Commit e234a488 authored by DamienMcKenna's avatar DamienMcKenna

By B-Prod, dawehner, DamienMcKenna, Lendude: Improved argument validation.

parent fbafd79a
......@@ -44,7 +44,7 @@ class views_handler_argument_null extends views_handler_argument {
*/
public function default_actions($which = NULL) {
if ($which) {
if (in_array($which, array('ignore', 'not found', 'empty', 'default'))) {
if (in_array($which, array('ignore', 'not found', 'empty', 'default', 'access denied'))) {
return parent::default_actions($which);
}
return;
......
......@@ -1236,7 +1236,7 @@ class view extends views_db_object {
if (!empty($this->build_info['fail'])) {
return;
}
if (!empty($this->view->build_info['denied'])) {
if (!empty($this->build_info['denied'])) {
return;
}
......
......@@ -51,6 +51,9 @@ class views_plugin_display_feed extends views_plugin_display_page {
*/
public function execute() {
$output = $this->view->render();
if (!empty($this->view->build_info['denied'])) {
return MENU_ACCESS_DENIED;
}
if (empty($output)) {
return MENU_NOT_FOUND;
}
......
......@@ -40,10 +40,27 @@ class ViewsArgumentValidatorTest extends ViewsSqlTest {
$this->assertTrue($view->argument['null']->validate_arg(12));
}
/**
* Make sure argument validation works properly.
*/
function testArgumentValidatePhpFailure() {
$view = $this->view_test_argument_validate_php_failure();
$view->save();
$this->drupalGet('test-php-failure');
// This should return a 403, indicating that the arguments validation fails.
$this->assertResponse(403);
$this->drupalGet('test-php-failure-feed');
// This should return a 403, indicating that the arguments validation fails.
$this->assertResponse(403);
}
function view_test_argument_validate_php($string) {
$code = 'return $argument == \'' . $string . '\';';
$view = new view();
$view->name = 'view_argument_validate_numeric';
$view->name = 'view_argument_validate_php';
$view->description = '';
$view->tag = '';
$view->view_php = '';
......@@ -104,4 +121,68 @@ class ViewsArgumentValidatorTest extends ViewsSqlTest {
return $view;
}
/**
*
*
* @return view $view
* The required view object.
*/
function view_test_argument_validate_php_failure() {
$view = new view();
$view->name = 'view_argument_validate_php_failure';
$view->description = '';
$view->tag = '';
$view->base_table = 'node';
$view->human_name = '';
$view->core = 0;
$view->api_version = '3.0';
$view->disabled = FALSE; /* Edit this to true to make a default view disabled initially */
/* Display: Master */
$handler = $view->new_display('default', 'Master', 'default');
$handler->display->display_options['use_more_always'] = FALSE;
$handler->display->display_options['access']['type'] = 'none';
$handler->display->display_options['cache']['type'] = 'none';
$handler->display->display_options['query']['type'] = 'views_query';
$handler->display->display_options['exposed_form']['type'] = 'basic';
$handler->display->display_options['pager']['type'] = 'none';
$handler->display->display_options['style_plugin'] = 'default';
$handler->display->display_options['row_plugin'] = 'fields';
/* Field: Content: Title */
$handler->display->display_options['fields']['title']['id'] = 'title';
$handler->display->display_options['fields']['title']['table'] = 'node';
$handler->display->display_options['fields']['title']['field'] = 'title';
$handler->display->display_options['fields']['title']['label'] = '';
$handler->display->display_options['fields']['title']['element_label_colon'] = FALSE;
$handler->display->display_options['fields']['title']['link_to_node'] = FALSE;
/* Contextual filter: Global: Null */
$handler->display->display_options['arguments']['null']['id'] = 'null';
$handler->display->display_options['arguments']['null']['table'] = 'views';
$handler->display->display_options['arguments']['null']['field'] = 'null';
$handler->display->display_options['arguments']['null']['default_action'] = 'default';
$handler->display->display_options['arguments']['null']['default_argument_type'] = 'fixed';
$handler->display->display_options['arguments']['null']['default_argument_options']['argument'] = 'No filter';
$handler->display->display_options['arguments']['null']['summary']['number_of_records'] = '0';
$handler->display->display_options['arguments']['null']['summary']['format'] = 'default_summary';
$handler->display->display_options['arguments']['null']['summary_options']['items_per_page'] = '25';
$handler->display->display_options['arguments']['null']['specify_validation'] = TRUE;
$handler->display->display_options['arguments']['null']['validate']['type'] = 'php';
$handler->display->display_options['arguments']['null']['validate_options']['code'] = 'return FALSE;';
$handler->display->display_options['arguments']['null']['validate']['fail'] = 'access denied';
/* Display: Page */
$handler = $view->new_display('page', 'Page', 'page_1');
$handler->display->display_options['path'] = 'test-php-failure';
/* Display: Feed */
$handler = $view->new_display('feed', 'Feed', 'feed_1');
$handler->display->display_options['path'] = 'test-php-failure-feed';
$handler->display->display_options['pager']['type'] = 'none';
$handler->display->display_options['pager']['options']['offset'] = '0';
$handler->display->display_options['style_plugin'] = 'rss';
$handler->display->display_options['row_plugin'] = 'node_rss';
return $view;
}
}
......@@ -135,6 +135,23 @@ abstract class ViewsTestCase extends DrupalWebTestCase {
$this->verbose('<pre>Executed view: ' . ((string) $view->build_info['query']) . '</pre>');
}
/**
* Log in as user 1.
*/
protected function loginUser1() {
$password = user_password();
// Reset the user 1 password.
$account = user_load(1);
$edit = array(
'pass' => $password,
);
$account = user_save($account, $edit);
$account->pass_raw = $password;
// Log in as user 1.
$this->drupalLogin($account);
}
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment