xref: /PHP-8.0/ext/phar/tests/bug65414.phpt (revision d806d031)
1--TEST--
2Bug #65414 Injection (A1) in .phar files magic .phar directory
3--SKIPIF--
4<?php if (!extension_loaded("phar")) die("skip"); ?>
5--INI--
6phar.readonly = 0
7--FILE--
8<?php
9$phar = new \Phar(__DIR__ . '/bug65414.phar', 0, 'bug65414.phar');
10$bads = [
11    '.phar/injected-1.txt',
12    '/.phar/injected-2.txt',
13    '//.phar/injected-3.txt',
14    '/.phar/',
15];
16foreach ($bads as $bad) {
17    echo $bad . ':';
18    try {
19        $phar->addFromString($bad, 'this content is injected');
20        echo 'Failed to throw expected exception';
21    } catch (BadMethodCallException $ex) {
22        echo $ex->getMessage() . PHP_EOL;
23    }
24}
25echo 'done' . PHP_EOL;
26?>
27--CLEAN--
28<?php
29unlink(__DIR__ . '/bug65414.phar');
30?>
31--EXPECT--
32.phar/injected-1.txt:Cannot create any files in magic ".phar" directory
33/.phar/injected-2.txt:Cannot create any files in magic ".phar" directory
34//.phar/injected-3.txt:Entry //.phar/injected-3.txt does not exist and cannot be created: phar error: invalid path "//.phar/injected-3.txt" contains double slash
35/.phar/:Cannot create any files in magic ".phar" directory
36done
37