file.test 81.9 KB
Newer Older
1 2 3 4
<?php

/**
 * @file
5
 * Tests for file.module.
6 7 8
 */

/**
9
 * Provides methods specifically for testing File module's field handling.
10 11 12 13 14
 */
class FileFieldTestCase extends DrupalWebTestCase {
  protected $admin_user;

  function setUp() {
15 16 17 18 19 20 21 22 23 24
    // Since this is a base class for many test cases, support the same
    // flexibility that DrupalWebTestCase::setUp() has for the modules to be
    // passed in as either an array or a variable number of string arguments.
    $modules = func_get_args();
    if (isset($modules[0]) && is_array($modules[0])) {
      $modules = $modules[0];
    }
    $modules[] = 'file';
    $modules[] = 'file_module_test';
    parent::setUp($modules);
25
    $this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer users', 'administer permissions', 'administer content types', 'administer nodes', 'bypass node access', 'administer fields'));
26 27 28 29
    $this->drupalLogin($this->admin_user);
  }

  /**
30
   * Retrieves a sample file of the specified type.
31 32 33 34 35 36 37 38 39 40 41
   */
  function getTestFile($type_name, $size = NULL) {
    // Get a file to upload.
    $file = current($this->drupalGetTestFiles($type_name, $size));

    // Add a filesize property to files as would be read by file_load().
    $file->filesize = filesize($file->uri);

    return $file;
  }

42
  /**
43
   * Retrieves the fid of the last inserted file.
44 45 46 47 48
   */
  function getLastFileId() {
    return (int) db_query('SELECT MAX(fid) FROM {file_managed}')->fetchField();
  }

49
  /**
50
   * Creates a new file field.
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
   *
   * @param $name
   *   The name of the new field (all lowercase), exclude the "field_" prefix.
   * @param $type_name
   *   The node type that this field will be added to.
   * @param $field_settings
   *   A list of field settings that will be added to the defaults.
   * @param $instance_settings
   *   A list of instance settings that will be added to the instance defaults.
   * @param $widget_settings
   *   A list of widget settings that will be added to the widget defaults.
   */
  function createFileField($name, $type_name, $field_settings = array(), $instance_settings = array(), $widget_settings = array()) {
    $field = array(
      'field_name' => $name,
      'type' => 'file',
      'settings' => array(),
      'cardinality' => !empty($field_settings['cardinality']) ? $field_settings['cardinality'] : 1,
    );
    $field['settings'] = array_merge($field['settings'], $field_settings);
    field_create_field($field);

73 74 75 76
    $this->attachFileField($name, 'node', $type_name, $instance_settings, $widget_settings);
  }

  /**
77
   * Attaches a file field to an entity.
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
   *
   * @param $name
   *   The name of the new field (all lowercase), exclude the "field_" prefix.
   * @param $entity_type
   *   The entity type this field will be added to.
   * @param $bundle
   *   The bundle this field will be added to.
   * @param $field_settings
   *   A list of field settings that will be added to the defaults.
   * @param $instance_settings
   *   A list of instance settings that will be added to the instance defaults.
   * @param $widget_settings
   *   A list of widget settings that will be added to the widget defaults.
   */
  function attachFileField($name, $entity_type, $bundle, $instance_settings = array(), $widget_settings = array()) {
93
    $instance = array(
94
      'field_name' => $name,
95
      'label' => $name,
96 97
      'entity_type' => $entity_type,
      'bundle' => $bundle,
98 99 100 101 102 103 104 105 106 107 108 109 110
      'required' => !empty($instance_settings['required']),
      'settings' => array(),
      'widget' => array(
        'type' => 'file_generic',
        'settings' => array(),
      ),
    );
    $instance['settings'] = array_merge($instance['settings'], $instance_settings);
    $instance['widget']['settings'] = array_merge($instance['widget']['settings'], $widget_settings);
    field_create_instance($instance);
  }

  /**
111
   * Updates an existing file field with new settings.
112 113
   */
  function updateFileField($name, $type_name, $instance_settings = array(), $widget_settings = array()) {
114
    $instance = field_info_instance('node', $name, $type_name);
115 116 117 118 119 120 121
    $instance['settings'] = array_merge($instance['settings'], $instance_settings);
    $instance['widget']['settings'] = array_merge($instance['widget']['settings'], $widget_settings);

    field_update_instance($instance);
  }

  /**
122
   * Uploads a file to a node.
123
   */
124
  function uploadNodeFile($file, $field_name, $nid_or_type, $new_revision = TRUE, $extras = array()) {
125
    $langcode = LANGUAGE_NONE;
126
    $edit = array(
127
      "title" => $this->randomName(),
128 129 130 131
      'revision' => (string) (int) $new_revision,
    );

    if (is_numeric($nid_or_type)) {
132
      $nid = $nid_or_type;
133 134
    }
    else {
135
      // Add a new node.
136 137
      $extras['type'] = $nid_or_type;
      $node = $this->drupalCreateNode($extras);
138 139 140 141
      $nid = $node->nid;
      // Save at least one revision to better simulate a real site.
      $this->drupalCreateNode(get_object_vars($node));
      $node = node_load($nid, NULL, TRUE);
142
      $this->assertNotEqual($nid, $node->vid, 'Node revision exists.');
143 144
    }

145 146 147 148 149
    // Attach a file to the node.
    $edit['files[' . $field_name . '_' . $langcode . '_0]'] = drupal_realpath($file->uri);
    $this->drupalPost("node/$nid/edit", $edit, t('Save'));

    return $nid;
150 151 152
  }

  /**
153
   * Removes a file from a node.
154 155 156 157 158 159 160 161 162 163 164 165 166
   *
   * Note that if replacing a file, it must first be removed then added again.
   */
  function removeNodeFile($nid, $new_revision = TRUE) {
    $edit = array(
      'revision' => (string) (int) $new_revision,
    );

    $this->drupalPost('node/' . $nid . '/edit', array(), t('Remove'));
    $this->drupalPost(NULL, $edit, t('Save'));
  }

  /**
167
   * Replaces a file within a node.
168 169 170
   */
  function replaceNodeFile($file, $field_name, $nid, $new_revision = TRUE) {
    $edit = array(
171
      'files[' . $field_name . '_' . LANGUAGE_NONE . '_0]' => drupal_realpath($file->uri),
172 173 174 175 176 177 178 179
      'revision' => (string) (int) $new_revision,
    );

    $this->drupalPost('node/' . $nid . '/edit', array(), t('Remove'));
    $this->drupalPost(NULL, $edit, t('Save'));
  }

  /**
180
   * Asserts that a file exists physically on disk.
181 182
   */
  function assertFileExists($file, $message = NULL) {
183
    $message = isset($message) ? $message : format_string('File %file exists on the disk.', array('%file' => $file->uri));
184 185 186 187
    $this->assertTrue(is_file($file->uri), $message);
  }

