function FileIncludeGadgetChainTest::testFileDeleteGadgetChain

Same name and namespace in other branches
  1. 11.x core/tests/Drupal/KernelTests/Core/Extension/FileIncludeGadgetChainTest.php \Drupal\KernelTests\Core\Extension\FileIncludeGadgetChainTest::testFileDeleteGadgetChain()

Tests unserializing a Drupal/FI1 payload.

Attributes

#[DataProvider('providerIncludePaths')] #[IgnoreDeprecations]

File

core/tests/Drupal/KernelTests/Core/Extension/FileIncludeGadgetChainTest.php, line 39

Class

FileIncludeGadgetChainTest
Tests protection against Drupal/FI1 gadget chain.

Namespace

Drupal\KernelTests\Core\Extension

Code

public function testFileDeleteGadgetChain(string $path) : void {
  $path = str_replace('PUBLIC_PLACEHOLDER', Settings::get('file_public_path'), $path);
  // cspell:disable-next-line
  file_put_contents($path, "<?php print base64_decode('dGhpcyBzaG91bGQgbm90IGJl');?>");
  $output = '';
  // ./phpggc Drupal/FI1 public://canary.txt
  $payload = 'O:36:"Drupal\\views\\DisplayPluginCollection":1:{s:15:"pluginInstances";a:1:{i:0;O:36:"Drupal\\Core\\Extension\\ProceduralCall":1:{s:8:"includes";a:1:{s:7:"destroy";PATH_PLACEHOLDER;}}}}';
  // e.g. s:19:"public://cuckoo.txt"
  $payload = str_replace('PATH_PLACEHOLDER', 's:' . strlen($path) . ':"' . $path . '"', $payload);
  ob_start();
  try {
    unserialize($payload);
  } catch (\Throwable) {
    // Error: Call to undefined function \destroy()
    // BadMethodCallException: Cannot unserialize Drupal\Core\Extension\ProceduralCall
  }
  $output = ob_get_clean();
  $this->assertNotEquals('this should not be', $output);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.