xref: /PHP-8.4/ext/xsl/tests/bug54446.phpt (revision 74859783)
1--TEST--
2Bug #54446 (Arbitrary file creation via libxslt 'output' extension)
3--EXTENSIONS--
4xsl
5--FILE--
6<?php
7include("prepare.inc");
8
9$outputfile = __DIR__."/bug54446test.txt";
10if (file_exists($outputfile)) {
11    unlink($outputfile);
12}
13
14$sXsl = <<<EOT
15<xsl:stylesheet version="1.0"
16    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
17    xmlns:sax="http://icl.com/saxon"
18    extension-element-prefixes="sax">
19
20    <xsl:template match="/">
21        <sax:output href="$outputfile" method="text">
22            <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
23        </sax:output>
24    </xsl:template>
25
26</xsl:stylesheet>
27EOT;
28
29$xsl->loadXML( $sXsl );
30
31# START XSLT
32$proc->importStylesheet( $xsl );
33
34# TRASNFORM & PRINT
35print $proc->transformToXML( $dom );
36
37
38if (file_exists($outputfile)) {
39    print "$outputfile exists, but shouldn't!\n";
40} else {
41    print "OK, no file created\n";
42}
43
44#SET NO SECURITY PREFS
45$proc->setSecurityPrefs(XSL_SECPREF_NONE);
46
47# TRASNFORM & PRINT
48print $proc->transformToXML( $dom );
49
50
51if (file_exists($outputfile)) {
52    print "OK, file exists\n";
53} else {
54    print "$outputfile doesn't exist, but should!\n";
55}
56
57unlink($outputfile);
58
59#SET SECURITY PREFS AGAIN
60$proc->setSecurityPrefs( XSL_SECPREF_WRITE_FILE |  XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
61
62# TRASNFORM & PRINT
63print $proc->transformToXML( $dom );
64
65if (file_exists($outputfile)) {
66    print "$outputfile exists, but shouldn't!\n";
67} else {
68    print "OK, no file created\n";
69}
70?>
71--EXPECTF--
72Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
73
74Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %d
75
76Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
77
78Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
79OK, no file created
80OK, file exists
81
82Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
83
84Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %d
85
86Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
87
88Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
89OK, no file created
90--CREDITS--
91Christian Stocker, chregu@php.net
92