  /**
188
   * Asserts that a file exists in the database.
189 190
   */
  function assertFileEntryExists($file, $message = NULL) {
191
    entity_get_controller('file')->resetCache();
192
    $db_file = file_load($file->fid);
193
    $message = isset($message) ? $message : format_string('File %file exists in database at the correct path.', array('%file' => $file->uri));
194 195 196 197
    $this->assertEqual($db_file->uri, $file->uri, $message);
  }

  /**
198
   * Asserts that a file does not exist on disk.
199 200
   */
  function assertFileNotExists($file, $message = NULL) {
201
    $message = isset($message) ? $message : format_string('File %file exists on the disk.', array('%file' => $file->uri));
202 203 204 205
    $this->assertFalse(is_file($file->uri), $message);
  }

  /**
206
   * Asserts that a file does not exist in the database.
207 208
   */
  function assertFileEntryNotExists($file, $message) {
209
    entity_get_controller('file')->resetCache();
210
    $message = isset($message) ? $message : format_string('File %file exists in database at the correct path.', array('%file' => $file->uri));
211 212
    $this->assertFalse(file_load($file->fid), $message);
  }
213 214

  /**
215
   * Asserts that a file's status is set to permanent in the database.
216 217
   */
  function assertFileIsPermanent($file, $message = NULL) {
218
    $message = isset($message) ? $message : format_string('File %file is permanent.', array('%file' => $file->uri));
219 220
    $this->assertTrue($file->status == FILE_STATUS_PERMANENT, $message);
  }
221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244

  /**
   * Creates a temporary file, for a specific user.
   *
   * @param string $data
   *   A string containing the contents of the file.
   * @param int $uid
   *   The user ID of the file owner.
   *
   * @return object
   *   A file object, or FALSE on error.
   */
  function createTemporaryFile($data, $uid = NULL) {
    $file = file_save_data($data, NULL, NULL);

    if ($file) {
      $file->uid = isset($uid) ? $uid : $this->admin_user->uid;
      // Change the file status to be temporary.
      $file->status = NULL;
      return file_save($file);
    }

    return $file;
  }
245 246
}

247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368
/**
 * Tests adding a file to a non-node entity.
 */
class FileTaxonomyTermTestCase extends DrupalWebTestCase {
  protected $admin_user;

  public static function getInfo() {
    return array(
      'name' => 'Taxonomy term file test',
      'description' => 'Tests adding a file to a non-node entity.',
      'group' => 'File',
    );
  }

  public function setUp() {
    $modules[] = 'file';
    $modules[] = 'taxonomy';
    parent::setUp($modules);
    $this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer taxonomy'));
    $this->drupalLogin($this->admin_user);
  }

  /**
   * Creates a file field and attaches it to the "Tags" taxonomy vocabulary.
   *
   * @param $name
   *   The field name of the file field to create.
   * @param $uri_scheme
   *   The URI scheme to use for the file field (for example, "private" to
   *   create a field that stores private files or "public" to create a field
   *   that stores public files).
   */
  protected function createAttachFileField($name, $uri_scheme) {
    $field = array(
      'field_name' => $name,
      'type' => 'file',
      'settings' => array(
        'uri_scheme' => $uri_scheme,
      ),
      'cardinality' => 1,
    );
    field_create_field($field);
    // Attach an instance of it.
    $instance = array(
      'field_name' => $name,
      'label' => 'File',
      'entity_type' => 'taxonomy_term',
      'bundle' => 'tags',
      'required' => FALSE,
      'settings' => array(),
      'widget' => array(
        'type' => 'file_generic',
        'settings' => array(),
      ),
    );
    field_create_instance($instance);
  }

  /**
   * Tests that a public file can be attached to a taxonomy term.
   *
   * This is a regression test for https://www.drupal.org/node/2305017.
   */
  public function testTermFilePublic() {
    $this->_testTermFile('public');
  }

  /**
   * Tests that a private file can be attached to a taxonomy term.
   *
   * This is a regression test for https://www.drupal.org/node/2305017.
   */
  public function testTermFilePrivate() {
    $this->_testTermFile('private');
  }

  /**
   * Runs tests for attaching a file field to a taxonomy term.
   *
   * @param $uri_scheme
   *   The URI scheme to use for the file field, either "public" or "private".
   */
  protected function _testTermFile($uri_scheme) {
    $field_name = strtolower($this->randomName());
    $this->createAttachFileField($field_name, $uri_scheme);
    // Get a file to upload.
    $file = current($this->drupalGetTestFiles('text'));
    // Add a filesize property to files as would be read by file_load().
    $file->filesize = filesize($file->uri);
    $langcode = LANGUAGE_NONE;
    $edit = array(
      "name" => $this->randomName(),
    );
    // Attach a file to the term.
    $edit['files[' . $field_name . '_' . $langcode . '_0]'] = drupal_realpath($file->uri);
    $this->drupalPost("admin/structure/taxonomy/tags/add", $edit, t('Save'));
    // Find the term ID we just created.
    $tid = db_query_range('SELECT tid FROM {taxonomy_term_data} ORDER BY tid DESC', 0, 1)->fetchField();
    $terms = entity_load('taxonomy_term', array($tid));
    $term = $terms[$tid];
    $fid = $term->{$field_name}[LANGUAGE_NONE][0]['fid'];
    // Check that the uploaded file is present on the edit form.
    $this->drupalGet("taxonomy/term/$tid/edit");
    $file_input_name = $field_name . '[' . LANGUAGE_NONE . '][0][fid]';
    $this->assertFieldByXpath('//input[@type="hidden" and @name="' . $file_input_name . '"]', $fid, 'File is attached on edit form.');
    // Edit the term and change name without changing the file.
    $edit = array(
      "name" => $this->randomName(),
    );
    $this->drupalPost("taxonomy/term/$tid/edit", $edit, t('Save'));
    // Check that the uploaded file is still present on the edit form.
    $this->drupalGet("taxonomy/term/$tid/edit");
    $file_input_name = $field_name . '[' . LANGUAGE_NONE . '][0][fid]';
    $this->assertFieldByXpath('//input[@type="hidden" and @name="' . $file_input_name . '"]', $fid, 'File is attached on edit form.');
    // Load term while resetting the cache.
    $terms = entity_load('taxonomy_term', array($tid), array(), TRUE);
    $term = $terms[$tid];
    $this->assertTrue(!empty($term->{$field_name}[LANGUAGE_NONE]), 'Term has attached files.');
    $this->assertEqual($term->{$field_name}[LANGUAGE_NONE][0]['fid'], $fid, 'Same File ID is attached to the term.');
  }
}

369
/**
370
 * Tests the 'managed_file' element type.
371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387
 *
 * @todo Create a FileTestCase base class and move FileFieldTestCase methods
 *   that aren't related to fields into it.
 */
class FileManagedFileElementTestCase extends FileFieldTestCase {
  public static function getInfo() {
    return array(
      'name' => 'Managed file element test',
      'description' => 'Tests the managed_file element type.',
      'group' => 'File',
    );
  }

  /**
   * Tests the managed_file element type.
   */
  function testManagedFile() {
388 389 390 391
    // Check that $element['#size'] is passed to the child upload element.
    $this->drupalGet('file/test');
    $this->assertFieldByXpath('//input[@name="files[nested_file]" and @size="13"]', NULL, 'The custom #size attribute is passed to the child upload element.');

392 393 394 395 396 397 398 399 400 401
    // Perform the tests with all permutations of $form['#tree'] and
    // $element['#extended'].
    foreach (array(0, 1) as $tree) {
      foreach (array(0, 1) as $extended) {
        $test_file = $this->getTestFile('text');
        $path = 'file/test/' . $tree . '/' . $extended;
        $input_base_name = $tree ? 'nested_file' : 'file';

        // Submit without a file.
        $this->drupalPost($path, array(), t('Save'));
402
        $this->assertRaw(t('The file id is %fid.', array('%fid' => 0)), 'Submitted without a file.');
403

David_Rothstein's avatar
David_Rothstein committed
404 405 406 407 408 409 410 411 412 413 414 415
        // Submit with a file, but with an invalid form token. Ensure the file
        // was not saved.
        $last_fid_prior = $this->getLastFileId();
        $edit = array(
          'files[' . $input_base_name . ']' => drupal_realpath($test_file->uri),
          'form_token' => 'invalid token',
        );
        $this->drupalPost($path, $edit, t('Save'));
        $this->assertText('The form has become outdated. Copy any unsaved work in the form below');
        $last_fid = $this->getLastFileId();
        $this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');

416 417 418 419 420
        // Submit a new file, without using the Upload button.
        $last_fid_prior = $this->getLastFileId();
        $edit = array('files[' . $input_base_name . ']' => drupal_realpath($test_file->uri));
        $this->drupalPost($path, $edit, t('Save'));
        $last_fid = $this->getLastFileId();
421 422
        $this->assertTrue($last_fid > $last_fid_prior, 'New file got saved.');
        $this->assertRaw(t('The file id is %fid.', array('%fid' => $last_fid)), 'Submit handler has correct file info.');
423 424 425

        // Submit no new input, but with a default file.
        $this->drupalPost($path . '/' . $last_fid, array(), t('Save'));
426
        $this->assertRaw(t('The file id is %fid.', array('%fid' => $last_fid)), 'Empty submission did not change an existing file.');
427

428
        // Now, test the Upload and Remove buttons, with and without Ajax.
429 430 431 432 433 434 435 436 437 438 439 440
        foreach (array(FALSE, TRUE) as $ajax) {
          // Upload, then Submit.
          $last_fid_prior = $this->getLastFileId();
          $this->drupalGet($path);
          $edit = array('files[' . $input_base_name . ']' => drupal_realpath($test_file->uri));
          if ($ajax) {
            $this->drupalPostAJAX(NULL, $edit, $input_base_name . '_upload_button');
          }
          else {
            $this->drupalPost(NULL, $edit, t('Upload'));
          }
          $last_fid = $this->getLastFileId();
441
          $this->assertTrue($last_fid > $last_fid_prior, 'New file got uploaded.');
442
          $this->drupalPost(NULL, array(), t('Save'));
443
          $this->assertRaw(t('The file id is %fid.', array('%fid' => $last_fid)), 'Submit handler has correct file info.');
444 445 446 447 448 449 450 451 452 453

          // Remove, then Submit.
          $this->drupalGet($path . '/' . $last_fid);
          if ($ajax) {
            $this->drupalPostAJAX(NULL, array(), $input_base_name . '_remove_button');
          }
          else {
            $this->drupalPost(NULL, array(), t('Remove'));
          }
          $this->drupalPost(NULL, array(), t('Save'));
454
          $this->assertRaw(t('The file id is %fid.', array('%fid' => 0)), 'Submission after file removal was successful.');
455 456 457 458 459 460 461 462 463 464 465 466 467

          // Upload, then Remove, then Submit.
          $this->drupalGet($path);
          $edit = array('files[' . $input_base_name . ']' => drupal_realpath($test_file->uri));
          if ($ajax) {
            $this->drupalPostAJAX(NULL, $edit, $input_base_name . '_upload_button');
            $this->drupalPostAJAX(NULL, array(), $input_base_name . '_remove_button');
          }
          else {
            $this->drupalPost(NULL, $edit, t('Upload'));
            $this->drupalPost(NULL, array(), t('Remove'));
          }
          $this->drupalPost(NULL, array(), t('Save'));
468
          $this->assertRaw(t('The file id is %fid.', array('%fid' => 0)), 'Submission after file upload and removal was successful.');
469 470 471 472 473
        }
      }
    }
  }
}
474 475

/**
476
 * Tests file field widget.
477 478 479 480 481
 */
class FileFieldWidgetTestCase extends FileFieldTestCase {
  public static function getInfo() {
    return array(
      'name' => 'File field widget test',
482
      'description' => 'Tests the file field widget, single and multi-valued, with and without AJAX, with public and private files.',
483 484 485 486 487
      'group' => 'File',
    );
  }

  /**
488
   * Tests upload and remove buttons for a single-valued File field.
489
   */
490
  function testSingleValuedWidget() {
491 492 493 494 495 496 497 498 499 500 501 502 503 504 505
    // Use 'page' instead of 'article', so that the 'article' image field does
    // not conflict with this test. If in the future the 'page' type gets its
    // own default file or image field, this test can be made more robust by
    // using a custom node type.
    $type_name = 'page';
    $field_name = strtolower($this->randomName());
    $this->createFileField($field_name, $type_name);
    $field = field_info_field($field_name);
    $instance = field_info_instance('node', $field_name, $type_name);

    $test_file = $this->getTestFile('text');

    foreach (array('nojs', 'js') as $type) {
      // Create a new node with the uploaded file and ensure it got uploaded
      // successfully.
506 507
      // @todo This only tests a 'nojs' submission, because drupalPostAJAX()
      //   does not yet support file uploads.
508 509 510
      $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
      $node = node_load($nid, NULL, TRUE);
      $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
511
      $this->assertFileExists($node_file, 'New file saved to disk on node creation.');
512

