diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-01-05 05:01:38 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-01-05 05:01:38 +0000 |
| commit | 20421ee64d427b4886957342fc7b885ea11c1626 (patch) | |
| tree | 5db38ba478eb53b06694bd8d55798e9afadfedb8 | |
| parent | 22bdb8e5afa36cc3df1b21277287e90c504a4911 (diff) | |
| download | brdo-20421ee64d427b4886957342fc7b885ea11c1626.tar.gz brdo-20421ee64d427b4886957342fc7b885ea11c1626.tar.bz2 | |
#276280 by jhedstrom, drewish: Tests for private downloads and file name munging.
| -rw-r--r-- | modules/simpletest/tests/file.test | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/modules/simpletest/tests/file.test b/modules/simpletest/tests/file.test index dc9f08f61..19b54c9dc 100644 --- a/modules/simpletest/tests/file.test +++ b/modules/simpletest/tests/file.test @@ -1103,3 +1103,109 @@ class FileSaveDataTest extends FileHookTestCase { $this->assertFalse($file, t("Overwriting a file fails when FILE_EXISTS_ERROR is specified.")); } } + +/** + * Tests for download/file transfer functions. + */ +class FileDownloadTest extends FileTestCase { + function getInfo() { + return array( + 'name' => t('File download'), + 'description' => t('Tests for file download/transfer functions.'), + 'group' => t('File'), + ); + } + + function setUp() { + parent::setUp('file_test'); + } + + /** + * Test the private file transfer system. + */ + function testPrivateFileTransfer() { + // Set file downloads to private so handler functions get called. + variable_set('file_downloads', FILE_DOWNLOADS_PRIVATE); + + // Create a file. + $file = $this->createFile(); + $url = file_create_url($file->filename); + + // Set file_test access header to allow the download. + file_test_set_return('download', array('x-foo: Bar')); + $this->drupalHead($url); + $headers = $this->drupalGetHeaders(); + $this->assertEqual($headers['x-foo'] , 'Bar', t('Found header set by file_test module on private download.')); + $this->assertResponse(200, t('Correctly allowed access to a file when file_test provides headers.')); + + // Deny access to all downloads via a -1 header. + file_test_set_return('download', -1); + $this->drupalHead($url); + $this->assertResponse(403, t('Correctly denied access to a file when file_test sets the header to -1.')); + + // Try non-existent file. + $url = file_create_url($this->randomName()); + $this->drupalHead($url); + $this->assertResponse(404, t('Correctly returned 404 response for a non-existent file.')); + } +} + +/** + * Tests for file_munge_filename() and file_unmunge_filename(). + */ +class FileNameMungingTest extends FileTestCase { + function getInfo() { + return array( + 'name' => t('File naming'), + 'description' => t('Test filename munging and unmunging.'), + 'group' => t('File'), + ); + } + + function setUp() { + parent::setUp(); + $this->bad_extension = 'php'; + $this->name = $this->randomName() . '.' . $this->bad_extension . '.txt'; + } + + /** + * Create a file and munge/unmunge the name. + */ + function testMunging() { + // Disable insecure uploads. + variable_set('allow_insecure_uploads', 0); + $munged_name = file_munge_filename($this->name, '', TRUE); + $messages = drupal_get_messages(); + $this->assertTrue(in_array(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $munged_name)), $messages['status']), t('Alert properly set when a file is renamed.')); + $this->assertNotEqual($munged_name, $this->name, t('The new filename (%munged) has been modified from the original (%original)', array('%munged' => $munged_name, '%original' => $this->name))); + } + + /** + * If the allow_insecure_uploads variable evaluates to true, the file should + * come out untouched, no matter how evil the filename. + */ + function testMungeIgnoreInsecure() { + variable_set('allow_insecure_uploads', 1); + $munged_name = file_munge_filename($this->name, ''); + $this->assertIdentical($munged_name, $this->name, t('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', array('%munged' => $munged_name, '%original' => $this->name))); + } + + /** + * White listed extensions are ignored by file_munge_filename(). + */ + function testMungeIgnoreWhitelisted() { + // Declare our extension as whitelisted. + $munged_name = file_munge_filename($this->name, $this->bad_extension); + $this->assertIdentical($munged_name, $this->name, t('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', array('%munged' => $munged_name, '%original' => $this->name))); + } + + /** + * Ensure that unmunge gets your name back. + */ + function testUnMunge() { + $munged_name = file_munge_filename($this->name, '', FALSE); + $unmunged_name = file_unmunge_filename($munged_name); + $this->assertIdentical($unmunged_name, $this->name, t('The unmunged (%unmunged) filename matches the original (%original)', array('%unmunged' => $unmunged_name, '%original' => $this->name))); + } +} + |