Issue #1179426 by chx, xjm: Added tests for SA-CORE-2011-001.

1 files changed, 56 insertions, 3 deletions

diff --git a/modules/file/tests/file.test b/modules/file/tests/file.test
index 947247de9..d3d79bf9d 100644
--- a/modules/file/tests/file.test
+++ b/modules/file/tests/file.test
@@ -12,7 +12,16 @@ class FileFieldTestCase extends DrupalWebTestCase {
   protected $admin_user;
 
   function setUp() {
-    parent::setUp('file', 'file_module_test');
+    // Since this is a base class for many test cases, support the same
+    // flexibility that DrupalWebTestCase::setUp() has for the modules to be
+    // passed in as either an array or a variable number of string arguments.
+    $modules = func_get_args();
+    if (isset($modules[0]) && is_array($modules[0])) {
+      $modules = $modules[0];
+    }
+    $modules[] = 'file';
+    $modules[] = 'file_module_test';
+    parent::setUp($modules);
     $this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer users', 'administer permissions', 'administer content types', 'administer nodes', 'bypass node access'));
     $this->drupalLogin($this->admin_user);
   }
@@ -112,7 +121,7 @@ class FileFieldTestCase extends DrupalWebTestCase {
   /**
    * Upload a file to a node.
    */
-  function uploadNodeFile($file, $field_name, $nid_or_type, $new_revision = TRUE) {
+  function uploadNodeFile($file, $field_name, $nid_or_type, $new_revision = TRUE, $extras = array()) {
     $langcode = LANGUAGE_NONE;
     $edit = array(
       "title" => $this->randomName(),
@@ -124,7 +133,8 @@ class FileFieldTestCase extends DrupalWebTestCase {
     }
     else {
       // Add a new node.
-      $node = $this->drupalCreateNode(array('type' => $nid_or_type));
+      $extras['type'] = $nid_or_type;
+      $node = $this->drupalCreateNode($extras);
       $nid = $node->nid;
       // Save at least one revision to better simulate a real site.
       $this->drupalCreateNode(get_object_vars($node));
@@ -1041,3 +1051,46 @@ class FileTokenReplaceTestCase extends FileFieldTestCase {
     }
   }
 }
+
+/**
+ * Test class to test file access on private nodes.
+ */
+class FilePrivateTestCase extends FileFieldTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => 'Private file test',
+      'description' => 'Uploads a test to a private node and checks access.',
+      'group' => 'File',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('node_access_test');
+    node_access_rebuild();
+    variable_set('node_access_test_private', TRUE);
+  }
+
+  /**
+   * Uploads a file to a private node, then tests that access is allowed and denied when appropriate.
+   */
+  function testPrivateFile() {
+    // Use 'page' instead of 'article', so that the 'article' image field does
+    // not conflict with this test. If in the future the 'page' type gets its
+    // own default file or image field, this test can be made more robust by
+    // using a custom node type.
+    $type_name = 'page';
+    $field_name = strtolower($this->randomName());
+    $this->createFileField($field_name, $type_name, array('uri_scheme' => 'private'));
+
+    $test_file = $this->getTestFile('text');
+    $nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => TRUE));
+    $node = node_load($nid, NULL, TRUE);
+    $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
+    // Ensure the file can be downloaded.
+    $this->drupalGet(file_create_url($node_file->uri));
+    $this->assertResponse(200, t('Confirmed that the generated URL is correct by downloading the shipped file.'));
+    $this->drupalLogOut();
+    $this->drupalGet(file_create_url($node_file->uri));
+    $this->assertNoResponse(200, t('Confirmed that access is denied for the file without the needed permission.'));
+  }
+}