jorton 2004/10/19 08:02:26
Modified: perl-framework/t/conf extra.conf.in Added: perl-framework/t/htdocs/php/safemode badenv.php hello.txt protected.php putenv.php readfile.php readpass.php system.php perl-framework/t/htdocs/php/safemode/error mail.php perl-framework/t/htdocs/php/safemode/noexec system.php perl-framework/t/htdocs/php/safemode/nofile readfile.php perl-framework/t/php safemode.t Log: Add tests for PHP safe mode. Revision Changes Path 1.55 +24 -0 httpd-test/perl-framework/t/conf/extra.conf.in Index: extra.conf.in =================================================================== RCS file: /home/cvs/httpd-test/perl-framework/t/conf/extra.conf.in,v retrieving revision 1.54 retrieving revision 1.55 diff -d -w -u -r1.54 -r1.55 --- extra.conf.in 15 Oct 2004 16:19:58 -0000 1.54 +++ extra.conf.in 19 Oct 2004 15:02:25 -0000 1.55 @@ -48,6 +48,30 @@ </IfModule> </IfDefine> +<IfModule @PHP_MODULE@> + <Directory @SERVERROOT@/htdocs/php/safemode> + php_admin_value safe_mode 1 + php_admin_value safe_mode_exec_dir /usr/bin + php_admin_value open_basedir @SERVERROOT@ + php_admin_value display_errors 0 + php_admin_value log_errors 1 + php_admin_value safe_mode_allowed_env_vars FOO_ + php_admin_value safe_mode_protected_env_vars FOO_FEE + </Directory> + + <Directory @SERVERROOT@/htdocs/php/safemode/noexec> + php_admin_value safe_mode_exec_dir /tmp + </Directory> + + <Directory @SERVERROOT@/htdocs/php/safemode/nofile> + php_admin_value open_basedir @SERVERROOT@/htdocs/php/safemode/nofile + </Directory> + + <Directory @SERVERROOT@/htdocs/php/safemode/error> + php_admin_value display_errors 1 + </Directory> +</IfModule> + ## ## mod_expires test config ## 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/badenv.php Index: badenv.php =================================================================== <?php putenv("FISH=HelloWorld"); echo getenv("FISH"); ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/hello.txt Index: hello.txt =================================================================== This is Content. 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/protected.php Index: protected.php =================================================================== <?php putenv("FOO_FEE=HelloWorld"); echo getenv("FOO_FEE"); ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/putenv.php Index: putenv.php =================================================================== <?php putenv("FOO_BAR=HelloWorld"); echo getenv("FOO_BAR"); ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/readfile.php Index: readfile.php =================================================================== <?php readfile("hello.txt"); ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/readpass.php Index: readpass.php =================================================================== <?php readfile("/etc/passwd"); ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/system.php Index: system.php =================================================================== <?php system("printf 'Hello World'"); ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/error/mail.php Index: mail.php =================================================================== <?php // fix for CAN-2002-0985: mail() must reject 5th argument in safe mode if (mail("[EMAIL PROTECTED]", "httpd-test PHP mail", "test mail from httpd-test", "", "-C/etc/passwd")) { print("FAIL"); } else { print("OK"); } ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/noexec/system.php Index: system.php =================================================================== <?php system("/bin/ls /"); ?> 1.1 httpd-test/perl-framework/t/htdocs/php/safemode/nofile/readfile.php Index: readfile.php =================================================================== <?php readfile("../hello.txt"); ?> 1.1 httpd-test/perl-framework/t/php/safemode.t Index: safemode.t =================================================================== use strict; use warnings FATAL => 'all'; use Apache::Test; use Apache::TestRequest; use Apache::TestUtil; plan tests => 9, have_php; ok t_cmp(GET_BODY("/php/safemode/system.php"), "Hello World\n"); ok t_cmp(GET_BODY("/php/safemode/putenv.php"), "HelloWorld", "testing for unrestricted envvar access"); ok t_cmp(GET_BODY("/php/safemode/badenv.php"), "", "testing for restricted envvar access"); ok t_cmp(GET_BODY("/php/safemode/protected.php"), "", "testing for explicitly restricted envvar access"); if (-r "/etc/passwd") { ok t_cmp(GET_BODY("/php/safemode/readpass.php"), "", "testing that open_basedir is respected"); } else { skip "Can't test inability to read /etc/passwd", 1; } ok t_cmp(GET_BODY("/php/safemode/readfile.php"), "This is Content.\n", "testing that readfile is not restricted"); ok t_cmp(GET_BODY("/php/safemode/nofile/readfile.php"), "", "testing that open_basedir is respected"); ok t_cmp(GET_BODY("/php/safemode/noexec/system.php"), "", "testing that system() is restricted"); ok t_cmp(GET_BODY("/php/safemode/error/mail.php"), qr/Warning.*SAFE MODE.*OK/s, "testing that the fifth parameter to mail() is restricted");