Merge remote-tracking branch 'origin/master' into video-audio

5 files changed, 288 insertions, 2 deletions

diff --git a/_test/tests/inc/auth_deleteprofile.test.php b/_test/tests/inc/auth_deleteprofile.test.php
new file mode 100644
index 000000000..dc38fcd16
--- /dev/null
+++ b/_test/tests/inc/auth_deleteprofile.test.php
@@ -0,0 +1,179 @@
+<?php
+
+class Mock_Auth_Plugin extends DokuWiki_Auth_Plugin {
+
+	public $loggedOff = false;
+
+    public function __construct($canDeleteUser = true) {
+		$this->cando['delUser'] = $canDeleteUser;
+    }
+
+    public function checkPass($user, $pass) {
+        return $pass == 'password';
+    }
+
+    public function deleteUsers($users) {
+    	return in_array($_SERVER['REMOTE_USER'], $users);
+    }
+
+    public function logoff() {
+    	$this->loggedOff = true;
+    }
+
+}
+
+class auth_deleteprofile_test extends DokuWikiTest {
+
+    /*
+     * Tests:
+     *
+     * 1.   It works and the user is logged off 
+     * 2.   Password matches when config requires it
+     * 3,4. Auth plugin can prevent & wiki config can prevent
+     * 5.  Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete'
+     *
+     */
+
+    function test_success() {
+
+        global $ACT, $INPUT, $conf, $auth;
+
+        $ACT = 'profile_delete';
+        $conf['profileconfirm'] = false;
+    	$_SERVER['REMOTE_USER'] = 'testuser';
+
+        $input = array(
+            'do'                 => $ACT,
+            'sectok'             => getSecurityToken(),
+            'delete'             => '1',
+            'confirm_delete'     => '1',
+        );
+
+        $_POST = $input;
+        $_REQUEST = $input;
+        $INPUT = new Input();
+
+        $auth = new Mock_Auth_Plugin();
+
+        $this->assertTrue(auth_deleteprofile());
+        $this->assertTrue($auth->loggedOff);
+    }
+
+    function test_confirmation_required() {
+
+        global $ACT, $INPUT, $conf, $auth;
+
+        $ACT = 'profile_delete';
+        $conf['profileconfirm'] = true;
+    	$_SERVER['REMOTE_USER'] = 'testuser';
+
+        $input = array(
+            'do'                 => $ACT,
+            'sectok'             => getSecurityToken(),
+            'delete'             => '1',
+            'confirm_delete'     => '1',
+            'oldpass'            => 'wrong',
+        );
+
+        $_POST = $input;
+        $_REQUEST = $input;
+        $INPUT = new Input();
+
+        $auth = new Mock_Auth_Plugin();
+
+        // password check required - it fails, so don't delete profile
+        $this->assertFalse(auth_deleteprofile());
+
+        // now it passes, we're good to go
+        $INPUT->set('oldpass','password');
+        $INPUT->post->set('oldpass','password');
+        $this->assertTrue(auth_deleteprofile());
+    }
+
+    function test_authconfig_prevents() {
+
+        global $ACT, $INPUT, $conf, $auth;
+
+        $ACT = 'profile_delete';
+        $conf['profileconfirm'] = false;
+    	$_SERVER['REMOTE_USER'] = 'testuser';
+
+        $input = array(
+            'do'                 => $ACT,
+            'sectok'             => getSecurityToken(),
+            'delete'             => '1',
+            'confirm_delete'     => '1',
+        );
+
+        $_POST = $input;
+        $_REQUEST = $input;
+        $INPUT = new Input();
+
+        $auth = new Mock_Auth_Plugin(false);
+        $conf['disableactions'] = '';
+        $this->assertFalse(auth_deleteprofile());
+    }
+
+    function test_wikiconfig_prevents() {
+
+        global $ACT, $INPUT, $conf, $auth;
+
+        $ACT = 'profile_delete';
+        $conf['profileconfirm'] = false;
+    	$_SERVER['REMOTE_USER'] = 'testuser';
+
+        $input = array(
+            'do'                 => $ACT,
+            'sectok'             => getSecurityToken(),
+            'delete'             => '1',
+            'confirm_delete'     => '1',
+        );
+
+        $_POST = $input;
+        $_REQUEST = $input;
+        $INPUT = new Input();
+
+        $auth = new Mock_Auth_Plugin();
+        $conf['disableactions'] = 'profile_delete';
+
+        $this->assertFalse(actionOK('profile_delete'));
+        $this->assertTrue($auth->canDo('delUser'));
+
+        $this->assertFalse(auth_deleteprofile());
+    }
+
+    function test_basic_parameters() {
+
+        global $ACT, $INPUT, $conf, $auth;
+
+        $ACT = 'profile_delete';
+        $conf['profileconfirm'] = true;
+    	$_SERVER['REMOTE_USER'] = 'testuser';
+
+        $input = array(
+            'do'                 => $ACT,
+            'sectok'             => getSecurityToken(),
+            'delete'             => '1',
+            'confirm_delete'     => '1',
+            'oldpass'            => 'password',
+        );
+
+        $_POST = $input;
+        $_REQUEST = $input;
+        $input_foundation = new Input();
+
+        $auth = new Mock_Auth_Plugin();
+
+        $INPUT = clone $input_foundation;
+        $INPUT->remove('delete');
+        $this->assertFalse(auth_deleteprofile());
+
+        $INPUT = clone $input_foundation;
+        $INPUT->set('sectok','wrong');
+        $this->assertFalse(auth_deleteprofile());
+
+        $INPUT = clone $input_foundation;
+        $INPUT->remove('confirm_delete');
+        $this->assertFalse(auth_deleteprofile());
+    }
+}
\ No newline at end of file
diff --git a/_test/tests/inc/common_ml.test.php b/_test/tests/inc/common_ml.test.php
index 6f3b71db4..415c0a88d 100644
--- a/_test/tests/inc/common_ml.test.php
+++ b/_test/tests/inc/common_ml.test.php
@@ -90,6 +90,25 @@ class common_ml_test extends DokuWikiTest {
         $this->assertEquals($expect, ml($id, $args));
     }
 
