File tree Expand file tree Collapse file tree 2 files changed +42
-0
lines changed
Expand file tree Collapse file tree 2 files changed +42
-0
lines changed Original file line number Diff line number Diff line change @@ -72,6 +72,9 @@ public function __construct(
7272 public function execute (Document $ documentstring $ urlstring $ destinationPathvoid
7373 {
7474 try {
75+ if (!preg_match ('/^[a-zA-Z0-9\.\-\_\/\s]+$/i ' , $ destinationPath
76+ throw new LocalizedException (__ ('Image File has invalid characters. ' ));
77+ }
7578 $ this saveFile ->execute ($ document$ url$ destinationPath
7679 $ mediaAssetId$ this saveMediaGalleryAsset ->execute ($ document$ destinationPath
7780
Original file line number Diff line number Diff line change @@ -120,4 +120,43 @@ public function imageDataProvider(): array
120120 ]
121121 ];
122122 }
123+
124+ /**
125+ * @return array
126+ */
127+ public function getInvalidPathValues (): array
128+ {
129+ return [
130+ [
131+ $ this createMock (Document::class),
132+ 'https://as2.ftcdn.net/jpg/500_FemVonDcttCeKiOXFk.jpg ' ,
133+ '\\invalid chars \\'
134+ ],
135+ [
136+ $ this createMock (Document::class),
137+ 'https://as2.ftcdn.net/jpg/500_FemVonDcttCeKiOXFk.jpg ' ,
138+ '{*invalid_path/ \'chars} '
139+ ],
140+ [
141+ $ this createMock (Document::class),
142+ 'https://as2.ftcdn.net/jpg/500_FemVonDcttCeKiOXFk.jpg ' ,
143+ '<img src=\"\" onerror=\"alert(0)\"> '
144+ ]
145+ ];
146+ }
147+
148+ /**
149+ * Verify that path validation works if invalid characters are passed.
150+ *
151+ * @dataProvider getInvalidPathValues
152+ * @param Document $document
153+ * @param string $url
154+ * @param string $destinationPath
155+ * @throws LocalizedException
156+ */
157+ public function testExecuteInvalidPath (Document $ documentstring $ urlstring $ destinationPathvoid
158+ {
159+ $ this expectException ('Magento\Framework\Exception\LocalizedException ' );
160+ $ this saveImage ->execute ($ document$ url$ destinationPath
161+ }
123162}
You can’t perform that action at this time.
0 commit comments