aboutsummaryrefslogtreecommitdiffstats
path: root/tests/upload/filespec_test.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/upload/filespec_test.php')
-rw-r--r--tests/upload/filespec_test.php348
1 files changed, 317 insertions, 31 deletions
diff --git a/tests/upload/filespec_test.php b/tests/upload/filespec_test.php
index 87cd00197f..1351b46002 100644
--- a/tests/upload/filespec_test.php
+++ b/tests/upload/filespec_test.php
@@ -1,15 +1,18 @@
<?php
/**
- *
- * @package testing
- * @copyright (c) 2012 phpBB Group
- * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
- *
- */
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
require_once __DIR__ . '/../../phpBB/includes/functions.php';
require_once __DIR__ . '/../../phpBB/includes/utf/utf_tools.php';
-require_once __DIR__ . '/../../phpBB/includes/functions_upload.php';
class phpbb_filespec_test extends phpbb_test_case
{
@@ -19,14 +22,19 @@ class phpbb_filespec_test extends phpbb_test_case
const UPLOAD_MAX_FILESIZE = 1000;
private $config;
+ private $filesystem;
public $path;
+ /** @var \phpbb\language\language */
+ protected $language;
+
+ /** @var string phpBB root path */
+ protected $phpbb_root_path;
+
protected function setUp()
{
// Global $config required by unique_id
- // Global $user required by filespec::additional_checks and
- // filespec::move_file
- global $config, $user;
+ global $config, $phpbb_root_path, $phpEx;
if (!is_array($config))
{
@@ -40,9 +48,6 @@ class phpbb_filespec_test extends phpbb_test_case
// See: phpBB/install/schemas/schema_data.sql
$config['mime_triggers'] = 'body|head|html|img|plaintext|a href|pre|script|table|title';
- $user = new phpbb_mock_user();
- $user->lang = new phpbb_mock_lang();
-
$this->config = &$config;
$this->path = __DIR__ . '/fixture/';
@@ -61,6 +66,27 @@ class phpbb_filespec_test extends phpbb_test_case
copy($fileinfo->getPathname(), $this->path . 'copies/' . $fileinfo->getFilename() . '_copy_2');
}
}
+
+ $guessers = array(
+ new \Symfony\Component\HttpFoundation\File\MimeType\FileinfoMimeTypeGuesser(),
+ new \Symfony\Component\HttpFoundation\File\MimeType\FileBinaryMimeTypeGuesser(),
+ new \phpbb\mimetype\content_guesser(),
+ new \phpbb\mimetype\extension_guesser(),
+ );
+ $guessers[2]->set_priority(-2);
+ $guessers[3]->set_priority(-2);
+ $this->mimetype_guesser = new \phpbb\mimetype\guesser($guessers);
+ $this->language = new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx));
+
+ $this->filesystem = new \phpbb\filesystem\filesystem();
+ $this->phpbb_root_path = $phpbb_root_path;
+ }
+
+ private function set_reflection_property(&$class, $property_name, $value)
+ {
+ $property = new ReflectionProperty($class, $property_name);
+ $property->setAccessible(true);
+ $property->setValue($class, $value);
}
private function get_filespec($override = array())
@@ -74,14 +100,13 @@ class phpbb_filespec_test extends phpbb_test_case
'error' => '',
);
- return new filespec(array_merge($upload_ary, $override), null);
+ $filespec = new \phpbb\files\filespec($this->filesystem, $this->language, new \bantu\IniGetWrapper\IniGetWrapper, new \FastImageSize\FastImageSize(), $this->phpbb_root_path, $this->mimetype_guesser);
+ return $filespec->set_upload_ary(array_merge($upload_ary, $override));
}
protected function tearDown()
{
- global $user;
$this->config = array();
- $user = null;
$iterator = new DirectoryIterator($this->path . 'copies');
foreach ($iterator as $fileinfo)
@@ -94,6 +119,13 @@ class phpbb_filespec_test extends phpbb_test_case
}
}
+ public function test_empty_upload_ary()
+ {
+ $filespec = new \phpbb\files\filespec($this->filesystem, $this->language, new \bantu\IniGetWrapper\IniGetWrapper, new \FastImageSize\FastImageSize(), $this->phpbb_root_path, $this->mimetype_guesser);