+    function test_ml_img_external() {
+        global $conf;
+        $conf['useslash']   = 0;
+        $conf['userewrite'] = 0;
+
+        $ids  = array(
+            'https://example.com/lib/tpl/dokuwiki/images/logo.png',
+            'http://example.com/lib/tpl/dokuwiki/images/logo.png',
+            'ftp://example.com/lib/tpl/dokuwiki/images/logo.png'
+        );
+
+        foreach($ids as $id) {
+            $tok = media_get_token($id, 0, 0);
+
+            $expect = DOKU_BASE.$this->script.'?tok='.$tok.'&amp;media='.rawurlencode($id);
+            $this->assertEquals($expect, ml($id));
+        }
+    }
+
     function test_ml_imgresize_array_external() {
         global $conf;
         $conf['useslash']   = 0;
@@ -107,8 +126,24 @@ class common_ml_test extends DokuWikiTest {
             $tok = media_get_token($id, $w, 0);
             $hash = substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6);
 
-            $expect = DOKU_BASE.$this->script.'?hash='.$hash.'&amp;w='.$w.'&amp;tok='.$tok.'&amp;media='.rawurlencode($id);
+            $expect = DOKU_BASE.$this->script.'?w='.$w.'&amp;tok='.$tok.'&amp;media='.rawurlencode($id);
             $this->assertEquals($expect, ml($id, $args));
         }
+
+        $h    = 50;
+        $args = array('h' => $h);
+        $tok = media_get_token($id, $h, 0);
+
+        $expect = DOKU_BASE.$this->script.'?h='.$h.'&amp;tok='.$tok.'&amp;media='.rawurlencode($id);
+        $this->assertEquals($expect, ml($id, $args));
+
+        $w    = 80;
+        $h    = 50;
+        $args = array('w' => $w, 'h' => $h);
+        $tok = media_get_token($id, $w, $h);
+
+        $expect = DOKU_BASE.$this->script.'?w='.$w.'&amp;h='.$h.'&amp;tok='.$tok.'&amp;media='.rawurlencode($id);
+        $this->assertEquals($expect, ml($id, $args));
+
     }
 }
diff --git a/_test/tests/inc/httpclient_http.test.php b/_test/tests/inc/httpclient_http.test.php
index 522f0790c..43dd4478f 100644
--- a/_test/tests/inc/httpclient_http.test.php
+++ b/_test/tests/inc/httpclient_http.test.php
@@ -122,9 +122,14 @@ class httpclient_http_test extends DokuWikiTest {
     function test_maxbody(){
         $http = new HTTPClient();
         $http->max_bodysize = 250;
+
+        // this should abort completely
         $data = $http->get($this->server.'/stream/30');
         $this->assertTrue($data === false, 'HTTP response');
+
+        // this should read just the needed bytes
         $http->max_bodysize_abort = false;
+        $http->keep_alive = false;
         $data = $http->get($this->server.'/stream/30');
         $this->assertFalse($data === false, 'HTTP response');
         /* should read no more than max_bodysize+1 */
diff --git a/_test/tests/inc/mailer.test.php b/_test/tests/inc/mailer.test.php
index 053e216b8..ef78692b3 100644
--- a/_test/tests/inc/mailer.test.php
+++ b/_test/tests/inc/mailer.test.php
@@ -15,6 +15,11 @@ class TestMailer extends Mailer {
     public function prepareHeaders() {
         return parent::prepareHeaders();
     }
+
+    public function cleanHeaders() {
+        parent::cleanHeaders();
+    }
+
 }
 
