xref: /PHP-8.0/ext/xsl/tests/bug54446.phpt (revision 7aacc705) 
1--TEST--
2Bug #54446 (Arbitrary file creation via libxslt 'output' extension)
3--SKIPIF--
4<?php
5if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
6?>
7--FILE--
8<?php
9include("prepare.inc");
10
11$outputfile = __DIR__."/bug54446test.txt";
12if (file_exists($outputfile)) {
13    unlink($outputfile);
14}
15
16$sXsl = <<<EOT
17<xsl:stylesheet version="1.0"
18    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
19    xmlns:sax="http://icl.com/saxon"
20    extension-element-prefixes="sax">
21
22    <xsl:template match="/">
23        <sax:output href="$outputfile" method="text">
24            <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
25        </sax:output>
26    </xsl:template>
27
28</xsl:stylesheet>
29EOT;
30
31$xsl->loadXML( $sXsl );
32
33# START XSLT
34$proc->importStylesheet( $xsl );
35
36# TRASNFORM & PRINT
37print $proc->transformToXML( $dom );
38
39
40if (file_exists($outputfile)) {
41    print "$outputfile exists, but shouldn't!\n";
42} else {
43    print "OK, no file created\n";
44}
45
46#SET NO SECURITY PREFS
47$proc->setSecurityPrefs(XSL_SECPREF_NONE);
48
49# TRASNFORM & PRINT
50print $proc->transformToXML( $dom );
51
52
53if (file_exists($outputfile)) {
54    print "OK, file exists\n";
55} else {
56    print "$outputfile doesn't exist, but should!\n";
57}
58
59unlink($outputfile);
60
61#SET SECURITY PREFS AGAIN
62$proc->setSecurityPrefs( XSL_SECPREF_WRITE_FILE |  XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
63
64# TRASNFORM & PRINT
65print $proc->transformToXML( $dom );
66
67if (file_exists($outputfile)) {
68    print "$outputfile exists, but shouldn't!\n";
69} else {
70    print "OK, no file created\n";
71}
72?>
73--EXPECTF--
74Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
75
76Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %d
77
78Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
79
80Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
81OK, no file created
82OK, file exists
83
84Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
85
86Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %d
87
88Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
89
90Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
91OK, no file created
92--CREDITS--
93Christian Stocker, chregu@php.net
94