‪TYPO3CMS  11.5
FilePathSanitizerTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Frontend\Tests\Unit\Resource;
19 
20 use ‪TYPO3\CMS\Core\Core\Environment;
21 use ‪TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
22 use ‪TYPO3\CMS\Core\Resource\Exception\InvalidFileException;
23 use ‪TYPO3\CMS\Core\Resource\Exception\InvalidFileNameException;
24 use ‪TYPO3\CMS\Frontend\Resource\FilePathSanitizer;
25 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
26 
30 class FilePathSanitizerTest extends UnitTestCase
31 {
32  protected $backupEnvironment = true;
33 
37  protected function simulateWebRequestInComposerMode(): void
38  {
39  $_SERVER['HTTP_HOST'] = 'localhost';
40  $_SERVER['SCRIPT_NAME'] = '/index.php';
41 
42  $fakePublicDir = ‪Environment::getProjectPath() . '/typo3temp';
43 
44  ‪Environment::initialize(
45  ‪Environment::getContext(),
46  false,
47  true,
48  ‪Environment::getProjectPath(),
49  $fakePublicDir,
50  ‪Environment::getVarPath(),
51  ‪Environment::getConfigPath(),
52  $fakePublicDir . '/index.php',
53  ‪Environment::isWindows() ? 'WINDOWS' : 'UNIX'
54  );
55  if (!is_file($fakePublicDir . '/index.php')) {
56  file_put_contents($fakePublicDir . '/index.php', '<?php');
57  }
58  $this->testFilesToDelete[] = $fakePublicDir . '/index.php';
59  }
60 
64  public function tryingToResolvePrivateResourcesFromComposerPackagesThrowsException(): void
65  {
66  $this->simulateWebRequestInComposerMode();
67  $this->expectException(InvalidFileException::class);
68  $subject = new FilePathSanitizer();
69  $subject->sanitize('EXT:frontend/Resources/Private/Templates/MainPage.html');
70  }
71 
75  public function settingSecondArgumentToFalseIsNotAllowed(): void
76  {
77  $this->expectException(\BadMethodCallException::class);
78  $subject = new FilePathSanitizer();
79  $subject->sanitize('anything', false);
80  }
81 
82  public static function publicAssetsInComposerModeResolvedCorrectlyDataProvider(): array
83  {
84  return [
85  'insecure URL returned as is' => [
86  'http://example.com',
87  'http://example.com',
88  ],
89  'secure URL returned as is' => [
90  'http://example.com',
91  'http://example.com',
92  ],
93  'insecure URL returned as is, regardless of second argument' => [
94  'http://example.com',
95  'http://example.com',
96  true,
97  ],
98  'secure URL returned as is, regardless of second argument' => [
99  'http://example.com',
100  'http://example.com',
101  true,
102  ],
103  'relative input within existing public path' => [
104  'index.php',
105  'index.php',
106  ],
107  'spaces are trimmed from input' => [
108  ' index.php ',
109  'index.php',
110  ],
111  'extension paths are resolved as is, when second argument is true' => [
112  'EXT:frontend/Resources/Private/Templates/MainPage.html',
113  'EXT:frontend/Resources/Private/Templates/MainPage.html',
114  true,
115  ],
116  'public extension assets resolved to published assets path' => [
117  'EXT:frontend/Resources/Public/Icons/Extension.svg',
118  '_assets/60fb7e6e5897b3717bf625a31c949978/Icons/Extension.svg',
119  ],
120  ];
121  }
122 
130  public function publicAssetsInComposerModeResolvedCorrectly(string $givenPathOrUrl, string $expectedPathOrUrl, ?bool $allowExtensionPath = null): void
131  {
132  $this->simulateWebRequestInComposerMode();
133  $subject = new FilePathSanitizer();
134  self::assertSame($expectedPathOrUrl, $subject->sanitize($givenPathOrUrl, $allowExtensionPath));
135  }
136 
137  public static function sanitizeCorrectlyResolvesPathsAndUrlsDataProvider(): array
