OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
cream
/
aws-ses
/
vendor
/
phpmailer
/
phpmailer
/
test
/
PHPMailer
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
05/19/2025 10:07:19 AM
rwxr-xr-x
📄
AddEmbeddedImageTest.php
6.45 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
AddStringAttachmentTest.php
5.19 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
AddStringEmbeddedImageTest.php
5.53 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
AddrFormatTest.php
2.08 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
AuthCRAMMD5Test.php
1.54 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
CustomHeaderTest.php
9.2 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
DKIMTest.php
9.51 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
DSNConfiguratorTest.php
6.49 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
EncodeQTest.php
3.96 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
EncodeStringTest.php
4.58 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
FileIsAccessibleTest.php
3.32 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
FilenameToTypeTest.php
2.22 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
GenerateIdTest.php
2.63 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
GetLastMessageIDTest.php
3.32 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
HasLineLongerThanMaxTest.php
4.69 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
Html2TextTest.php
9.79 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
ICalTest.php
4.32 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
IsPermittedPathTest.php
3.74 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
IsValidHostTest.php
4.18 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
LocalizationTest.php
18.51 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
MailTransportTest.php
3.67 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
MbPathinfoTest.php
5.74 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
MimeTypesTest.php
1.93 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
NormalizeBreaksTest.php
3.62 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
PHPMailerTest.php
47.39 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
ParseAddressesTest.php
14.27 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
PunyencodeAddressTest.php
4.77 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
QuotedStringTest.php
2.08 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
ReplyToGetSetClearTest.php
17.23 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
SetErrorTest.php
5.19 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
SetFromTest.php
7.08 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
SetTest.php
2.32 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
SetWordWrapTest.php
4.01 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
Utf8CharBoundaryTest.php
1.95 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
ValidateAddressCustomValidatorTest.php
3.65 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
ValidateAddressTest.php
17.2 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
WrapTextTest.php
6.05 KB
05/19/2025 10:07:19 AM
rw-r--r--
📄
XMailerTest.php
2 KB
05/19/2025 10:07:19 AM
rw-r--r--
Editing: IsPermittedPathTest.php
Close
<?php /** * PHPMailer - PHP email transport unit tests. * PHP version 5.5. * * @author Marcus Bointon <phpmailer@synchromedia.co.uk> * @author Andy Prevost * @copyright 2012 - 2020 Marcus Bointon * @copyright 2004 - 2009 Andy Prevost * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License */ namespace PHPMailer\Test\PHPMailer; use PHPMailer\PHPMailer\PHPMailer; use ReflectionMethod; use Yoast\PHPUnitPolyfills\TestCases\TestCase; /** * Test path validation functionality. * * @covers \PHPMailer\PHPMailer\PHPMailer::isPermittedPath */ final class IsPermittedPathTest extends TestCase { /** * Test whether the validation of whether a path is of a permitted type works correctly. * * @dataProvider dataIsPermittedPath * * @param string $input A relative or absolute path to a file. * @param bool $expected The expected function return value. */ public function testIsPermittedPath($input, $expected) { $reflMethod = new ReflectionMethod(PHPMailer::class, 'isPermittedPath'); $reflMethod->setAccessible(true); $result = $reflMethod->invoke(null, $input); $reflMethod->setAccessible(false); self::assertSame($expected, $result); } /** * Data provider. * * @return array */ public function dataIsPermittedPath() { return [ 'Valid: full, local path; Linux style, forward slashes' => [ 'input' => '/usr/sbin/subdir/docs.pdf', 'expected' => true, ], 'Valid: full, local path; Windows style, backslashes' => [ 'input' => 'D:\subdir\with spaces\subdir\myapp.zip', 'expected' => true, ], 'Valid: full, local path; Windows style, forward slashes' => [ 'input' => 'D:/subdir/with spaces/subdir/', 'expected' => true, ], 'Valid: relative local path; forward slashes' => [ 'input' => '/etc/hostname', 'expected' => true, ], 'Valid: relative local path; forward slashes, path traversal' => [ 'input' => './../../subdir/.htaccess', 'expected' => true, ], 'Valid: relative local path; backslashes, path traversal' => [ 'input' => '..\subdir\\', 'expected' => true, ], 'Valid: file name only' => [ 'input' => 'composer.json', 'expected' => true, ], 'Valid: UNC path' => [ 'input' => '\\\\nowhere\\nothing', 'expected' => true, ], 'Invalid: phar file reference' => [ 'input' => 'phar://phar.php', 'expected' => false, ], 'Invalid: external URL; protocol: https' => [ 'input' => 'https://github.com/PHPMailer/PHPMailer/', 'expected' => false, ], 'Invalid: external URL; protocol: http (uppercase)' => [ 'input' => 'HTTP://github.com/PHPMailer/PHPMailer/', 'expected' => false, ], 'Invalid: external URL; protocol: ssh2.sftp' => [ 'input' => 'ssh2.sftp://user:pass@attacker-controlled.example.com:22/tmp/payload.phar', 'expected' => false, ], 'Invalid: external URL; protocol: x-1.cd+-' => [ 'input' => 'x-1.cd+-://example.com/test.php', 'expected' => false, ], ]; } }