+ $this->assertInstanceOf('\phpbb\files\filespec', $filespec->set_upload_ary(array()));
+ $this->assertTrue($filespec->init_error());
+ }
+
public function additional_checks_variables()
{
// False here just indicates the file is too large and fails the
@@ -115,13 +147,26 @@ class phpbb_filespec_test extends phpbb_test_case
{
$upload = new phpbb_mock_fileupload();
$filespec = $this->get_filespec();
- $filespec->upload = $upload;
- $filespec->file_moved = true;
- $filespec->filesize = $filespec->get_filesize($this->path . $filename);
+ $filespec->set_upload_namespace($upload);
+ $this->set_reflection_property($filespec, 'file_moved', true);
+ $this->set_reflection_property($filespec, 'filesize', $filespec->get_filesize($this->path . $filename));
$this->assertEquals($expected, $filespec->additional_checks());
}
+ public function test_additional_checks_dimensions()
+ {
+ $upload = new phpbb_mock_fileupload();
+ $filespec = $this->get_filespec();
+ $filespec->set_upload_namespace($upload);
+ $upload->valid_dimensions = false;
+ $this->set_reflection_property($filespec, 'file_moved', true);
+ $upload->max_filesize = 0;
+
+ $this->assertEquals(false, $filespec->additional_checks());
+ $this->assertSame(array('WRONG_SIZE'), $filespec->error);
+ }
+
public function check_content_variables()
{
// False here indicates that a file is non-binary and contains
@@ -143,6 +188,8 @@ class phpbb_filespec_test extends phpbb_test_case
$disallowed_content = explode('|', $this->config['mime_triggers']);
$filespec = $this->get_filespec(array('tmp_name' => $this->path . $filename));
$this->assertEquals($expected, $filespec->check_content($disallowed_content));
+ // All files should pass if $disallowed_content is empty
+ $this->assertEquals(true, $filespec->check_content(array()));
}
public function clean_filename_variables()
@@ -154,6 +201,7 @@ class phpbb_filespec_test extends phpbb_test_case
array($chunks[2] . $chunks[9]),
array($chunks[3] . $chunks[4]),
array($chunks[5] . $chunks[6]),
+ array('foobar.png'),
);
}
@@ -165,7 +213,7 @@ class phpbb_filespec_test extends phpbb_test_case
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
$filespec = $this->get_filespec(array('name' => $filename));
$filespec->clean_filename('real', self::PREFIX);
- $name = $filespec->realname;
+ $name = $filespec->get('realname');
$this->assertEquals(0, preg_match('/%(\w{2})/', $name));
foreach ($bad_chars as $char)
@@ -181,8 +229,8 @@ class phpbb_filespec_test extends phpbb_test_case
{
$filespec = $this->get_filespec();
$filespec->clean_filename('unique', self::PREFIX);
- $name = $filespec->realname;
-
+ $name = $filespec->get('realname');
+
$this->assertEquals(strlen($name), 32 + strlen(self::PREFIX));
$this->assertRegExp('#^[A-Za-z0-9]+$#', substr($name, strlen(self::PREFIX)));
$this->assertFalse(isset($filenames[$name]));
@@ -190,6 +238,55 @@ class phpbb_filespec_test extends phpbb_test_case
}
}
+ public function test_clean_filename_unique_ext()
+ {
+ $filenames = array();
+ for ($tests = 0; $tests < self::TEST_COUNT; $tests++)
+ {
+ $filespec = $this->get_filespec(array('name' => 'foobar.jpg'));
+ $filespec->clean_filename('unique_ext', self::PREFIX);
+ $name = $filespec->get('realname');
+
+ $this->assertEquals(strlen($name), 32 + strlen(self::PREFIX) + strlen('.jpg'));
+ $this->assertRegExp('#^[A-Za-z0-9]+\.jpg$#', substr($name, strlen(self::PREFIX)));
+ $this->assertFalse(isset($filenames[$name]));
+ $filenames[$name] = true;
+ }
+ }
+
+ public function data_clean_filename_avatar()
+ {
+ return array(
+ array(false, false, ''),
+ array('foobar.png', 'u5.png', 'avatar', 'u', 5),
+ array('foobar.png', 'g9.png', 'avatar', 'g', 9),
+
+ );
+ }
+
+ /**
+ * @dataProvider data_clean_filename_avatar
