return;
}
- if (file_exists($file = dirname(__FILE__).'/../'.str_replace('_', '/', $class).'.php')) {
+ if (file_exists($file = dirname(__FILE__).'/../'.str_replace(array('_', "\0"), array('/', ''), $class).'.php')) {
require $file;
}
}
*/
public function string($value)
{
- $this->source .= sprintf('"%s"', addcslashes($value, "\t\"\$\\"));
+ $this->source .= sprintf('"%s"', addcslashes($value, "\0\t\"\$\\"));
return $this;
}
protected function validateName($name)
{
+ if (false !== strpos($name, "\0")) {
+ throw new Twig_Error_Loader('A template name cannot contain NUL bytes.');
+ }
+
$parts = explode('/', $name);
$level = 0;
foreach ($parts as $part) {
{
/**
* @dataProvider getSecurityTests
- * @expectedException Twig_Error_Loader
*/
public function testSecurity($template)
{
$loader = new Twig_Loader_Filesystem(array(__DIR__.'/../Fixtures'));
- $loader->getCacheKey($template);
+
+ try {
+ $loader->getCacheKey($template);
+ $this->fail();
+ } catch (Twig_Error_Loader $e) {
+ $this->assertNotContains('Unable to find template', $e->getMessage());
+ }
}
public function getSecurityTests()
{
return array(
+ array("AutoloaderTest\0.php"),
array('..\\AutoloaderTest.php'),
array('..\\\\\\AutoloaderTest.php'),
array('../AutoloaderTest.php'),
projects / web/konrad/twig.git / commitdiff