Merge branch 'feature/better-handling-of-untrusted-triggered-errors'

ben-xo · Oct 27, 2022 · cfdbaf6 · cfdbaf6
2 parents d953f64 + afd7475
commit cfdbaf6
Show file tree

Hide file tree

Showing 10 changed files with 647 additions and 74 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,8 @@
 test/composer.lock
 test/vendor
 .unfinished
+.vscode
+
+# using the docker-compose example will auto-extract some embedded images. ignore.
+test/fixtures/id3v2_artist_album_title_cover.jpg
+test/fixtures/tagged_with_cover.jpg
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -1,6 +1,14 @@
 Changelog
 =========
 
+1.37 2022-10-27 * Errors now return an HTTP status code 500 by default.
+                * If the error is due to no content, or a bad URL passed to
+                  ?dir=, then it will be a 404 and no information about
+                  the server paths will be returned in the output. Thanks
+                  to @EdwarDDay for this security suggestion. (#64)
+                * fix nasty bug where paths were sometimes invalid due to
+                  mishandling of trailing slashes (#55)
+
 1.36 2022-08-25 * Fix bug where podcasts with autosaved cover art would end up
                   with duplicated iTunes metadata tags. Thanks once again to
                   @EdwarDDay for the bug report.

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 [![Testing dir2cast](https://github.com/ben-xo/dir2cast/actions/workflows/testing.yml/badge.svg)](https://github.com/ben-xo/dir2cast/actions/workflows/testing.yml)
 
 
-dir2cast by Ben XO v1.36 (2022-08-25)
+dir2cast by Ben XO v1.37 (2022-10-27)
 ================================================================================
 
 https://github.com/ben-xo/dir2cast/

diff --git a/dir2cast.php b/dir2cast.php
diff --git a/docker-compose/nginx/default.conf b/docker-compose/nginx/default.conf
@@ -8,7 +8,7 @@ server {
     # Don't allow downloading of dir2cast.ini, as it may contain sensitive
     # info such as the refresh password. Also, don't allow downloading of
     # dir2cast.php, for security and privacy reasons.
-    location ~ /dir2cast\.(ini|php)$ {
+    location ~ \.(ini|php)$ {
         return 404;
     }
 

diff --git a/test/FakeGetoptTest.php b/test/FakeGetoptTest.php
@@ -0,0 +1,74 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+final class FakeGetoptTest extends TestCase
+{
+    public function test_fake_getopt_no_args()
+    {
+        $this->assertEquals(
+            fake_getopt(array('php', '--halp'), '', array()),
+            array()
+        );
+        $this->assertEquals(
+            fake_getopt(array('php'), '', array()),
+            array()
+        );
+    }    
+    public function test_fake_getopt_no_match()
+    {
+        $this->assertEquals(
+            fake_getopt(array('php', '--halp'), '', array('help')),
+            array()
+        );
+        $this->assertEquals(
+            fake_getopt(array('php'), '', array('help')),
+            array()
+        );
+    }
+
+    public function test_fake_getopt_bool_arg()
+    {
+        $this->assertEquals(
+            fake_getopt(array('php', '--help'), '', array('help')),
+            array('help' => false)
+        );
+    }
+    public function test_fake_getopt_string_arg()
+    {
+        $this->assertEquals(
+            fake_getopt(array('php', '--media-dir'), '', array('media-dir::')),
+            array('media-dir' => '')
+        );
+        $this->assertEquals(
+            fake_getopt(array('php', '--media-dir='), '', array('media-dir::')),
+            array() // XXX: seems to be a bug in getopt
+        );
+        $this->assertEquals(
+            fake_getopt(array('php', '--media-dir=test'), '', array('media-dir::')),
+            array('media-dir' => 'test')
+        );
+    }
+    public function test_fake_getopt_escaping()
+    {
+        $this->assertEquals(
+            fake_getopt(array('php', "--media-dir= "), '', array('media-dir::')),
+            array('media-dir' => ' ')
+        );
+        $this->assertEquals(
+            fake_getopt(array('php', '--media-dir=""'), '', array('media-dir::')),
+            array('media-dir' => '""')
+        );
+        $this->assertEquals(
+            fake_getopt(array('php', "--media-dir=''"), '', array('media-dir::')),
+            array('media-dir' => "''")
+        );
+    }
+    public function test_fake_getopt_both_arg_types()
+    {
+        $this->assertEquals(
+            fake_getopt(array('php', '--help', '--media-dir'), '', array('help', 'media-dir::')),
+            array('help' => false, 'media-dir' => '')
+        );
+    }
+}
diff --git a/test/FourOhFourTest.php b/test/FourOhFourTest.php
@@ -0,0 +1,23 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+final class FourOhFourTest extends TestCase
+{
+    public static function setUpBeforeClass(): void
+    {
+        prepare_testing_dir();
+    }
+
+    public function test_non_existent_dir_prints_bare_error_CLI_case(): void
+    {
+        exec('php dir2cast.php --media-dir=dir2cast.ini', $output, $returncode);
+        $this->assertEquals("Not Found: dir2cast.ini", implode("\n", $output));
+        $this->assertEquals(254, $returncode);  // 254 is -2
+    }
+
+    public static function tearDownAfterClass(): void
+    {
+        chdir('..');
+    }
+}