MAGETWO-54255: Full Path Disclosure in cache management

magento · Jun 11, 2016 · 781281d · 781281d
1 parent 1ea57c2
commit 781281d
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 34 deletions.
diff --git a/app/code/Magento/Backend/i18n/en_US.csv b/app/code/Magento/Backend/i18n/en_US.csv
@@ -456,3 +456,4 @@ Pagination,Pagination
 "Anchor Text for Next","Anchor Text for Next"
 "Alternative text for the next pages link in the pagination menu. If empty, default arrow image is used.","Alternative text for the next pages link in the pagination menu. If empty, default arrow image is used."
 "Theme Name","Theme Name"
+"Deployment config file %1 is not writable.","Deployment config file %1 is not writable."
diff --git a/lib/internal/Magento/Framework/App/DeploymentConfig/Writer.php b/lib/internal/Magento/Framework/App/DeploymentConfig/Writer.php
@@ -8,8 +8,10 @@
 
 use Magento\Framework\App\DeploymentConfig;
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Exception\FileSystemException;
 use Magento\Framework\Filesystem;
 use Magento\Framework\Config\File\ConfigFilePool;
+use Magento\Framework\Phrase;
 
 /**
  * Deployment configuration writer
@@ -110,7 +112,13 @@ public function saveConfig(array $data, $override = false)
                 }
 
                 $contents = $this->formatter->format($config);
-                $this->filesystem->getDirectoryWrite(DirectoryList::CONFIG)->writeFile($paths[$fileKey], $contents);
+                try {
+                    $this->filesystem->getDirectoryWrite(DirectoryList::CONFIG)->writeFile($paths[$fileKey], $contents);
+                } catch (FileSystemException $e) {
+                    throw new FileSystemException(
+                        new Phrase('Deployment config file %1 is not writable.', [$paths[$fileKey]])
+                    );
+                }
                 if (function_exists('opcache_invalidate')) {
                     opcache_invalidate(
                         $this->filesystem->getDirectoryRead(DirectoryList::CONFIG)->getAbsolutePath($paths[$fileKey])

diff --git a/lib/internal/Magento/Framework/App/Test/Unit/DeploymentConfig/WriterTest.php b/lib/internal/Magento/Framework/App/Test/Unit/DeploymentConfig/WriterTest.php
@@ -7,73 +7,67 @@
 namespace Magento\Framework\App\Test\Unit\DeploymentConfig;
 
 use Magento\Framework\App\DeploymentConfig;
+use Magento\Framework\App\DeploymentConfig\Reader;
 use Magento\Framework\App\DeploymentConfig\Writer;
+use Magento\Framework\App\DeploymentConfig\Writer\FormatterInterface;
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Config\File\ConfigFilePool;
+use Magento\Framework\Exception\FileSystemException;
+use Magento\Framework\Filesystem;
+use Magento\Framework\Filesystem\Directory\ReadInterface;
+use Magento\Framework\Filesystem\Directory\WriteInterface;
+use Magento\Framework\Phrase;
 
 class WriterTest extends \PHPUnit_Framework_TestCase
 {
-    /**
-     * @var Writer
-     */
+    /** @var Writer */
     private $object;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     private $reader;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     private $dirWrite;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     private $dirRead;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     protected $formatter;
 
-    /**
-     * @var ConfigFilePool
-     */
+    /** @var ConfigFilePool */
     private $configFilePool;
 
-    /**
-     * @var DeploymentConfig
-     */
+    /** @var DeploymentConfig */
     private $deploymentConfig;
 
+    /** @var Filesystem */
+    private $filesystem;
+
     protected function setUp()
     {
-        $this->reader = $this->getMock('Magento\Framework\App\DeploymentConfig\Reader', [], [], '', false);
-        $filesystem = $this->getMock('Magento\Framework\Filesystem', [], [], '', false);
-        $this->formatter = $this->getMockForAbstractClass(
-            'Magento\Framework\App\DeploymentConfig\Writer\FormatterInterface'
-        );
-        $this->configFilePool = $this->getMock('Magento\Framework\Config\File\ConfigFilePool', [], [], '', false);
-        $this->deploymentConfig = $this->getMock('Magento\Framework\App\DeploymentConfig', [], [], '', false);
+        $this->reader = $this->getMock(Reader::class, [], [], '', false);
+        $this->filesystem = $this->getMock(Filesystem::class, [], [], '', false);
+        $this->formatter = $this->getMockForAbstractClass(FormatterInterface::class);
+        $this->configFilePool = $this->getMock(ConfigFilePool::class, [], [], '', false);
+        $this->deploymentConfig = $this->getMock(DeploymentConfig::class, [], [], '', false);
         $this->object = new Writer(
             $this->reader,
-            $filesystem,
+            $this->filesystem,
             $this->configFilePool,
             $this->deploymentConfig,
             $this->formatter
         );
         $this->reader->expects($this->any())->method('getFiles')->willReturn('test.php');
-        $this->dirWrite = $this->getMockForAbstractClass('Magento\Framework\Filesystem\Directory\WriteInterface');
-        $this->dirRead = $this->getMockForAbstractClass('Magento\Framework\Filesystem\Directory\ReadInterface');
+        $this->dirWrite = $this->getMockForAbstractClass(WriteInterface::class);
+        $this->dirRead = $this->getMockForAbstractClass(ReadInterface::class);
         $this->dirRead->expects($this->any())
             ->method('getAbsolutePath');
-        $filesystem->expects($this->any())
+        $this->filesystem->expects($this->any())
             ->method('getDirectoryWrite')
             ->with(DirectoryList::CONFIG)
             ->willReturn($this->dirWrite);
-        $filesystem->expects($this->any())
+        $this->filesystem->expects($this->any())
             ->method('getDirectoryRead')
             ->with(DirectoryList::CONFIG)
             ->willReturn($this->dirRead);
@@ -179,4 +173,16 @@ public function testSaveConfigOverride()
 
         $this->object->saveConfig($testSetUpdate, true);
     }
+
+    /**
+     * @expectedException \Magento\Framework\Exception\FileSystemException
+     * @expectedExceptionMessage Deployment config file env.php is not writable.
+     */
+    public function testSaveConfigException()
+    {
+        $this->configFilePool->method('getPaths')->willReturn([ConfigFilePool::APP_ENV => 'env.php']);
+        $exception = new FileSystemException(new Phrase('error when writing file config file'));
+        $this->dirWrite->method('writeFile')->willThrowException($exception);
+        $this->object->saveConfig([ConfigFilePool::APP_ENV => ['key' => 'value']]);
+    }
 }