MAGETWO-54255: Full Path Disclosure in cache management

dsikkema-magento · dsikkema-magento · commit 781281d06ee0 · 2016-06-11T14:42:40.000-05:00
diff --git a/app/code/Magento/Backend/i18n/en_US.csv b/app/code/Magento/Backend/i18n/en_US.csv
@@ -456,3 +456,4 @@ Pagination,Pagination
 "Anchor Text for Next","Anchor Text for Next"
 "Alternative text for the next pages link in the pagination menu. If empty, default arrow image is used.","Alternative text for the next pages link in the pagination menu. If empty, default arrow image is used."
 "Theme Name","Theme Name"
+"Deployment config file %1 is not writable.","Deployment config file %1 is not writable."
diff --git a/lib/internal/Magento/Framework/App/DeploymentConfig/Writer.php b/lib/internal/Magento/Framework/App/DeploymentConfig/Writer.php
@@ -8,8 +8,10 @@
 
 use Magento\Framework\App\DeploymentConfig;
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Exception\FileSystemException;
 use Magento\Framework\Filesystem;
 use Magento\Framework\Config\File\ConfigFilePool;
+use Magento\Framework\Phrase;
 
 /**
  * Deployment configuration writer
@@ -110,7 +112,13 @@ public function saveConfig(array $data, $override = false)
                 }
 
                 $contents = $this->formatter->format($config);
-                $this->filesystem->getDirectoryWrite(DirectoryList::CONFIG)->writeFile($paths[$fileKey], $contents);
+                try {
+                    $this->filesystem->getDirectoryWrite(DirectoryList::CONFIG)->writeFile($paths[$fileKey], $contents);
+                } catch (FileSystemException $e) {
+                    throw new FileSystemException(
+                        new Phrase('Deployment config file %1 is not writable.', [$paths[$fileKey]])
+                    );
+                }
                 if (function_exists('opcache_invalidate')) {
                     opcache_invalidate(
                         $this->filesystem->getDirectoryRead(DirectoryList::CONFIG)->getAbsolutePath($paths[$fileKey])
diff --git a/lib/internal/Magento/Framework/App/Test/Unit/DeploymentConfig/WriterTest.php b/lib/internal/Magento/Framework/App/Test/Unit/DeploymentConfig/WriterTest.php
@@ -7,73 +7,67 @@
 namespace Magento\Framework\App\Test\Unit\DeploymentConfig;
 
 use Magento\Framework\App\DeploymentConfig;
+use Magento\Framework\App\DeploymentConfig\Reader;
 use Magento\Framework\App\DeploymentConfig\Writer;
+use Magento\Framework\App\DeploymentConfig\Writer\FormatterInterface;
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Config\File\ConfigFilePool;
+use Magento\Framework\Exception\FileSystemException;
+use Magento\Framework\Filesystem;
+use Magento\Framework\Filesystem\Directory\ReadInterface;
+use Magento\Framework\Filesystem\Directory\WriteInterface;
+use Magento\Framework\Phrase;
 
 class WriterTest extends \PHPUnit_Framework_TestCase
 {
-    /**
-     * @var Writer
-     */
+    /** @var Writer */
     private $object;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     private $reader;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     private $dirWrite;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     private $dirRead;
 
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
+    /** @var \PHPUnit_Framework_MockObject_MockObject */
     protected $formatter;
 
-    /**
-     * @var ConfigFilePool
-     */
+    /** @var ConfigFilePool */
     private $configFilePool;
 
-    /**
-     * @var DeploymentConfig
-     */
+    /** @var DeploymentConfig */
     private $deploymentConfig;
 
+    /** @var Filesystem */
+    private $filesystem;
+
     protected function setUp()
     {
-        $this->reader = $this->getMock('Magento\Framework\App\DeploymentConfig\Reader', [], [], '', false);
-        $filesystem = $this->getMock('Magento\Framework\Filesystem', [], [], '', false);
-        $this->formatter = $this->getMockForAbstractClass(
-            'Magento\Framework\App\DeploymentConfig\Writer\FormatterInterface'
-        );
-        $this->configFilePool = $this->getMock('Magento\Framework\Config\File\ConfigFilePool', [], [], '', false);
-        $this->deploymentConfig = $this->getMock('Magento\Framework\App\DeploymentConfig', [], [], '', false);
+        $this->reader = $this->getMock(Reader::class, [], [], '', false);
+        $this->filesystem = $this->getMock(Filesystem::class, [], [], '', false);
+        $this->formatter = $this->getMockForAbstractClass(FormatterInterface::class);
+        $this->configFilePool = $this->getMock(ConfigFilePool::class, [], [], '', false);
+        $this->deploymentConfig = $this->getMock(DeploymentConfig::class, [], [], '', false);
         $this->object = new Writer(
             $this->reader,
-            $filesystem,
+            $this->filesystem,
             $this->configFilePool,
             $this->deploymentConfig,
             $this->formatter
         );
         $this->reader->expects($this->any())->method('getFiles')->willReturn('test.php');
-        $this->dirWrite = $this->getMockForAbstractClass('Magento\Framework\Filesystem\Directory\WriteInterface');
-        $this->dirRead = $this->getMockForAbstractClass('Magento\Framework\Filesystem\Directory\ReadInterface');
+        $this->dirWrite = $this->getMockForAbstractClass(WriteInterface::class);
+        $this->dirRead = $this->getMockForAbstractClass(ReadInterface::class);
         $this->dirRead->expects($this->any())
             ->method('getAbsolutePath');
-        $filesystem->expects($this->any())
+        $this->filesystem->expects($this->any())
             ->method('getDirectoryWrite')
             ->with(DirectoryList::CONFIG)
             ->willReturn($this->dirWrite);
-        $filesystem->expects($this->any())
+        $this->filesystem->expects($this->any())
             ->method('getDirectoryRead')
             ->with(DirectoryList::CONFIG)
             ->willReturn($this->dirRead);
@@ -179,4 +173,16 @@ public function testSaveConfigOverride()
 
         $this->object->saveConfig($testSetUpdate, true);
     }
+
+    /**
+     * @expectedException \Magento\Framework\Exception\FileSystemException
+     * @expectedExceptionMessage Deployment config file env.php is not writable.
+     */
+    public function testSaveConfigException()
+    {
+        $this->configFilePool->method('getPaths')->willReturn([ConfigFilePool::APP_ENV => 'env.php']);
+        $exception = new FileSystemException(new Phrase('error when writing file config file'));
+        $this->dirWrite->method('writeFile')->willThrowException($exception);
+        $this->object->saveConfig([ConfigFilePool::APP_ENV => ['key' => 'value']]);
+    }
 }
