 +288,28 @@ public function statProvider()
168288 return [['foo ' , 'bar ' ], ['foo ' , 'file_three.txt ' ]];
169289 }
170290
291+ public function testStatOutside ()
292+ {
293+ $ exceptions0 ;
294+ $ dir$ this getDirectoryInstance ('foo ' );
295+ try {
296+ $ dirstat ('bar/../../../Directory ' );
297+ } catch (ValidatorException $ exception
298+ $ exceptions
299+ }
300+ try {
301+ $ dirstat ('bar//./..///../../Directory ' );
302+ } catch (ValidatorException $ exception
303+ $ exceptions
304+ }
305+ try {
306+ $ dirstat ('bar\..\..\..\Directory ' );
307+ } catch (ValidatorException $ exception
308+ $ exceptions
309+ }
310+ $ this assertEquals (3 , $ exceptions
311+ }
312+
171313 /**
172314 * Test for isReadable method
173315 *
@@ -182,6 +324,28 @@ public function testIsReadable($dirPath, $path, $readable)
182324 $ this assertEquals ($ readable$ dirisReadable ($ path
183325 }
184326
327+ public function testIsReadableOutside ()
328+ {
329+ $ exceptions0 ;
330+ $ dir$ this getDirectoryInstance ('foo ' );
331+ try {
332+ $ dirisReadable ('../../Directory/ReadTest.php ' );
333+ } catch (ValidatorException $ exception
334+ $ exceptions
335+ }
336+ try {
337+ $ dirisReadable ('//./..///../Directory/ReadTest.php ' );
338+ } catch (ValidatorException $ exception
339+ $ exceptions
340+ }
341+ try {
342+ $ dirisReadable ('\..\..\Directory\ReadTest.php ' );
343+ } catch (ValidatorException $ exception
344+ $ exceptions
345+ }
346+ $ this assertEquals (3 , $ exceptions
347+ }
348+
185349 /**
186350 * Test for isFile method
187351 *
@@ -194,6 +358,28 @@ public function testIsFile($path, $isFile)
194358 $ this assertEquals ($ isFile$ this getDirectoryInstance ('foo ' )->isFile ($ path
195359 }
196360
361+ public function testIsFileOutside ()
362+ {
363+ $ exceptions0 ;
364+ $ dir$ this getDirectoryInstance ('foo ' );
365+ try {
366+ $ dirisFile ('../../Directory/ReadTest.php ' );
367+ } catch (ValidatorException $ exception
368+ $ exceptions
369+ }
370+ try {
371+ $ dirisFile ('//./..///../Directory/ReadTest.php ' );
372+ } catch (ValidatorException $ exception
373+ $ exceptions
374+ }
375+ try {
376+ $ dirisFile ('\..\..\Directory\ReadTest.php ' );
377+ } catch (ValidatorException $ exception
378+ $ exceptions
379+ }
380+ $ this assertEquals (3 , $ exceptions
381+ }
382+
197383 /**
198384 * Test for isDirectory method
199385 *
@@ -206,6 +392,28 @@ public function testIsDirectory($path, $isDirectory)
206392 $ this assertEquals ($ isDirectory$ this getDirectoryInstance ('foo ' )->isDirectory ($ path
207393 }
208394
395+ public function testIsDirectoryOutside ()
396+ {
397+ $ exceptions0 ;
398+ $ dir$ this getDirectoryInstance ('foo ' );
399+ try {
400+ $ dirisDirectory ('../../Directory ' );
401+ } catch (ValidatorException $ exception
402+ $ exceptions
403+ }
404+ try {
405+ $ dirisDirectory ('//./..///../Directory/ReadTest.php ' );
406+ } catch (ValidatorException $ exception
407+ $ exceptions
408+ }
409+ try {
410+ $ dirisDirectory ('\..\..\Directory\ReadTest.php ' );
411+ } catch (ValidatorException $ exception
412+ $ exceptions
413+ }
414+ $ this assertEquals (3 , $ exceptions
415+ }
416+
209417 /**
210418 * Data provider for testIsReadable
211419 *
@@ -246,6 +454,28 @@ public function testOpenFile()
246454 $ this assertTrue ($ fileinstanceof \Magento \Framework \Filesystem \File \ReadInterface);
247455 }
248456
457+ public function testOpenFileOutside ()
458+ {
459+ $ exceptions0 ;
460+ $ dir$ this getDirectoryInstance ('foo ' );
461+ try {
462+ $ diropenFile ('../../Directory/ReadTest.php ' );
463+ } catch (ValidatorException $ exception
464+ $ exceptions
465+ }
466+ try {
467+ $ diropenFile ('//./..///../Directory/ReadTest.php ' );
468+ } catch (ValidatorException $ exception
469+ $ exceptions
470+ }
471+ try {
472+ $ diropenFile ('\..\..\Directory\ReadTest.php ' );
473+ } catch (ValidatorException $ exception
474+ $ exceptions
475+ }
476+ $ this assertEquals (3 , $ exceptions
477+ }
478+
249479 /**
250480 * Test readFile
251481 *
@@ -268,10 +498,35 @@ public function readFileProvider()
268498 {
269499 return [
270500 ['popup.csv ' , 'var myData = 5; ' ],
271- ['data.csv ' , '"field1", "field2" ' . "\n" . '"field3", "field4" ' . "\n" ]
501+ [
502+ 'data.csv ' ,
503+ '"field1", "field2" ' . PHP_EOL . '"field3", "field4" ' . PHP_EOL
504+ ]
272505 ];
273506 }
274507
508+ public function testReadFileOutside ()
509+ {
510+ $ exceptions0 ;
511+ $ dir$ this getDirectoryInstance ('foo ' );
512+ try {
513+ $ dirreadFile ('../../Directory/ReadTest.php ' );
514+ } catch (ValidatorException $ exception
515+ $ exceptions
516+ }
517+ try {
518+ $ dirreadFile ('//./..///../Directory/ReadTest.php ' );
519+ } catch (ValidatorException $ exception
520+ $ exceptions
521+ }
522+ try {
523+ $ dirreadFile ('\..\..\Directory\ReadTest.php ' );
524+ } catch (ValidatorException $ exception
525+ $ exceptions
526+ }
527+ $ this assertEquals (3 , $ exceptions
528+ }
529+
275530 /**
276531 * Get readable file instance
277532 * Get full path for files located in _files directory
@@ -301,4 +556,26 @@ public function testReadRecursively()
301556 sort ($ expected
302557 $ this assertEquals ($ expected$ actual
303558 }
559+
560+ public function testReadRecursivelyOutside ()
561+ {
562+ $ exceptions0 ;
563+ $ dir$ this getDirectoryInstance ('foo ' );
564+ try {
565+ $ dirreadRecursively ('../../Directory ' );
566+ } catch (ValidatorException $ exception
567+ $ exceptions
568+ }
569+ try {
570+ $ dirreadRecursively ('//./..///../Directory ' );
571+ } catch (ValidatorException $ exception
572+ $ exceptions
573+ }
574+ try {
575+ $ dirreadRecursively ('\..\..\Directory ' );
576+ } catch (ValidatorException $ exception
577+ $ exceptions
578+ }
579+ $ this assertEquals (3 , $ exceptions
580+ }
304581}
0 commit comments