1--TEST--
2Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
3--SKIPIF--
4<?php
5if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
6?>
7--FILE--
8<?php
9include("prepare.inc");
10
11$outputfile = __DIR__."/bug54446test_with_ini.txt";
12if (file_exists($outputfile)) {
13    unlink($outputfile);
14}
15
16$sXsl = <<<EOT
17<xsl:stylesheet version="1.0"
18    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
19    xmlns:sax="http://icl.com/saxon"
20    extension-element-prefixes="sax">
21
22    <xsl:template match="/">
23        <sax:output href="$outputfile" method="text">
24            <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
25        </sax:output>
26    </xsl:template>
27
28</xsl:stylesheet>
29EOT;
30
31$xsl->loadXML( $sXsl );
32
33# START XSLT
34$proc->importStylesheet( $xsl );
35
36# TRASNFORM & PRINT
37print $proc->transformToXML( $dom );
38
39
40if (file_exists($outputfile)) {
41    print "$outputfile exists, but shouldn't!\n";
42} else {
43    print "OK, no file created\n";
44}
45
46#SET NO SECURITY PREFS
47$proc->setSecurityPrefs(XSL_SECPREF_NONE);
48
49# TRANSFORM & PRINT
50print $proc->transformToXML( $dom );
51
52
53if (file_exists($outputfile)) {
54    print "OK, file exists\n";
55} else {
56    print "$outputfile doesn't exist, but should!\n";
57}
58
59unlink($outputfile);
60
61#SET SECURITY PREFS AGAIN
62$proc->setSecurityPrefs(XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
63
64# TRANSFORM & PRINT
65print $proc->transformToXML( $dom );
66
67if (file_exists($outputfile)) {
68    print "$outputfile exists, but shouldn't!\n";
69} else {
70    print "OK, no file created\n";
71}
72
73?>
74--EXPECTF--
75Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
76
77Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test_with_ini.txt refused in %s on line %d
78
79Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
80
81Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test_with_ini.txt denied in %s on line %d
82OK, no file created
83OK, file exists
84
85Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
86
87Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test_with_ini.txt refused in %s on line %d
88
89Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
90
91Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test_with_ini.txt denied in %s on line %d
92OK, no file created
93--CREDITS--
94Christian Stocker, chregu@php.net
95