mirror
/
PHPMailer
mirror of https://github.com/PHPMailer/PHPMailer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add more tests for bad paths

This commit is contained in:
Marcus Bointon 2021-04-29 10:53:19 +02:00
parent 26f2848d3b
commit fd7ec67a7c
No known key found for this signature in database
GPG Key ID: DE31CD6EB646AA24
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
test/PHPMailerTest.php
View File

@ -1238,6 +1238,18 @@ EOT;
return;
}
//Make sure phar paths are rejected
self::assertFalse($this->Mail->addAttachment('phar://pharfile.php', 'pharfile.php'));
//Make sure any path that looks URLish is rejected
self::assertFalse($this->Mail->addAttachment('http://example.com/test.php', 'test.php'));
self::assertFalse(
$this->Mail->addAttachment(
'ssh2.sftp://user:pass@attacker-controlled.example.com:22/tmp/payload.phar',
'test.php'
)
);
self::assertFalse($this->Mail->addAttachment('x-1.cd+-://example.com/test.php', 'test.php'));
//Make sure that trying to attach a nonexistent file fails
$filename = __FILE__ . md5(microtime()) . 'nonexistent_file.txt';
self::assertFalse($this->Mail->addAttachment($filename));