Added testing to cover work done in last commit
Relevant to comments in 7224fbcc89
.
Added test cases. Ensured they failed pre-commit.
Also tested a range of the altered endpoints manually on both local and
s3-like filesystems.
This commit is contained in:
parent
7224fbcc89
commit
41541df6ec
1 changed files with 28 additions and 0 deletions
|
@ -229,6 +229,34 @@ class ExportTest extends TestCase
|
|||
$resp->assertSee('src="/uploads/svg_test.svg"');
|
||||
}
|
||||
|
||||
public function test_page_export_contained_html_does_not_allow_upward_traversal_with_local()
|
||||
{
|
||||
$contents = file_get_contents(public_path('.htaccess'));
|
||||
config()->set('filesystems.images', 'local');
|
||||
|
||||
$page = Page::query()->first();
|
||||
$page->html = '<img src="http://localhost/uploads/images/../../.htaccess"/>';
|
||||
$page->save();
|
||||
|
||||
$resp = $this->asEditor()->get($page->getUrl('/export/html'));
|
||||
$resp->assertDontSee(base64_encode($contents));
|
||||
}
|
||||
|
||||
public function test_page_export_contained_html_does_not_allow_upward_traversal_with_local_secure()
|
||||
{
|
||||
$testFilePath = storage_path('logs/test.txt');
|
||||
config()->set('filesystems.images', 'local_secure');
|
||||
file_put_contents($testFilePath, 'I am a cat');
|
||||
|
||||
$page = Page::query()->first();
|
||||
$page->html = '<img src="http://localhost/uploads/images/../../logs/test.txt"/>';
|
||||
$page->save();
|
||||
|
||||
$resp = $this->asEditor()->get($page->getUrl('/export/html'));
|
||||
$resp->assertDontSee(base64_encode('I am a cat'));
|
||||
unlink($testFilePath);
|
||||
}
|
||||
|
||||
public function test_exports_removes_scripts_from_custom_head()
|
||||
{
|
||||
$entities = [
|
||||
|
|
Loading…
Reference in a new issue