httpd-test-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-test/perl-framework/t/php safemode.t
Date Tue, 19 Oct 2004 15:02:26 GMT
jorton      2004/10/19 08:02:26

  Modified:    perl-framework/t/conf extra.conf.in
  Added:       perl-framework/t/htdocs/php/safemode badenv.php hello.txt
                        protected.php putenv.php readfile.php readpass.php
                        system.php
               perl-framework/t/htdocs/php/safemode/error mail.php
               perl-framework/t/htdocs/php/safemode/noexec system.php
               perl-framework/t/htdocs/php/safemode/nofile readfile.php
               perl-framework/t/php safemode.t
  Log:
  Add tests for PHP safe mode.
  
  Revision  Changes    Path
  1.55      +24 -0     httpd-test/perl-framework/t/conf/extra.conf.in
  
  Index: extra.conf.in
  ===================================================================
  RCS file: /home/cvs/httpd-test/perl-framework/t/conf/extra.conf.in,v
  retrieving revision 1.54
  retrieving revision 1.55
  diff -d -w -u -r1.54 -r1.55
  --- extra.conf.in	15 Oct 2004 16:19:58 -0000	1.54
  +++ extra.conf.in	19 Oct 2004 15:02:25 -0000	1.55
  @@ -48,6 +48,30 @@
       </IfModule>
   </IfDefine>
   
  +<IfModule @PHP_MODULE@>
  +    <Directory @SERVERROOT@/htdocs/php/safemode>
  +        php_admin_value safe_mode 1
  +        php_admin_value safe_mode_exec_dir /usr/bin
  +        php_admin_value open_basedir @SERVERROOT@
  +        php_admin_value display_errors 0
  +        php_admin_value log_errors 1
  +        php_admin_value safe_mode_allowed_env_vars FOO_
  +        php_admin_value safe_mode_protected_env_vars FOO_FEE
  +    </Directory>
  +
  +    <Directory @SERVERROOT@/htdocs/php/safemode/noexec>
  +        php_admin_value safe_mode_exec_dir /tmp
  +    </Directory>
  +
  +    <Directory @SERVERROOT@/htdocs/php/safemode/nofile>
  +        php_admin_value open_basedir @SERVERROOT@/htdocs/php/safemode/nofile
  +    </Directory>
  +
  +    <Directory @SERVERROOT@/htdocs/php/safemode/error>
  +        php_admin_value display_errors 1
  +    </Directory>
  +</IfModule>
  +
   ##
   ## mod_expires test config
   ##
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/badenv.php
  
  Index: badenv.php
  ===================================================================
  <?php putenv("FISH=HelloWorld");
  echo getenv("FISH"); ?>
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/hello.txt
  
  Index: hello.txt
  ===================================================================
  This is Content.
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/protected.php
  
  Index: protected.php
  ===================================================================
  <?php putenv("FOO_FEE=HelloWorld");
  echo getenv("FOO_FEE"); ?>
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/putenv.php
  
  Index: putenv.php
  ===================================================================
  <?php putenv("FOO_BAR=HelloWorld");
  echo getenv("FOO_BAR"); ?>
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/readfile.php
  
  Index: readfile.php
  ===================================================================
  <?php readfile("hello.txt"); ?>
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/readpass.php
  
  Index: readpass.php
  ===================================================================
  <?php readfile("/etc/passwd"); ?>
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/system.php
  
  Index: system.php
  ===================================================================
  <?php system("printf 'Hello World'"); ?>
  
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/error/mail.php
  
  Index: mail.php
  ===================================================================
  <?php
  // fix for CAN-2002-0985: mail() must reject 5th argument in safe mode
  if (mail("root@localhost", "httpd-test PHP mail", 
  	 "test mail from httpd-test", "", "-C/etc/passwd")) {
  	print("FAIL");
  } else {
  	print("OK");
  }
  ?>
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/noexec/system.php
  
  Index: system.php
  ===================================================================
  <?php system("/bin/ls /"); ?>
  
  
  
  1.1                  httpd-test/perl-framework/t/htdocs/php/safemode/nofile/readfile.php
  
  Index: readfile.php
  ===================================================================
  <?php readfile("../hello.txt"); ?>
  
  
  1.1                  httpd-test/perl-framework/t/php/safemode.t
  
  Index: safemode.t
  ===================================================================
  use strict;
  use warnings FATAL => 'all';
  
  use Apache::Test;
  use Apache::TestRequest;
  use Apache::TestUtil;
  
  plan tests => 9, have_php;
  
  ok t_cmp(GET_BODY("/php/safemode/system.php"),
           "Hello World\n");
  
  ok t_cmp(GET_BODY("/php/safemode/putenv.php"), 
           "HelloWorld",
           "testing for unrestricted envvar access");
  
  ok t_cmp(GET_BODY("/php/safemode/badenv.php"), "",
           "testing for restricted envvar access");
  
  ok t_cmp(GET_BODY("/php/safemode/protected.php"),
           "", 
           "testing for explicitly restricted envvar access");
  
  if (-r "/etc/passwd") {
      ok t_cmp(GET_BODY("/php/safemode/readpass.php"),
               "",
               "testing that open_basedir is respected");
  } else {
      skip "Can't test inability to read /etc/passwd", 1;
  }
  
  ok t_cmp(GET_BODY("/php/safemode/readfile.php"), 
           "This is Content.\n",
           "testing that readfile is not restricted");
  
  ok t_cmp(GET_BODY("/php/safemode/nofile/readfile.php"),
           "", "testing that open_basedir is respected");
  
  ok t_cmp(GET_BODY("/php/safemode/noexec/system.php"),
           "", "testing that system() is restricted");
  
  ok t_cmp(GET_BODY("/php/safemode/error/mail.php"),
           qr/Warning.*SAFE MODE.*OK/s,
           "testing that the fifth parameter to mail() is restricted");
  
  
  
  

Mime
View raw message