Unverified Commit 5e802299 authored by larowlan's avatar larowlan
Browse files

Issue #2834958 by huzooka, Chris Burge, alfaguru, Wim Leers, Lendude:...

Issue #2834958 by huzooka, Chris Burge, alfaguru, Wim Leers, Lendude: file_validate_extensions() incorrectly assumes $file->filename contains the file's extension

(cherry picked from commit b27e6a8c)
parent 7bebde31
...@@ -339,7 +339,14 @@ function file_validate_extensions(FileInterface $file, $extensions) { ...@@ -339,7 +339,14 @@ function file_validate_extensions(FileInterface $file, $extensions) {
$errors = []; $errors = [];
$regex = '/\.(' . preg_replace('/ +/', '|', preg_quote($extensions)) . ')$/i'; $regex = '/\.(' . preg_replace('/ +/', '|', preg_quote($extensions)) . ')$/i';
if (!preg_match($regex, $file->getFilename())) { // Filename may differ from the basename, for instance in case files migrated
// from D7 file entities. Because of that new files are saved temporarily with
// a generated file name, without the original extension, we will use the
// generated filename property for extension validation only in case of
// temporary files; and use the file system file name in case of permanent
// files.
$subject = $file->isTemporary() ? $file->getFilename() : $file->getFileUri();
if (!preg_match($regex, $subject)) {
$errors[] = t('Only files with the following extensions are allowed: %files-allowed.', ['%files-allowed' => $extensions]); $errors[] = t('Only files with the following extensions are allowed: %files-allowed.', ['%files-allowed' => $extensions]);
} }
return $errors; return $errors;
......
...@@ -52,6 +52,89 @@ public function testFileValidateExtensions() { ...@@ -52,6 +52,89 @@ public function testFileValidateExtensions() {
$this->assertCount(1, $errors, 'Invalid extension blocked.'); $this->assertCount(1, $errors, 'Invalid extension blocked.');
} }
/**
* Tests the file_validate_extensions() function.
*
* @param array $file_properties
* The properties of the file being validated.
* @param string[] $extensions
* An array of the allowed file extensions.
* @param string[] $expected_errors
* The expected error messages as string.
*
* @dataProvider providerTestFileValidateExtensionsOnUri
*/
public function testFileValidateExtensionsOnUri(array $file_properties, array $extensions, array $expected_errors) {
$file = File::create($file_properties);
$actual_errors = file_validate_extensions($file, implode(' ', $extensions));
$actual_errors_as_string = array_map(function ($error_message) {
return (string) $error_message;
}, $actual_errors);
$this->assertEquals($expected_errors, $actual_errors_as_string);
}
/**
* Data provider for ::testFileValidateExtensionsOnUri.
*
* @return array[][]
* The test cases.
*/
public function providerTestFileValidateExtensionsOnUri(): array {
$temporary_txt_file_properties = [
'filename' => 'asdf.txt',
'uri' => 'temporary://asdf',
'status' => 0,
];
$permanent_txt_file_properties = [
'filename' => 'asdf.txt',
'uri' => 'public://asdf_0.txt',
'status' => 1,
];
$permanent_png_file_properties = [
'filename' => 'The Druplicon',
'uri' => 'public://druplicon.png',
'status' => 1,
];
return [
'Temporary txt validated with "asdf", "txt", "pork"' => [
'File properties' => $temporary_txt_file_properties,
'Allowed_extensions' => ['asdf', 'txt', 'pork'],
'Expected errors' => [],
],
'Temporary txt validated with "exe" and "png"' => [
'File properties' => $temporary_txt_file_properties,
'Allowed_extensions' => ['exe', 'png'],
'Expected errors' => [
'Only files with the following extensions are allowed: <em class="placeholder">exe png</em>.',
],
],
'Permanent txt validated with "asdf", "txt", "pork"' => [
'File properties' => $permanent_txt_file_properties,
'Allowed_extensions' => ['asdf', 'txt', 'pork'],
'Expected errors' => [],
],
'Permanent txt validated with "exe" and "png"' => [
'File properties' => $permanent_txt_file_properties,
'Allowed_extensions' => ['exe', 'png'],
'Expected errors' => [
'Only files with the following extensions are allowed: <em class="placeholder">exe png</em>.',
],
],
'Permanent png validated with "png", "gif", "jpg", "jpeg"' => [
'File properties' => $permanent_png_file_properties,
'Allowed_extensions' => ['png', 'gif', 'jpg', 'jpeg'],
'Expected errors' => [],
],
'Permanent png validated with "exe" and "txt"' => [
'File properties' => $permanent_png_file_properties,
'Allowed_extensions' => ['exe', 'txt'],
'Expected errors' => [
'Only files with the following extensions are allowed: <em class="placeholder">exe txt</em>.',
],
],
];
}
/** /**
* This ensures a specific file is actually an image. * This ensures a specific file is actually an image.
*/ */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment