if (!$upload->confirm_upload() || strtolower(pathinfo($upload->get_stored_file_name(), PATHINFO_EXTENSION)) != 'zip' || !$upload->final_move($upload->get_stored_file_name())) {
unlinkTempFiles();
sugar_die("Invalid Package");
} else {
$tempFile = "upload://" . $upload->get_stored_file_name();
$perform = true;
$base_filename = urldecode($_REQUEST['upgrade_zip_escaped']);
}
}
}
if ($perform) {
$manifest_file = extractManifest($tempFile);
if (is_file($manifest_file)) {
//SCAN THE MANIFEST FILE TO MAKE SURE NO COPIES OR ANYTHING ARE HAPPENING IN IT
$ms = new ModuleScanner();
$fileIssues = $ms->scanFile($manifest_file);
if (!empty($fileIssues)) {
echo '<h2>' . $mod_strings['ML_MANIFEST_ISSUE'] . '</h2><br>';
$ms->displayIssues();
die;
}
require_once $manifest_file;
validate_manifest($manifest);
$upgrade_zip_type = $manifest['type'];
// exclude the bad permutations
if ($view == "module") {
if ($upgrade_zip_type != "module" && $upgrade_zip_type != "theme" && $upgrade_zip_type != "langpack") {
unlinkTempFiles();
die($mod_strings['ERR_UW_NOT_ACCEPTIBLE_TYPE']);
}
} elseif ($view == "default") {
public function testCallMethodDoubleColonFail()
{
$fileModContents = <<<EOQ
<?PHP
//doesnt matter what the class name is, what matters is use of the banned method, setlevel
\t\$GlobalLoggerClass::setLevel();
?>
EOQ;
file_put_contents($this->fileLoc, $fileModContents);
$ms = new ModuleScanner();
$errors = $ms->scanFile($this->fileLoc);
$this->assertNotEmpty($errors, 'There should have been an error caught for use of "::setLevel()');
}
public function testCallUserFunctionFail()
{
$fileModContents = <<<EOQ
<?PHP
\tcall_user_func("sugar_file_put_contents", "test2.php", "test");
?>
EOQ;
file_put_contents($this->fileLoc, $fileModContents);
$ms = new ModuleScanner();
$errors = $ms->scanFile($this->fileLoc);
$this->assertTrue(!empty($errors));
}
