Commit 20421ee6 authored by webchick's avatar webchick

#276280 by jhedstrom, drewish: Tests for private downloads and file name munging.

parent 22bdb8e5
......@@ -1103,3 +1103,109 @@ class FileSaveDataTest extends FileHookTestCase {
$this->assertFalse($file, t("Overwriting a file fails when FILE_EXISTS_ERROR is specified."));
}
}
/**
* Tests for download/file transfer functions.
*/
class FileDownloadTest extends FileTestCase {
function getInfo() {
return array(
'name' => t('File download'),
'description' => t('Tests for file download/transfer functions.'),
'group' => t('File'),
);
}
function setUp() {
parent::setUp('file_test');
}
/**
* Test the private file transfer system.
*/
function testPrivateFileTransfer() {
// Set file downloads to private so handler functions get called.
variable_set('file_downloads', FILE_DOWNLOADS_PRIVATE);
// Create a file.
$file = $this->createFile();
$url = file_create_url($file->filename);
// Set file_test access header to allow the download.
file_test_set_return('download', array('x-foo: Bar'));
$this->drupalHead($url);
$headers = $this->drupalGetHeaders();
$this->assertEqual($headers['x-foo'] , 'Bar', t('Found header set by file_test module on private download.'));
$this->assertResponse(200, t('Correctly allowed access to a file when file_test provides headers.'));
// Deny access to all downloads via a -1 header.
file_test_set_return('download', -1);
$this->drupalHead($url);
$this->assertResponse(403, t('Correctly denied access to a file when file_test sets the header to -1.'));
// Try non-existent file.
$url = file_create_url($this->randomName());
$this->drupalHead($url);
$this->assertResponse(404, t('Correctly returned 404 response for a non-existent file.'));
}
}
/**
* Tests for file_munge_filename() and file_unmunge_filename().
*/
class FileNameMungingTest extends FileTestCase {
function getInfo() {
return array(
'name' => t('File naming'),
'description' => t('Test filename munging and unmunging.'),
'group' => t('File'),
);
}
function setUp() {
parent::setUp();
$this->bad_extension = 'php';
$this->name = $this->randomName() . '.' . $this->bad_extension . '.txt';
}
/**
* Create a file and munge/unmunge the name.
*/
function testMunging() {
// Disable insecure uploads.
variable_set('allow_insecure_uploads', 0);
$munged_name = file_munge_filename($this->name, '', TRUE);
$messages = drupal_get_messages();
$this->assertTrue(in_array(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $munged_name)), $messages['status']), t('Alert properly set when a file is renamed.'));
$this->assertNotEqual($munged_name, $this->name, t('The new filename (%munged) has been modified from the original (%original)', array('%munged' => $munged_name, '%original' => $this->name)));
}
/**
* If the allow_insecure_uploads variable evaluates to true, the file should
* come out untouched, no matter how evil the filename.
*/
function testMungeIgnoreInsecure() {
variable_set('allow_insecure_uploads', 1);
$munged_name = file_munge_filename($this->name, '');
$this->assertIdentical($munged_name, $this->name, t('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', array('%munged' => $munged_name, '%original' => $this->name)));
}
/**
* White listed extensions are ignored by file_munge_filename().
*/
function testMungeIgnoreWhitelisted() {
// Declare our extension as whitelisted.
$munged_name = file_munge_filename($this->name, $this->bad_extension);
$this->assertIdentical($munged_name, $this->name, t('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', array('%munged' => $munged_name, '%original' => $this->name)));
}
/**
* Ensure that unmunge gets your name back.
*/
function testUnMunge() {
$munged_name = file_munge_filename($this->name, '', FALSE);
$unmunged_name = file_unmunge_filename($munged_name);
$this->assertIdentical($unmunged_name, $this->name, t('The unmunged (%unmunged) filename matches the original (%original)', array('%unmunged' => $unmunged_name, '%original' => $this->name)));
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment