Example #1
0
 public function test_absolutePathAttack()
 {
     clearstatcache();
     $extractDir = PIWIK_USER_PATH . '/tmp/latest/';
     $test = 'zaabs';
     $filename = dirname(__FILE__) . '/Unzip/' . $test . '.zip';
     if (class_exists('ZipArchive', false)) {
         $unzip = new Piwik_Unzip_ZipArchive($filename);
         $res = $unzip->extract($extractDir);
         $this->assertEqual($res, 0);
         $this->assertFalse(file_exists($extractDir . $test . '.txt'));
         $this->assertFalse(file_exists(dirname(__FILE__) . '/' . $test . '.txt'));
     }
     $unzip = new Piwik_Unzip_PclZip($filename);
     $res = $unzip->extract($extractDir);
     $this->assertEqual($res, 0);
     $this->assertFalse(file_exists($extractDir . $test . '.txt'));
     $this->assertFalse(file_exists(dirname(__FILE__) . '/' . $test . '.txt'));
 }
Example #2
0
 /**
  * @group Core
  * @group Unzip
  */
 public function testUnzipInvalidFile2()
 {
     clearstatcache();
     $extractDir = PIWIK_USER_PATH . '/tmp/latest/';
     $filename = dirname(__FILE__) . '/Unzip/NotExisting.zip';
     $unzip = new Piwik_Unzip_PclZip($filename);
     $res = $unzip->extract($extractDir);
     $this->assertEquals(0, $res);
     $this->assertContains('PCLZIP_ERR_MISSING_FILE', $unzip->errorInfo());
 }