513 514 515 516 517 518 519 520 521
      // Test that running field_attach_update() leaves the file intact.
      $field = new stdClass();
      $field->type = $type_name;
      $field->nid = $nid;
      field_attach_update('node', $field);
      $node = node_load($nid);
      $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
      $this->assertFileExists($node_file, 'New file still saved to disk on field update.');

522
      // Ensure the file can be downloaded.
523
      $this->drupalGet(file_create_url($node_file->uri));
524
      $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
525 526 527

      // Ensure the edit page has a remove button instead of an upload button.
      $this->drupalGet("node/$nid/edit");
528 529
      $this->assertNoFieldByXPath('//input[@type="submit"]', t('Upload'), 'Node with file does not display the "Upload" button.');
      $this->assertFieldByXpath('//input[@type="submit"]', t('Remove'), 'Node with file displays the "Remove" button.');
530 531 532 533 534 535 536 537

      // "Click" the remove button (emulating either a nojs or js submission).
      switch ($type) {
        case 'nojs':
          $this->drupalPost(NULL, array(), t('Remove'));
          break;
        case 'js':
          $button = $this->xpath('//input[@type="submit" and @value="' . t('Remove') . '"]');
538
          $this->drupalPostAJAX(NULL, array(), array((string) $button[0]['name'] => (string) $button[0]['value']));
539 540 541 542
          break;
      }

      // Ensure the page now has an upload button instead of a remove button.
543 544
      $this->assertNoFieldByXPath('//input[@type="submit"]', t('Remove'), 'After clicking the "Remove" button, it is no longer displayed.');
      $this->assertFieldByXpath('//input[@type="submit"]', t('Upload'), 'After clicking the "Remove" button, the "Upload" button is displayed.');
545 546 547 548

      // Save the node and ensure it does not have the file.
      $this->drupalPost(NULL, array(), t('Save'));
      $node = node_load($nid, NULL, TRUE);
549
      $this->assertTrue(empty($node->{$field_name}[LANGUAGE_NONE][0]['fid']), 'File was successfully removed from the node.');
550
    }
551
  }
552

553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598
  /**
   * Tests exploiting the temporary file removal of another user using fid.
   */
  function testTemporaryFileRemovalExploit() {
    // Create a victim user.
    $victim_user = $this->drupalCreateUser();

    // Create an attacker user.
    $attacker_user = $this->drupalCreateUser(array(
      'access content',
      'create page content',
      'edit any page content',
    ));

    // Log in as the attacker user.
    $this->drupalLogin($attacker_user);

    // Perform tests using the newly created users.
    $this->doTestTemporaryFileRemovalExploit($victim_user->uid, $attacker_user->uid);
  }

  /**
   * Tests exploiting the temporary file removal for anonymous users using fid.
   */
  public function testTemporaryFileRemovalExploitAnonymous() {
    // Set up an anonymous victim user.
    $victim_uid = 0;

    // Set up an anonymous attacker user.
    $attacker_uid = 0;

    // Set up permissions for anonymous attacker user.
    user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
      'access content' => TRUE,
      'create page content' => TRUE,
      'edit any page content' => TRUE,
    ));

    // In order to simulate being the anonymous attacker user, we need to log
    // out here since setUp() has logged in the admin.
    $this->drupalLogout();

    // Perform tests using the newly set up users.
    $this->doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid);
  }

599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648
  /**
   * Tests validation with the Upload button.
   */
  function testWidgetValidation() {
    $type_name = 'article';
    $field_name = strtolower($this->randomName());
    $this->createFileField($field_name, $type_name);
    $this->updateFileField($field_name, $type_name, array('file_extensions' => 'txt'));

    foreach (array('nojs', 'js') as $type) {
      // Create node and prepare files for upload.
      $node = $this->drupalCreateNode(array('type' => 'article'));
      $nid = $node->nid;
      $this->drupalGet("node/$nid/edit");
      $test_file_text = $this->getTestFile('text');
      $test_file_image = $this->getTestFile('image');
      $field = field_info_field($field_name);
      $name = 'files[' . $field_name . '_' . LANGUAGE_NONE . '_0]';

      // Upload file with incorrect extension, check for validation error.
      $edit[$name] = drupal_realpath($test_file_image->uri);
      switch ($type) {
        case 'nojs':
          $this->drupalPost(NULL, $edit, t('Upload'));
          break;

        case 'js':
          $button = $this->xpath('//input[@type="submit" and @value="' . t('Upload') . '"]');
          $this->drupalPostAJAX(NULL, $edit, array((string) $button[0]['name'] => (string) $button[0]['value']));
          break;
      }
      $error_message = t('Only files with the following extensions are allowed: %files-allowed.', array('%files-allowed' => 'txt'));
      $this->assertRaw($error_message, t('Validation error when file with wrong extension uploaded (JSMode=%type).', array('%type' => $type)));

      // Upload file with correct extension, check that error message is removed.
      $edit[$name] = drupal_realpath($test_file_text->uri);
      switch ($type) {
        case 'nojs':
          $this->drupalPost(NULL, $edit, t('Upload'));
          break;

        case 'js':
          $button = $this->xpath('//input[@type="submit" and @value="' . t('Upload') . '"]');
          $this->drupalPostAJAX(NULL, $edit, array((string) $button[0]['name'] => (string) $button[0]['value']));
          break;
      }
      $this->assertNoRaw($error_message, t('Validation error removed when file with correct extension uploaded (JSMode=%type).', array('%type' => $type)));
    }
  }

649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716
  /**
   * Helper for testing exploiting the temporary file removal using fid.
   *
   * @param int $victim_uid
   *   The victim user ID.
   * @param int $attacker_uid
   *   The attacker user ID.
   */
  protected function doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid) {
    // Use 'page' instead of 'article', so that the 'article' image field does
    // not conflict with this test. If in the future the 'page' type gets its
    // own default file or image field, this test can be made more robust by
    // using a custom node type.
    $type_name = 'page';
    $field_name = 'test_file_field';
    $this->createFileField($field_name, $type_name);

    $test_file = $this->getTestFile('text');
    foreach (array('nojs', 'js') as $type) {
      // Create a temporary file owned by the anonymous victim user. This will be
      // as if they had uploaded the file, but not saved the node they were
      // editing or creating.
      $victim_tmp_file = $this->createTemporaryFile('some text', $victim_uid);
      $victim_tmp_file = file_load($victim_tmp_file->fid);
      $this->assertTrue($victim_tmp_file->status != FILE_STATUS_PERMANENT, 'New file saved to disk is temporary.');
      $this->assertFalse(empty($victim_tmp_file->fid), 'New file has a fid');
      $this->assertEqual($victim_uid, $victim_tmp_file->uid, 'New file belongs to the victim user');

      // Have attacker create a new node with a different uploaded file and
      // ensure it got uploaded successfully.
      // @todo Can we test AJAX? See https://www.drupal.org/node/2538260
      $edit = array(
        'title' => $type . '-title',
      );

      // Attach a file to a node.
      $langcode = LANGUAGE_NONE;
      $edit['files[' . $field_name . '_' . $langcode . '_0]'] = drupal_realpath($test_file->uri);
      $this->drupalPost("node/add/$type_name", $edit, 'Save');
      $node = $this->drupalGetNodeByTitle($edit['title']);
      $node_file = file_load($node->{$field_name}[$langcode][0]['fid']);
      $this->assertFileExists($node_file, 'New file saved to disk on node creation.');
      $this->assertEqual($attacker_uid, $node_file->uid, 'New file belongs to the attacker.');

      // Ensure the file can be downloaded.
      $this->drupalGet(file_create_url($node_file->uri));
      $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');

      // "Click" the remove button (emulating either a nojs or js submission).
      // In this POST request, the attacker "guesses" the fid of the victim's
      // temporary file and uses that to remove this file.
      $this->drupalGet('node/' . $node->nid . '/edit');
      switch ($type) {
        case 'nojs':
          $this->drupalPost(NULL, array("{$field_name}[$langcode][0][fid]" => (string) $victim_tmp_file->fid), 'Remove');
          break;
        case 'js':
          $button = $this->xpath('//input[@type="submit" and @value="Remove"]');
          $this->drupalPostAJAX(NULL, array("{$field_name}[$langcode][0][fid]" => (string) $victim_tmp_file->fid), array((string) $button[0]['name'] => (string) $button[0]['value']));
          break;
      }

      // The victim's temporary file should not be removed by the attacker's
      // POST request.
      $this->assertFileExists($victim_tmp_file);
    }
  }

717
  /**
718
   * Tests upload and remove buttons for multiple multi-valued File fields.
719 720 721 722 723 724 725 726
   */
  function testMultiValuedWidget() {
    // Use 'page' instead of 'article', so that the 'article' image field does
    // not conflict with this test. If in the future the 'page' type gets its
    // own default file or image field, this test can be made more robust by
    // using a custom node type.
    $type_name = 'page';
    $field_name = strtolower($this->randomName());
727
    $field_name2 = strtolower($this->randomName());
728
    $this->createFileField($field_name, $type_name, array('cardinality' => 3));
729 730
    $this->createFileField($field_name2, $type_name, array('cardinality' => 3));

731 732 733
    $field = field_info_field($field_name);
    $instance = field_info_instance('node', $field_name, $type_name);

734 735 736
    $field2 = field_info_field($field_name2);
    $instance2 = field_info_instance('node', $field_name2, $type_name);

737 738 739
    $test_file = $this->getTestFile('text');

    foreach (array('nojs', 'js') as $type) {
740 741 742 743 744
      // Visit the node creation form, and upload 3 files for each field. Since
      // the field has cardinality of 3, ensure the "Upload" button is displayed
      // until after the 3rd file, and after that, isn't displayed. Because
      // SimpleTest triggers the last button with a given name, so upload to the
      // second field first.
745
      // @todo This is only testing a non-Ajax upload, because drupalPostAJAX()
746
      //   does not yet emulate jQuery's file upload.
747
      //
748
      $this->drupalGet("node/add/$type_name");
749 750 751 752 753 754
      foreach (array($field_name2, $field_name) as $each_field_name) {
        for ($delta = 0; $delta < 3; $delta++) {
          $edit = array('files[' . $each_field_name . '_' . LANGUAGE_NONE . '_' . $delta . ']' => drupal_realpath($test_file->uri));
          // If the Upload button doesn't exist, drupalPost() will automatically
          // fail with an assertion message.
          $this->drupalPost(NULL, $edit, t('Upload'));
755
        }
756
      }
757
      $this->assertNoFieldByXpath('//input[@type="submit"]', t('Upload'), 'After uploading 3 files for each field, the "Upload" button is no longer displayed.');
758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773

      $num_expected_remove_buttons = 6;

      foreach (array($field_name, $field_name2) as $current_field_name) {
        // How many uploaded files for the current field are remaining.
        $remaining = 3;
        // Test clicking each "Remove" button. For extra robustness, test them out
        // of sequential order. They are 0-indexed, and get renumbered after each
        // iteration, so array(1, 1, 0) means:
        // - First remove the 2nd file.
        // - Then remove what is then the 2nd file (was originally the 3rd file).
        // - Then remove the first file.
        foreach (array(1,1,0) as $delta) {
          // Ensure we have the expected number of Remove buttons, and that they
          // are numbered sequentially.
          $buttons = $this->xpath('//input[@type="submit" and @value="Remove"]');
774
          $this->assertTrue(is_array($buttons) && count($buttons) === $num_expected_remove_buttons, format_string('There are %n "Remove" buttons displayed (JSMode=%type).', array('%n' => $num_expected_remove_buttons, '%type' => $type)));
775 776 777 778 779 780
          foreach ($buttons as $i => $button) {
            $key = $i >= $remaining ? $i - $remaining : $i;
            $check_field_name = $field_name2;
            if ($current_field_name == $field_name && $i < $remaining) {
              $check_field_name = $field_name;
            }
781

782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799
            $this->assertIdentical((string) $button['name'], $check_field_name . '_' . LANGUAGE_NONE . '_' . $key. '_remove_button');
          }

          // "Click" the remove button (emulating either a nojs or js submission).
          $button_name = $current_field_name . '_' . LANGUAGE_NONE . '_' . $delta . '_remove_button';
          switch ($type) {
            case 'nojs':
              // drupalPost() takes a $submit parameter that is the value of the
              // button whose click we want to emulate. Since we have multiple
              // buttons with the value "Remove", and want to control which one we
              // use, we change the value of the other ones to something else.
              // Since non-clicked buttons aren't included in the submitted POST
              // data, and since drupalPost() will result in $this being updated
              // with a newly rebuilt form, this doesn't cause problems.
              foreach ($buttons as $button) {
                if ($button['name'] != $button_name) {
                  $button['value'] = 'DUMMY';
                }
800
              }
801 802 803 804 805 806 807 808 809 810 811 812 813 814 815
              $this->drupalPost(NULL, array(), t('Remove'));
              break;
            case 'js':
              // drupalPostAJAX() lets us target the button precisely, so we don't
              // require the workaround used above for nojs.
              $this->drupalPostAJAX(NULL, array(), array($button_name => t('Remove')));
              break;
          }
          $num_expected_remove_buttons--;
          $remaining--;

          // Ensure an "Upload" button for the current field is displayed with the
          // correct name.
          $upload_button_name = $current_field_name . '_' . LANGUAGE_NONE . '_' . $remaining . '_upload_button';
          $buttons = $this->xpath('//input[@type="submit" and @value="Upload" and @name=:name]', array(':name' => $upload_button_name));
816
          $this->assertTrue(is_array($buttons) && count($buttons) == 1, format_string('The upload button is displayed with the correct name (JSMode=%type).', array('%type' => $type)));
817 818 819 820

          // Ensure only at most one button per field is displayed.
          $buttons = $this->xpath('//input[@type="submit" and @value="Upload"]');
          $expected = $current_field_name == $field_name ? 1 : 2;
821
          $this->assertTrue(is_array($buttons) && count($buttons) == $expected, format_string('After removing a file, only one "Upload" button for each possible field is displayed (JSMode=%type).', array('%type' => $type)));
822 823 824 825
        }
      }

      // Ensure the page now has no Remove buttons.
826
      $this->assertNoFieldByXPath('//input[@type="submit"]', t('Remove'), format_string('After removing all files, there is no "Remove" button displayed (JSMode=%type).', array('%type' => $type)));
827

828 829 830 831 832 833
      // Save the node and ensure it does not have any files.
      $this->drupalPost(NULL, array('title' => $this->randomName()), t('Save'));
      $matches = array();
      preg_match('/node\/([0-9]+)/', $this->getUrl(), $matches);
      $nid = $matches[1];
      $node = node_load($nid, NULL, TRUE);
834
      $this->assertTrue(empty($node->{$field_name}[LANGUAGE_NONE][0]['fid']), 'Node was successfully saved without any files.');
835
    }
836
  }
837

838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854
  /**
   * Tests a file field with a "Private files" upload destination setting.
   */
  function testPrivateFileSetting() {
    // Use 'page' instead of 'article', so that the 'article' image field does
    // not conflict with this test. If in the future the 'page' type gets its
    // own default file or image field, this test can be made more robust by
    // using a custom node type.
    $type_name = 'page';
    $field_name = strtolower($this->randomName());
    $this->createFileField($field_name, $type_name);
    $field = field_info_field($field_name);
    $instance = field_info_instance('node', $field_name, $type_name);

    $test_file = $this->getTestFile('text');

    // Change the field setting to make its files private, and upload a file.
855 856 857 858 859
    $edit = array('field[settings][uri_scheme]' => 'private');
    $this->drupalPost("admin/structure/types/manage/$type_name/fields/$field_name", $edit, t('Save settings'));
    $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
    $node = node_load($nid, NULL, TRUE);
    $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
860
    $this->assertFileExists($node_file, 'New file saved to disk on node creation.');
861 862

    // Ensure the private file is available to the user who uploaded it.
863
    $this->drupalGet(file_create_url($node_file->uri));
864
    $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
865

866 867 868
    // Ensure we can't change 'uri_scheme' field settings while there are some
    // entities with uploaded files.
    $this->drupalGet("admin/structure/types/manage/$type_name/fields/$field_name");
869
    $this->assertFieldByXpath('//input[@id="edit-field-settings-uri-scheme-public" and @disabled="disabled"]', 'public', 'Upload destination setting disabled.');
870

871 872 873
    // Delete node and confirm that setting could be changed.
    node_delete($nid);
    $this->drupalGet("admin/structure/types/manage/$type_name/fields/$field_name");
874
    $this->assertFieldByXpath('//input[@id="edit-field-settings-uri-scheme-public" and not(@disabled)]', 'public', 'Upload destination setting enabled.');
875
  }
876 877 878 879 880 881 882 883 884

  /**
   * Tests that download restrictions on private files work on comments.
   */
  function testPrivateFileComment() {
    $user = $this->drupalCreateUser(array('access comments'));

    // Remove access comments permission from anon user.
    $edit = array(
885
      DRUPAL_ANONYMOUS_RID . '[access comments]' => FALSE,
886 887 888 889 890
    );
    $this->drupalPost('admin/people/permissions', $edit, t('Save permissions'));

    // Create a new field.
    $edit = array(
891 892 893 894
      'fields[_add_new_field][label]' => $label = $this->randomName(),
      'fields[_add_new_field][field_name]' => $name = strtolower($this->randomName()),
      'fields[_add_new_field][type]' => 'file',
      'fields[_add_new_field][widget_type]' => 'file_generic',
895 896 897 898 899 900 901 902 903 904 905 906
    );
    $this->drupalPost('admin/structure/types/manage/article/comment/fields', $edit, t('Save'));
    $edit = array('field[settings][uri_scheme]' => 'private');
    $this->drupalPost(NULL, $edit, t('Save field settings'));
    $this->drupalPost(NULL, array(), t('Save settings'));

    // Create node.
    $text_file = $this->getTestFile('text');
    $edit = array(
      'title' => $this->randomName(),
    );
    $this->drupalPost('node/add/article', $edit, t('Save'));
webchick's avatar
webchick committed
907
    $node = $this->drupalGetNodeByTitle($edit['title']);
908 909 910 911

    // Add a comment with a file.
    $text_file = $this->getTestFile('text');
    $edit = array(
912
      'files[field_' . $name . '_' . LANGUAGE_NONE . '_' . 0 . ']' => drupal_realpath($text_file->uri),
913 914 915 916 917 918 919 920 921 922
      'comment_body[' . LANGUAGE_NONE . '][0][value]' => $comment_body = $this->randomName(),
    );
    $this->drupalPost(NULL, $edit, t('Save'));

    // Get the comment ID.
    preg_match('/comment-([0-9]+)/', $this->getUrl(), $matches);
    $cid = $matches[1];

    // Log in as normal user.
    $this->drupalLogin($user);
923

924 925
    $comment = comment_load($cid);
    $comment_file = (object) $comment->{'field_' . $name}[LANGUAGE_NONE][0];
926
    $this->assertFileExists($comment_file, 'New file saved to disk on node creation.');
927 928
    // Test authenticated file download.
    $url = file_create_url($comment_file->uri);
929
    $this->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
930
    $this->drupalGet(file_create_url($comment_file->uri));
931
    $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
932

933 934 935
    // Test anonymous file download.
    $this->drupalLogout();
    $this->drupalGet(file_create_url($comment_file->uri));
936
    $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
webchick's avatar
webchick committed
937 938 939 940 941 942 943 944 945 946 947

    // Unpublishes node.
    $this->drupalLogin($this->admin_user);
    $edit = array(
      'status' => FALSE,
    );
    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));

    // Ensures normal user can no longer download the file.
    $this->drupalLogin($user);
    $this->drupalGet(file_create_url($comment_file->uri));
948
    $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
949 950
  }

951 952
}

953
/**
954
 * Tests file handling with node revisions.
955 956
 */
class FileFieldRevisionTestCase extends FileFieldTestCase {
957
  public static function getInfo() {
958
    return array(
959 960 961
      'name' => 'File field revision test',
      'description' => 'Test creating and deleting revisions with files attached.',
      'group' => 'File',
962 963 964 965
    );
  }

  /**
966
   * Tests creating multiple revisions of a node and managing attached files.
967 968 969 970 971 972 973 974 975 976 977
   *
   * Expected behaviors:
   *  - Adding a new revision will make another entry in the field table, but
   *    the original file will not be duplicated.
   *  - Deleting a revision should not delete the original file if the file
   *    is in use by another revision.
   *  - When the last revision that uses a file is deleted, the original file
   *    should be deleted also.
   */
  function testRevisions() {
    $type_name = 'article';
978
    $field_name = strtolower($this->randomName());
979 980
    $this->createFileField($field_name, $type_name);
    $field = field_info_field($field_name);
981
    $instance = field_info_instance('node', $field_name, $type_name);
982

983 984 985
    // Attach the same fields to users.
    $this->attachFileField($field_name, 'user', 'user');

986 987 988 989 990 991 992
    $test_file = $this->getTestFile('text');

    // Create a new node with the uploaded file.
    $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);

    // Check that the file exists on disk and in the database.
    $node = node_load($nid, NULL, TRUE);
993
    $node_file_r1 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
994
    $node_vid_r1 = $node->vid;
995 996 997
    $this->assertFileExists($node_file_r1, 'New file saved to disk on node creation.');
    $this->assertFileEntryExists($node_file_r1, 'File entry exists in database on node creation.');
    $this->assertFileIsPermanent($node_file_r1, 'File is permanent.');
998 999 1000 1001

    // Upload another file to the same node in a new revision.
    $this->replaceNodeFile($test_file, $field_name, $nid);
    $node = node_load($nid, NULL, TRUE);
1002
    $node_file_r2 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
1003
    $node_vid_r2 = $node->vid;
1004 1005 1006
    $this->assertFileExists($node_file_r2, 'Replacement file exists on disk after creating new revision.');
    $this->assertFileEntryExists($node_file_r2, 'Replacement file entry exists in database after creating new revision.');
    $this->assertFileIsPermanent($node_file_r2, 'Replacement file is permanent.');
1007 1008 1009

    // Check that the original file is still in place on the first revision.
    $node = node_load($nid, $node_vid_r1, TRUE);
1010 1011 1012 1013
    $this->assertEqual($node_file_r1, (object) $node->{$field_name}[LANGUAGE_NONE][0], 'Original file still in place after replacing file in new revision.');
    $this->assertFileExists($node_file_r1, 'Original file still in place after replacing file in new revision.');
    $this->assertFileEntryExists($node_file_r1, 'Original file entry still in place after replacing file in new revision');
    $this->assertFileIsPermanent($node_file_r1, 'Original file is still permanent.');
1014 1015 1016 1017 1018

    // Save a new version of the node without any changes.
    // Check that the file is still the same as the previous revision.
    $this->drupalPost('node/' . $nid . '/edit', array('revision' => '1'), t('Save'));
    $node = node_load($nid, NULL, TRUE);
1019
    $node_file_r3 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
1020
    $node_vid_r3 = $node->vid;
1021 1022
    $this->assertEqual($node_file_r2, $node_file_r3, 'Previous revision file still in place after creating a new revision without a new file.');
    $this->assertFileIsPermanent($node_file_r3, 'New revision file is permanent.');
1023 1024 1025 1026

    // Revert to the first revision and check that the original file is active.
    $this->drupalPost('node/' . $nid . '/revisions/' . $node_vid_r1 . '/revert', array(), t('Revert'));
    $node = node_load($nid, NULL, TRUE);
1027
    $node_file_r4 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
1028
    $node_vid_r4 = $node->vid;
1029 1030
    $this->assertEqual($node_file_r1, $node_file_r4, 'Original revision file still in place after reverting to the original revision.');
    $this->assertFileIsPermanent($node_file_r4, 'Original revision file still permanent after reverting to the original revision.');
1031 1032 1033 1034

    // Delete the second revision and check that the file is kept (since it is
    // still being used by the third revision).
    $this->drupalPost('node/' . $nid . '/revisions/' . $node_vid_r2 . '/delete', array(), t('Delete'));
1035 1036 1037
    $this->assertFileExists($node_file_r3, 'Second file is still available after deleting second revision, since it is being used by the third revision.');
    $this->assertFileEntryExists($node_file_r3, 'Second file entry is still available after deleting second revision, since it is being used by the third revision.');
    $this->assertFileIsPermanent($node_file_r3, 'Second file entry is still permanent after deleting second revision, since it is being used by the third revision.');
1038

1039 1040
    // Attach the second file to a user.
    $user = $this->drupalCreateUser();
1041
    $edit = (array) $user;
1042 1043 1044 1045 1046
    $edit[$field_name][LANGUAGE_NONE][0] = (array) $node_file_r3;
    user_save($user, $edit);
    $this->drupalGet('user/' . $user->uid . '/edit');

    // Delete the third revision and check that the file is not deleted yet.
1047
    $this->drupalPost('node/' . $nid . '/revisions/' . $node_vid_r3 . '/delete', array(), t('Delete'));
1048 1049 1050
    $this->assertFileExists($node_file_r3, 'Second file is still available after deleting third revision, since it is being used by the user.');
    $this->assertFileEntryExists($node_file_r3, 'Second file entry is still available after deleting third revision, since it is being used by the user.');
    $this->assertFileIsPermanent($node_file_r3, 'Second file entry is still permanent after deleting third revision, since it is being used by the user.');
1051 1052 1053

    // Delete the user and check that the file is also deleted.
    user_delete($user->uid);
1054 1055 1056 1057
    // TODO: This seems like a bug in File API. Clearing the stat cache should
    // not be necessary here. The file really is deleted, but stream wrappers
    // doesn't seem to think so unless we clear the PHP file stat() cache.
    clearstatcache();
1058 1059
    $this->assertFileNotExists($node_file_r3, 'Second file is now deleted after deleting third revision, since it is no longer being used by any other nodes.');
    $this->assertFileEntryNotExists($node_file_r3, 'Second file entry is now deleted after deleting third revision, since it is no longer being used by any other nodes.');
1060 1061 1062

    // Delete the entire node and check that the original file is deleted.
    $this->drupalPost('node/' . $nid . '/delete', array(), t('Delete'));
1063 1064
    $this->assertFileNotExists($node_file_r1, 'Original file is deleted after deleting the entire node with two revisions remaining.');
    $this->assertFileEntryNotExists($node_file_r1, 'Original file entry is deleted after deleting the entire node with two revisions remaining.');
1065 1066 1067 1068
  }
}

