#276280 by jhedstrom, drewish: Tests for private downloads and file name munging.

author: Angie Byron <webchick@24967.no-reply.drupal.org> 2009-01-05 05:01:38 +0000
committer: Angie Byron <webchick@24967.no-reply.drupal.org> 2009-01-05 05:01:38 +0000
commit: 20421ee64d427b4886957342fc7b885ea11c1626 (patch)
tree: 5db38ba478eb53b06694bd8d55798e9afadfedb8 /modules/simpletest/tests/file.test
parent: 22bdb8e5afa36cc3df1b21277287e90c504a4911 (diff)
download: brdo-20421ee64d427b4886957342fc7b885ea11c1626.tar.gz
brdo-20421ee64d427b4886957342fc7b885ea11c1626.tar.bz2
1 files changed, 106 insertions, 0 deletions
diff --git a/modules/simpletest/tests/file.test b/modules/simpletest/tests/file.test
index dc9f08f61..19b54c9dc 100644
--- a/modules/simpletest/tests/file.test
+++ b/modules/simpletest/tests/file.test
@@ -1103,3 +1103,109 @@ class FileSaveDataTest extends FileHookTestCase {
     $this->assertFalse($file, t("Overwriting a file fails when FILE_EXISTS_ERROR is specified."));
   }
 }
+
+/**
+ * Tests for download/file transfer functions.
+ */
+class FileDownloadTest extends FileTestCase {
+  function getInfo() {
+    return array(
+      'name' => t('File download'),
+      'description' => t('Tests for file download/transfer functions.'),
+      'group' => t('File'),
+    );
+  }
+
+  function setUp() {
+    parent::setUp('file_test');
+  }
+
+  /**
+   * Test the private file transfer system.
+   */
+  function testPrivateFileTransfer() {
+    // Set file downloads to private so handler functions get called.
+    variable_set('file_downloads', FILE_DOWNLOADS_PRIVATE);
+
+    // Create a file.
+    $file = $this->createFile();
+    $url = file_create_url($file->filename);
+
+    // Set file_test access header to allow the download.
+    file_test_set_return('download', array('x-foo: Bar'));
+    $this->drupalHead($url);
+    $headers = $this->drupalGetHeaders();
+    $this->assertEqual($headers['x-foo'] , 'Bar', t('Found header set by file_test module on private download.'));
+    $this->assertResponse(200, t('Correctly allowed access to a file when file_test provides headers.'));
+
+    // Deny access to all downloads via a -1 header.
+    file_test_set_return('download', -1);
+    $this->drupalHead($url);
+    $this->assertResponse(403, t('Correctly denied access to a file when file_test sets the header to -1.'));
+
+    // Try non-existent file.
+    $url = file_create_url($this->randomName());
+    $this->drupalHead($url);
+    $this->assertResponse(404, t('Correctly returned 404 response for a non-existent file.'));
+  }
+}
+
+/**
+ * Tests for file_munge_filename() and file_unmunge_filename().
+ */
+class FileNameMungingTest extends FileTestCase {
+  function getInfo() {
+    return array(
+      'name' => t('File naming'),
+      'description' => t('Test filename munging and unmunging.'),
+      'group' => t('File'),
+    );
+  }
+
+  function setUp() {
+    parent::setUp();
+    $this->bad_extension = 'php';
+    $this->name = $this->randomName() . '.' . $this->bad_extension . '.txt';
+  }
+
+  /**
+   * Create a file and munge/unmunge the name.
+   */
+  function testMunging() {
+    // Disable insecure uploads.
+    variable_set('allow_insecure_uploads', 0);
+    $munged_name = file_munge_filename($this->name, '', TRUE);
+    $messages = drupal_get_messages();
+    $this->assertTrue(in_array(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $munged_name)), $messages['status']), t('Alert properly set when a file is renamed.'));
+    $this->assertNotEqual($munged_name, $this->name, t('The new filename (%munged) has been modified from the original (%original)', array('%munged' => $munged_name, '%original' => $this->name)));
+  }
+
+  /**
+   * If the allow_insecure_uploads variable evaluates to true, the file should
+   * come out untouched, no matter how evil the filename.
+   */
+  function testMungeIgnoreInsecure() {
+    variable_set('allow_insecure_uploads', 1);
+    $munged_name = file_munge_filename($this->name, '');
+    $this->assertIdentical($munged_name, $this->name, t('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', array('%munged' => $munged_name, '%original' => $this->name)));
+  }
+
+  /**
+   * White listed extensions are ignored by file_munge_filename().
+   */
+  function testMungeIgnoreWhitelisted() {
+    // Declare our extension as whitelisted.
+    $munged_name = file_munge_filename($this->name, $this->bad_extension);
+    $this->assertIdentical($munged_name, $this->name, t('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', array('%munged' => $munged_name, '%original' => $this->name)));
+  }
+
+  /**
+   * Ensure that unmunge gets your name back.
+   */
+  function testUnMunge() {
+    $munged_name = file_munge_filename($this->name, '', FALSE);
+    $unmunged_name = file_unmunge_filename($munged_name);
+    $this->assertIdentical($unmunged_name, $this->name, t('The unmunged (%unmunged) filename matches the original (%original)', array('%unmunged' => $unmunged_name, '%original' => $this->name)));
+  }
+}
+
author	Angie Byron <webchick@24967.no-reply.drupal.org>	2009-01-05 05:01:38 +0000
committer	Angie Byron <webchick@24967.no-reply.drupal.org>	2009-01-05 05:01:38 +0000
commit	20421ee64d427b4886957342fc7b885ea11c1626 (patch)
tree	5db38ba478eb53b06694bd8d55798e9afadfedb8 /modules/simpletest/tests/file.test
parent	22bdb8e5afa36cc3df1b21277287e90c504a4911 (diff)
download	brdo-20421ee64d427b4886957342fc7b885ea11c1626.tar.gz brdo-20421ee64d427b4886957342fc7b885ea11c1626.tar.bz2