 class mailer_test extends DokuWikiTest {
@@ -67,6 +72,47 @@ class mailer_test extends DokuWikiTest {
         $this->assertArrayNotHasKey('Test-Header',$headers);
     }
 
+    function test_addresses(){
+        $mail = new TestMailer();
+
+        $mail->to('andi@splitbrain.org');
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('andi@splitbrain.org', $headers['To']);
+
+        $mail->to('<andi@splitbrain.org>');
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('andi@splitbrain.org', $headers['To']);
+
+        $mail->to('Andreas Gohr <andi@splitbrain.org>');
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('Andreas Gohr <andi@splitbrain.org>', $headers['To']);
+
+        $mail->to('Andreas Gohr <andi@splitbrain.org> , foo <foo@example.com>');
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('Andreas Gohr <andi@splitbrain.org>, foo <foo@example.com>', $headers['To']);
+
+        $mail->to('Möp <moep@example.com> , foo <foo@example.com>');
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('=?UTF-8?B?TcO2cA==?= <moep@example.com>, foo <foo@example.com>', $headers['To']);
+
+        $mail->to(array('Möp <moep@example.com> ',' foo <foo@example.com>'));
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('=?UTF-8?B?TcO2cA==?= <moep@example.com>, foo <foo@example.com>', $headers['To']);
+
+        $mail->to(array('Beet, L van <lvb@example.com>',' foo <foo@example.com>'));
+        $mail->cleanHeaders();
+        $headers = $mail->prop('headers');
+        $this->assertEquals('=?UTF-8?B?QmVldCwgTCB2YW4=?= <lvb@example.com>, foo <foo@example.com>', $headers['To']);
+
+
+    }
+
     function test_simplemail(){
         global $conf;
         $conf['htmlmail'] = 0;
diff --git a/_test/tests/inc/tar.test.php b/_test/tests/inc/tar.test.php
index 9801ca1e0..417f1a853 100644
--- a/_test/tests/inc/tar.test.php
+++ b/_test/tests/inc/tar.test.php
@@ -58,6 +58,8 @@ class Tar_TestCase extends DokuWikiTest {
         $tar->addData('another/testdata3.txt', 'testcontent3');
         $tar->close();
 
+copy ($tmp, '/tmp/test.tar');
+
         $this->assertTrue(filesize($tmp) > 30); //arbitrary non-zero number
         $data = file_get_contents($tmp);
 
@@ -66,7 +68,7 @@ class Tar_TestCase extends DokuWikiTest {
         $this->assertTrue(strpos($data, 'testcontent3') !== false, 'Content in TAR');
 
         // fullpath might be too long to be stored as full path FS#2802
-        $this->assertTrue(strpos($data, "$tdir") !== false, 'Path in TAR');
+        $this->assertTrue(strpos($data, "$tdir") !== false, "Path in TAR '$tdir'");
         $this->assertTrue(strpos($data, "testdata1.txt") !== false, 'File in TAR');
 
         $this->assertTrue(strpos($data, 'noway/testdata2.txt') !== false, 'Path in TAR');
@@ -396,4 +398,23 @@ class Tar_TestCase extends DokuWikiTest {
 
         $this->assertEquals(512*4, strlen($file)); // 1 header block + data block + 2 footer blocks
     }
+
+
+    public function test_cleanPath(){
+        $tar = new Tar();
+        $tests = array (
+            '/foo/bar' => 'foo/bar',
+            '/foo/bar/' => 'foo/bar',
+            'foo//bar' => 'foo/bar',
+            'foo/0/bar' => 'foo/0/bar',
+            'foo/../bar' => 'bar',
+            'foo/bang/bang/../../bar' => 'foo/bar',
+            'foo/../../bar' => 'bar',
+            'foo/.././../bar' => 'bar',
+        );
+
+        foreach($tests as $in => $out){
+            $this->assertEquals($out, $tar->cleanPath($in), "Input: $in");
+        }
+    }
 }