/**
1069
 * Tests that formatters are working properly.
1070 1071
 */
class FileFieldDisplayTestCase extends FileFieldTestCase {
1072
  public static function getInfo() {
1073
    return array(
1074 1075 1076
      'name' => 'File field display tests',
      'description' => 'Test the display of file fields in node and views.',
      'group' => 'File',
1077 1078 1079 1080
    );
  }

  /**
1081
   * Tests normal formatter display on node display.
1082 1083
   */
  function testNodeDisplay() {
1084
    $field_name = strtolower($this->randomName());
1085 1086 1087 1088
    $type_name = 'article';
    $field_settings = array(
      'display_field' => '1',
      'display_default' => '1',
1089
      'cardinality' => FIELD_CARDINALITY_UNLIMITED,
1090
    );
1091
    $instance_settings = array(
1092 1093
      'description_field' => '1',
    );
1094
    $widget_settings = array();
1095 1096
    $this->createFileField($field_name, $type_name, $field_settings, $instance_settings, $widget_settings);
    $field = field_info_field($field_name);
1097
    $instance = field_info_instance('node', $field_name, $type_name);
1098

1099 1100 1101 1102 1103 1104 1105 1106 1107 1108
    // Create a new node *without* the file field set, and check that the field
    // is not shown for each node display.
    $node = $this->drupalCreateNode(array('type' => $type_name));
    $file_formatters = array('file_default', 'file_table', 'file_url_plain', 'hidden');
    foreach ($file_formatters as $formatter) {
      $edit = array(
        "fields[$field_name][type]" => $formatter,
      );
      $this->drupalPost("admin/structure/types/manage/$type_name/display", $edit, t('Save'));
      $this->drupalGet('node/' . $node->nid);
1109
      $this->assertNoText($field_name, format_string('Field label is hidden when no file attached for formatter %formatter', array('%formatter' => $formatter)));
1110 1111
    }

1112 1113 1114 1115 1116 1117 1118 1119
    $test_file = $this->getTestFile('text');

    // Create a new node with the uploaded file.
    $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
    $this->drupalGet('node/' . $nid . '/edit');

    // Check that the default formatter is displaying with the file name.
    $node = node_load($nid, NULL, TRUE);
1120
    $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
1121
    $default_output = theme('file_link', array('file' => $node_file));
1122
    $this->assertRaw($default_output, 'Default formatter displaying correctly on full node view.');
1123 1124

    // Turn the "display" option off and check that the file is no longer displayed.
1125
    $edit = array($field_name . '[' . LANGUAGE_NONE . '][0][display]' => FALSE);
1126 1127
    $this->drupalPost('node/' . $nid . '/edit', $edit, t('Save'));

1128
    $this->assertNoRaw($default_output, 'Field is hidden when "display" option is unchecked.');
1129

1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140
    // Test that fields appear as expected during the preview.
    // Add a second file.
    $name = 'files[' . $field_name . '_' . LANGUAGE_NONE . '_1]';
    $edit[$name] = drupal_realpath($test_file->uri);

    // Uncheck the display checkboxes and go to the preview.
    $edit[$field_name . '[' . LANGUAGE_NONE . '][0][display]'] = FALSE;
    $edit[$field_name . '[' . LANGUAGE_NONE . '][1][display]'] = FALSE;
    $this->drupalPost('node/' . $nid . '/edit', $edit, t('Preview'));
    $this->assertRaw($field_name . '[' . LANGUAGE_NONE . '][0][display]', 'First file appears as expected.');
    $this->assertRaw($field_name . '[' . LANGUAGE_NONE . '][1][display]', 'Second file appears as expected.');
1141
  }
1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169

  /**
   * Tests default display of File Field.
   */
  function testDefaultFileFieldDisplay() {
    $field_name = strtolower($this->randomName());
    $type_name = 'article';
    $field_settings = array(
      'display_field' => '1',
      'display_default' => '0',
    );
    $instance_settings = array(
      'description_field' => '1',
    );
    $widget_settings = array();
    $this->createFileField($field_name, $type_name, $field_settings, $instance_settings, $widget_settings);
    $field = field_info_field($field_name);
    $instance = field_info_instance('node', $field_name, $type_name);

    $test_file = $this->getTestFile('text');

    // Create a new node with the uploaded file.
    $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);

    $this->drupalGet('node/' . $nid . '/edit');
    $this->assertFieldByXPath('//input[@type="checkbox" and @name="' . $field_name . '[und][0][display]"]', NULL, 'Default file display checkbox field exists.');
    $this->assertFieldByXPath('//input[@type="checkbox" and @name="' . $field_name . '[und][0][display]" and not(@checked)]', NULL, 'Default file display is off.');
  }
1170 1171 1172
}

/**
1173
 * Tests various validations.
1174 1175 1176 1177 1178
 */
class FileFieldValidateTestCase extends FileFieldTestCase {
  protected $field;
  protected $node_type;

1179
  public static function getInfo() {
1180
    return array(
1181 1182 1183
      'name' => 'File field validation tests',
      'description' => 'Tests validation functions such as file type, max file size, max size per node, and required.',
      'group' => 'File',
1184 1185 1186 1187
    );
  }

  /**
1188
   * Tests the required property on file fields.
1189 1190 1191
   */
  function testRequired() {
    $type_name = 'article';
1192
    $field_name = strtolower($this->randomName());
1193 1194
    $this->createFileField($field_name, $type_name, array(), array('required' => '1'));
    $field = field_info_field($field_name);
1195
    $instance = field_info_instance('node', $field_name, $type_name);
1196 1197 1198 1199

    $test_file = $this->getTestFile('text');

    // Try to post a new node without uploading a file.
1200
    $langcode = LANGUAGE_NONE;
1201
    $edit = array("title" => $this->randomName());
1202
    $this->drupalPost('node/add/' . $type_name, $edit, t('Save'));
1203
    $this->assertRaw(t('!title field is required.', array('!title' => $instance['label'])), 'Node save failed when required file field was empty.');
1204 1205 1206

    // Create a new node with the uploaded file.
    $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
1207
    $this->assertTrue($nid !== FALSE, format_string('uploadNodeFile(@test_file, @field_name, @type_name) succeeded', array('@test_file' => $test_file->uri, '@field_name' => $field_name, '@type_name' => $type_name)));
1208

1209 1210
    $node = node_load($nid, NULL, TRUE);

1211
    $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
1212 1213
    $this->assertFileExists($node_file, 'File exists after uploading to the required field.');
    $this->assertFileEntryExists($node_file, 'File entry exists after uploading to the required field.');
1214 1215 1216 1217 1218 1219

    // Try again with a multiple value field.
    field_delete_field($field_name);
    $this->createFileField($field_name, $type_name, array('cardinality' => FIELD_CARDINALITY_UNLIMITED), array('required' => '1'));

    // Try to post a new node without uploading a file in the multivalue field.