From b2d4c36080a0d5a12ae12bb87135ee15c4ec52b2 Mon Sep 17 00:00:00 2001
From: Colin Kuskie <colink@perldreamer.com>
Date: Fri, 28 Jul 2006 16:11:47 +0000
Subject: [PATCH] add Include macro test and fix Include bug

---
 docs/changelog/7.x.x.txt    |   2 +
 lib/WebGUI/Macro/Include.pm |  22 ++++----
 t/Macro/Include.t           | 107 ++++++++++++++++++++++++++++++++++++
 3 files changed, 119 insertions(+), 12 deletions(-)
 create mode 100644 t/Macro/Include.t

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 9ac5316a9..2e183897d 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -1,6 +1,8 @@
 7.0.4
  - Added a forum.lastPost.user.hasRead variable to the Message Board template.
  - fix: r_printable macro and op2
+ - fixed a bug where the Include macro could be used to read WebGUI config
+   files.
 
 7.0.3
  - Fixed a problem with the 7.0.0-7.0.1 upgrade relating to internationalized
diff --git a/lib/WebGUI/Macro/Include.pm b/lib/WebGUI/Macro/Include.pm
index 11ab6a20a..56284f125 100644
--- a/lib/WebGUI/Macro/Include.pm
+++ b/lib/WebGUI/Macro/Include.pm
@@ -40,19 +40,17 @@ sub process {
         my (@param, $temp, $file);
         @param = @_;
 	my $i18n = WebGUI::International->new($session,'Macro_Include');
-	if ($param[0] =~ /passwd/i || $param[0] =~ /shadow/i || $param[0] =~ m!WebGUI/\w+.conf!i) {
-                $temp = $i18n->get('security');
-        } else {
-                $file = FileHandle->new($param[0],"r");
-                if ($file) {
-                        while (<$file>) {
-                                $temp .= $_;
-                        }
-                        $file->close;
-                } else {
-			$temp = $i18n->get('not found');
-                }
+	if ($param[0] =~ /passwd/i || $param[0] =~ /shadow/i || $param[0] =~ m!WebGUI/etc/\w+\.conf!i) {
+                return $i18n->get('security');
         }
+	$file = FileHandle->new($param[0],"r");
+	if ($file) {
+		local $/;
+		$temp = $file->getline();
+		$file->close;
+	} else {
+		$temp = $i18n->get('not found');
+	}
         return $temp;
 }
 
diff --git a/t/Macro/Include.t b/t/Macro/Include.t
new file mode 100644
index 000000000..87916d180
--- /dev/null
+++ b/t/Macro/Include.t
@@ -0,0 +1,107 @@
+#-------------------------------------------------------------------
+# WebGUI is Copyright 2001-2006 Plain Black Corporation.
+#-------------------------------------------------------------------
+# Please read the legal notices (docs/legal.txt) and the license
+# (docs/license.txt) that came with this distribution before using
+# this software.
+#-------------------------------------------------------------------
+# http://www.plainblack.com                     info@plainblack.com
+#-------------------------------------------------------------------
+
+use FindBin;
+use strict;
+use lib "$FindBin::Bin/../lib";
+
+use WebGUI::Test;
+use WebGUI::Macro::Include;
+use WebGUI::Session;
+use WebGUI::Storage;
+
+use Test::More; # increment this value for each test you create
+
+my $session = WebGUI::Test->session;
+
+my $i18n = WebGUI::International->new($session, 'Macro_Include');
+
+my $configFile = WebGUI::Test->root .'/etc/'. WebGUI::Test->file;
+my $spectreConf = WebGUI::Test->root . '/etc/spectre.conf';
+my $confBackup = WebGUI::Test->root . '/etc/my.conf%';
+
+my $goodFile = 'The contents of this file are accessible';
+my $twoLines = "This file contains two lines of text\nThis is the second line";
+my $storage = WebGUI::Storage->createTemp($session);
+$storage->addFileFromScalar('goodFile', $goodFile);
+$storage->addFileFromScalar('twoLines', $twoLines);
+$storage->addFileFromScalar('unreadableFile', 'The contents of this file are not readable');
+chmod 0111, $storage->getPath('unreadableFile');
+
+my @testSets = (
+	{
+		file => '/etc/passwd',
+		output => $i18n->get('security'),
+		comment => q|passwd file|,
+	},
+	{
+		file => '/passwd/foo.txt',
+		output => $i18n->get('security'),
+		comment => q|passwd path|,
+	},
+	{
+		file => '/etc/shadow',
+		output => $i18n->get('security'),
+		comment => q|shadow file|,
+	},
+	{
+		file => '/shadow/foo.txt',
+		output => $i18n->get('security'),
+		comment => q|shadow path|,
+	},
+	{
+		file => $configFile,
+		output => $i18n->get('security'),
+		comment => q|WebGUI config file|,
+	},
+	{
+		file => $spectreConf,
+		output => $i18n->get('security'),
+		comment => q|spectre config file|,
+	},
+	{
+		file => $confBackup,
+		output => $i18n->get('security'),
+		comment => q|conf backup file|,
+	},
+	{
+		file => $storage->getPath('non-existantFile'),
+		output => $i18n->get('not found'),
+		comment => q|Non-existant file returns NOT FOUND|,
+	},
+	{
+		file => $storage->getPath('unreadableFile'),
+		output => $i18n->get('not found'),
+		comment => q|Unreadable file returns NOT FOUND|,
+	},
+	{
+		file => $storage->getPath('goodFile'),
+		output => $goodFile,
+		comment => q|Included a good file|,
+	},
+	{
+		file => $storage->getPath('twoLines'),
+		output => $twoLines,
+		comment => q|Included a file with two lines|,
+	},
+);
+
+my $numTests = scalar @testSets;
+
+plan tests => $numTests;
+
+foreach my $testSet (@testSets) {
+	my $output = WebGUI::Macro::Include::process($session, $testSet->{file});
+	is($output, $testSet->{output}, $testSet->{comment} );
+}
+
+END {
+	$storage->delete;
+}