Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix MakeViewVariableOptionalSolution to disallow stream wrappers and …
…files that do not end in .blade.php (#334) * Disallow paths with a scheme in MakeViewVariableOptionalSolution * Added a test unit for the solution * Refactored code into a isSafePath() method * Update MakeViewVariableOptionalSolution.php Co-authored-by: cfreal <folcharles@ŋmail.com> Co-authored-by: Freek Van der Herten <freek@spatie.be>
- Loading branch information
1 parent
3b3403f
commit 03a8aa1
Showing
2 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
<?php | ||
|
||
namespace Facade\Ignition\Tests\Solutions; | ||
|
||
use Facade\Ignition\Exceptions\ViewException; | ||
use Facade\Ignition\Solutions\MakeViewVariableOptionalSolution; | ||
use Facade\Ignition\Support\ComposerClassMap; | ||
use Facade\Ignition\Tests\TestCase; | ||
use Illuminate\Support\Facades\View; | ||
use Illuminate\Support\Str; | ||
|
||
class MakeViewVariableOptionalSolutionTest extends TestCase | ||
{ | ||
public function setUp(): void | ||
{ | ||
parent::setUp(); | ||
|
||
View::addLocation(__DIR__.'/../stubs/views'); | ||
|
||
$this->app->bind( | ||
ComposerClassMap::class, | ||
function () { | ||
return new ComposerClassMap(__DIR__.'/../../vendor/autoload.php'); | ||
} | ||
); | ||
} | ||
|
||
/** @test */ | ||
public function it_does_not_open_scheme_paths() | ||
{ | ||
$solution = $this->getSolutionForPath('php://filter/resource=./tests/stubs/views/blade-exception.blade.php'); | ||
$this->assertFalse($solution->isRunnable()); | ||
} | ||
|
||
/** @test */ | ||
public function it_does_open_relative_paths() | ||
{ | ||
$solution = $this->getSolutionForPath('./tests/stubs/views/blade-exception.blade.php'); | ||
$this->assertTrue($solution->isRunnable()); | ||
} | ||
|
||
/** @test */ | ||
public function it_does_not_open_other_extentions() | ||
{ | ||
$solution = $this->getSolutionForPath('./tests/stubs/views/php-exception.php'); | ||
$this->assertFalse($solution->isRunnable()); | ||
} | ||
|
||
protected function getSolutionForPath($path): MakeViewVariableOptionalSolution | ||
{ | ||
return new MakeViewVariableOptionalSolution('notSet', $path); | ||
} | ||
} |