138  {
139  return [
140  'insecure URL returned as is' => [
141  'http://example.com',
142  'http://example.com',
143  ],
144  'secure URL returned as is' => [
145  'http://example.com',
146  'http://example.com',
147  ],
148  'insecure URL returned as is, regardless of second argument' => [
149  'http://example.com',
150  'http://example.com',
151  true,
152  ],
153  'secure URL returned as is, regardless of second argument' => [
154  'http://example.com',
155  'http://example.com',
156  true,
157  ],
158  'relative input within existing public path' => [
159  'typo3/index.php',
160  'typo3/index.php',
161  ],
162  'spaces are trimmed from input' => [
163  ' typo3/index.php ',
164  'typo3/index.php',
165  ],
166  'extension paths are resolved as is, when second argument is true' => [
167  'EXT:frontend/Resources/Private/Templates/MainPage.html',
168  'EXT:frontend/Resources/Private/Templates/MainPage.html',
169  true,
170  ],
171  'absolute paths are made relative, even when second argument is true' => [
172  ‪Environment::getFrameworkBasePath() . '/frontend/Resources/Private/Templates/MainPage.html',
173  'typo3/sysext/frontend/Resources/Private/Templates/MainPage.html',
174  true,
175  ],
176  ];
177  }
178 
186  public function sanitizeCorrectlyResolvesPathsAndUrls(string $givenPathOrUrl, string $expectedPathOrUrl, ?bool $allowExtensionPath = null): void
187  {
188  $subject = new FilePathSanitizer();
189  self::assertSame($expectedPathOrUrl, $subject->sanitize($givenPathOrUrl, $allowExtensionPath));
190  }
191 
195  public function sanitizeFailsIfDirectoryGiven(): void
196  {
197  $this->expectException(FileDoesNotExistException::class);
198  $subject = new FilePathSanitizer();
199  $subject->sanitize(__DIR__);
200  }
201 
205  public function sanitizeThrowsExceptionWithInvalidFileName(): void
206  {
207  $this->expectException(InvalidFileNameException::class);
208  self::assertNull((new FilePathSanitizer())->sanitize(' '));
209  self::assertNull((new FilePathSanitizer())->sanitize('something/../else'));
210  }
211 }
‪TYPO3\CMS\Frontend\Resource\FilePathSanitizer
Definition: FilePathSanitizer.php:39
‪TYPO3\CMS\Core\Core\Environment\isWindows
‪static bool isWindows()
Definition: Environment.php:318
‪TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException
Definition: FileDoesNotExistException.php:21
‪TYPO3\CMS\Core\Core\Environment\getFrameworkBasePath
‪static string getFrameworkBasePath()
Definition: Environment.php:287
‪TYPO3\CMS\Core\Core\Environment\getContext
‪static ApplicationContext getContext()
Definition: Environment.php:141
‪TYPO3\CMS\Frontend\Tests\Unit\Resource
Definition: FilePathSanitizerTest.php:18
‪TYPO3\CMS\Core\Core\Environment\getProjectPath
‪static string getProjectPath()
Definition: Environment.php:177
‪TYPO3\CMS\Core\Resource\Exception\InvalidFileException
Definition: InvalidFileException.php:23
‪TYPO3\CMS\Core\Core\Environment\initialize
‪static initialize(ApplicationContext $context, bool $cli, bool $composerMode, string $projectPath, string $publicPath, string $varPath, string $configPath, string $currentScript, string $os)
Definition: Environment.php:111
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:43
‪TYPO3\CMS\Core\Core\Environment\getConfigPath
‪static string getConfigPath()
Definition: Environment.php:236
‪TYPO3\CMS\Core\Resource\Exception\InvalidFileNameException
Definition: InvalidFileNameException.php:23
‪TYPO3\CMS\Core\Core\Environment\getVarPath
‪static string getVarPath()
Definition: Environment.php:218