Commit 759acf4c authored by webchick's avatar webchick
Browse files

Issue #1179426 by chx, xjm, aspilicious: SA-CORE-2011-001, with tests.

parent 6cd58961
......@@ -976,7 +976,7 @@ function file_get_file_references($file, $field = NULL, $age = FIELD_LOAD_REVISI
}
}
return isset($field) ? $references[$field['field_name']] : $references;
return isset($field) ? $references[$field['field_name']] : array_filter($references);
}
/**
......
......@@ -12,7 +12,16 @@ class FileFieldTestCase extends DrupalWebTestCase {
protected $admin_user;
function setUp() {
parent::setUp('file', 'file_module_test');
// Since this is a base class for many test cases, support the same
// flexibility that DrupalWebTestCase::setUp() has for the modules to be
// passed in as either an array or a variable number of string arguments.
$modules = func_get_args();
if (isset($modules[0]) && is_array($modules[0])) {
$modules = $modules[0];
}
$modules[] = 'file';
$modules[] = 'file_module_test';
parent::setUp($modules);
$this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer users', 'administer permissions', 'administer content types', 'administer nodes', 'bypass node access'));
$this->drupalLogin($this->admin_user);
}
......@@ -112,7 +121,7 @@ class FileFieldTestCase extends DrupalWebTestCase {
/**
* Upload a file to a node.
*/
function uploadNodeFile($file, $field_name, $nid_or_type, $new_revision = TRUE) {
function uploadNodeFile($file, $field_name, $nid_or_type, $new_revision = TRUE, $extras = array()) {
$langcode = LANGUAGE_NONE;
$edit = array(
"title" => $this->randomName(),
......@@ -124,7 +133,8 @@ class FileFieldTestCase extends DrupalWebTestCase {
}
else {
// Add a new node.
$node = $this->drupalCreateNode(array('type' => $nid_or_type));
$extras['type'] = $nid_or_type;
$node = $this->drupalCreateNode($extras);
$nid = $node->nid;
// Save at least one revision to better simulate a real site.
$this->drupalCreateNode(get_object_vars($node));
......@@ -1041,3 +1051,46 @@ class FileTokenReplaceTestCase extends FileFieldTestCase {
}
}
}
/**
* Test class to test file access on private nodes.
*/
class FilePrivateTestCase extends FileFieldTestCase {
public static function getInfo() {
return array(
'name' => 'Private file test',
'description' => 'Uploads a test to a private node and checks access.',
'group' => 'File',
);
}
function setUp() {
parent::setUp('node_access_test');
node_access_rebuild();
variable_set('node_access_test_private', TRUE);
}
/**
* Uploads a file to a private node, then tests that access is allowed and denied when appropriate.
*/
function testPrivateFile() {
// Use 'page' instead of 'article', so that the 'article' image field does
// not conflict with this test. If in the future the 'page' type gets its
// own default file or image field, this test can be made more robust by
// using a custom node type.
$type_name = 'page';
$field_name = strtolower($this->randomName());
$this->createFileField($field_name, $type_name, array('uri_scheme' => 'private'));
$test_file = $this->getTestFile('text');
$nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => TRUE));
$node = node_load($nid, NULL, TRUE);
$node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
// Ensure the file can be downloaded.
$this->drupalGet(file_create_url($node_file->uri));
$this->assertResponse(200, t('Confirmed that the generated URL is correct by downloading the shipped file.'));
$this->drupalLogOut();
$this->drupalGet(file_create_url($node_file->uri));
$this->assertNoResponse(200, t('Confirmed that access is denied for the file without the needed permission.'));
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment