MAGETWO-83584: Filesystem write access with path traversal on "static.php"

OlgaVasyltsun · OlgaVasyltsun · commit a20ee9de89e9 · 2018-03-06T16:44:26.000+02:00
diff --git a/lib/internal/Magento/Framework/App/Test/Unit/StaticResourceTest.php b/lib/internal/Magento/Framework/App/Test/Unit/StaticResourceTest.php
@@ -290,18 +290,15 @@ public function testCatchExceptionDeveloperMode()
      */
     public function testLaunchPathAbove()
     {
+        $path = 'frontend/..\..\folder_above/././Magento_Ui/template/messages.html';
         $this->stateMock->expects($this->once())
             ->method('getMode')
             ->will($this->returnValue(State::MODE_DEVELOPER));
         $this->requestMock->expects($this->once())
             ->method('get')
             ->with('resource')
-            ->will(
-                $this->returnValue(
-                    'frontend/..\..\folder_above'
-                    . '/././Magento_Ui/template/messages.html'
-                )
-            );
+            ->willReturn('frontend/..\..\folder_above/././Magento_Ui/template/messages.html');
+        $this->expectExceptionMessage("Requested path '$path' is wrong.");
 
         $this->object->launch();
     }
