As Maugrim pointed out in this thread, my Suite Tester has no sanitation in the include statement. But I'm not sure what to do about it.
Checking it against a list of OK files isn't ideal, because that list of files is stored as a JavaScript array.
I suppose I could splatter warnings everywhere about password-protecting the directory, but that's less than ideal too. I know many people won't. People like me.
Does anyone else have any ideas?
My code as it stands:
Code: Select all
function SuiteTester_TestRunner($test_file)//$test_file is raw $_GET input
{
$this->TestSuite();
$existing_classes = get_declared_classes();
include($test_file);
$classes = $this->_selectRunnableTests($existing_classes, get_declared_classes());
if ( $this->noRunnableTests($classes) )
{
$this->addTestCase(
new SuiteTester_BadTestSuite($test_file,
"Something is wrong with " . $test_file . ". It may be MISSING, or simply have no runnable test cases.")
);
}
else
{
$this->addTestCase(
$this->_createGroupFromClasses($test_file, $classes)
);
}
}