diff options
author | David Rothstein <drothstein@gmail.com> | 2016-02-01 11:10:22 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2016-02-01 11:10:22 -0500 |
commit | 03cbe6517b64b7b22fb1bbcf3e753634d178cb0d (patch) | |
tree | eaed0ee96308edd27c7b7b6c169873cffa77a113 | |
parent | d641314cc6157d7b164ccc2587f7b9eb4f568c1f (diff) | |
download | brdo-03cbe6517b64b7b22fb1bbcf3e753634d178cb0d.tar.gz brdo-03cbe6517b64b7b22fb1bbcf3e753634d178cb0d.tar.bz2 |
Issue #1891228 by eiriksm, logaritmisk, joelpittet, stefan.r, StefanPr, mariancalinro: image_style_deliver can create invalid headers
-rw-r--r-- | modules/image/image.module | 4 | ||||
-rw-r--r-- | modules/image/image.test | 16 | ||||
-rw-r--r-- | modules/image/tests/image_module_test.module | 3 |
3 files changed, 21 insertions, 2 deletions
diff --git a/modules/image/image.module b/modules/image/image.module index 526330c67..dab88361a 100644 --- a/modules/image/image.module +++ b/modules/image/image.module @@ -835,8 +835,8 @@ function image_style_deliver($style, $scheme) { file_download($scheme, file_uri_target($derivative_uri)); } else { - $headers = module_invoke_all('file_download', $image_uri); - if (in_array(-1, $headers) || empty($headers)) { + $headers = file_download_headers($image_uri); + if (empty($headers)) { return MENU_ACCESS_DENIED; } if (count($headers)) { diff --git a/modules/image/image.test b/modules/image/image.test index 87d803a53..42f8d8bca 100644 --- a/modules/image/image.test +++ b/modules/image/image.test @@ -202,6 +202,22 @@ class ImageStylesPathAndUrlTestCase extends DrupalWebTestCase { } /** + * Test that we do not pass an array to drupal_add_http_header. + */ + function testImageContentTypeHeaders() { + $files = $this->drupalGetTestFiles('image'); + $file = array_shift($files); + // Copy the test file to private folder. + $private_file = file_copy($file, 'private://', FILE_EXISTS_RENAME); + // Tell image_module_test module to return the headers we want to test. + variable_set('image_module_test_invalid_headers', $private_file->uri); + // Invoke image_style_deliver so it will try to set headers. + $generated_url = image_style_url($this->style_name, $private_file->uri); + $this->drupalGet($generated_url); + variable_del('image_module_test_invalid_headers'); + } + + /** * Test image_style_url(). */ function _testImageStyleUrlAndPath($scheme, $clean_url = TRUE, $extra_slash = FALSE) { diff --git a/modules/image/tests/image_module_test.module b/modules/image/tests/image_module_test.module index 8a322fb97..fc66d9b8b 100644 --- a/modules/image/tests/image_module_test.module +++ b/modules/image/tests/image_module_test.module @@ -9,6 +9,9 @@ function image_module_test_file_download($uri) { if (variable_get('image_module_test_file_download', FALSE) == $uri) { return array('X-Image-Owned-By' => 'image_module_test'); } + if (variable_get('image_module_test_invalid_headers', FALSE) == $uri) { + return array('Content-Type' => 'image/png'); + } } /** |