+ */
+ public function test_clean_filename_avatar($filename, $expected, $mode, $prefix = '', $user_id = '')
+ {
+ $filespec = new \phpbb\files\filespec($this->filesystem, $this->language, new \bantu\IniGetWrapper\IniGetWrapper, new \FastImageSize\FastImageSize(), $this->phpbb_root_path, $this->mimetype_guesser);
+
+ if ($filename)
+ {
+ $upload_ary = array(
+ 'name' => $filename,
+ 'type' => '',
+ 'size' => '',
+ 'tmp_name' => '',
+ 'error' => '',
+ );
+ $filespec->set_upload_ary($upload_ary);
+ }
+ $filespec->clean_filename($mode, $prefix, $user_id);
+
+ $this->assertSame($expected, $filespec->get('realname'));
+ }
+
public function get_extension_variables()
{
return array(
@@ -197,6 +294,8 @@ class phpbb_filespec_test extends phpbb_test_case
array('file.phpbb.gif', 'gif'),
array('file..', ''),
array('.file..jpg.webp', 'webp'),
+ array('/test.com/file', ''),
+ array('/test.com/file.gif', 'gif'),
);
}
@@ -205,7 +304,7 @@ class phpbb_filespec_test extends phpbb_test_case
*/
public function test_get_extension($filename, $expected)
{
- $this->assertEquals($expected, filespec::get_extension($filename));
+ $this->assertEquals($expected, \phpbb\files\filespec::get_extension($filename));
}
public function is_image_variables()
@@ -216,6 +315,9 @@ class phpbb_filespec_test extends phpbb_test_case
array('png', 'image/png', true),
array('tif', 'image/tif', true),
array('txt', 'text/plain', false),
+ array('jpg', 'application/octet-stream', false),
+ array('gif', 'application/octetstream', false),
+ array('png', 'application/mime', false),
);
}
@@ -228,6 +330,35 @@ class phpbb_filespec_test extends phpbb_test_case
$this->assertEquals($expected, $filespec->is_image());
}
+ public function is_image_get_mimetype()
+ {
+ return array(
+ array('gif', 'image/gif', true),
+ array('jpg', 'image/jpg', true),
+ array('png', 'image/png', true),
+ array('tif', 'image/tif', true),
+ array('txt', 'text/plain', false),
+ array('jpg', 'application/octet-stream', true),
+ array('gif', 'application/octetstream', true),
+ array('png', 'application/mime', true),
+ );
+ }
+
+ /**
+ * @dataProvider is_image_get_mimetype
+ */
+ public function test_is_image_get_mimetype($filename, $mimetype, $expected)
+ {
+ if (!class_exists('finfo') && strtolower(substr(PHP_OS, 0, 3)) === 'win')
+ {
+ $this->markTestSkipped('Unable to test mimetype guessing without fileinfo support on Windows');
+ }
+
+ $filespec = $this->get_filespec(array('tmp_name' => $this->path . $filename, 'type' => $mimetype));
+ $filespec->get_mimetype($this->path . $filename);
+ $this->assertEquals($expected, $filespec->is_image());
+ }
+
public function move_file_variables()
{
return array(
@@ -236,7 +367,7 @@ class phpbb_filespec_test extends phpbb_test_case
array('txt_copy', 'txt_as_img', 'image/jpg', 'txt', false, true),
array('txt_copy_2', 'txt_moved', 'text/plain', 'txt', false, true),
array('jpg_copy', 'jpg_moved', 'image/png', 'jpg', false, true),
- array('png_copy', 'png_moved', 'image/png', 'jpg', 'IMAGE_FILETYPE_MISMATCH', true),
+ array('png_copy', 'png_moved', 'image/png', 'jpg', 'Image file type mismatch: expected extension png but extension jpg given.', true),
);
}
@@ -247,8 +378,7 @@ class phpbb_filespec_test extends phpbb_test_case
{
// Global $phpbb_root_path and $phpEx are required by phpbb_chmod
global $phpbb_root_path, $phpEx;
- $phpbb_root_path = '';
- $phpEx = 'php';
+ $this->phpbb_root_path = '';
$upload = new phpbb_mock_fileupload();
$upload->max_filesize = self::UPLOAD_MAX_FILESIZE;
@@ -258,17 +388,173 @@ class phpbb_filespec_test extends phpbb_test_case
'name' => $realname,
'type' => $mime_type,
));
- $filespec->extension = $extension;
- $filespec->upload = $upload;
- $filespec->local = true;
+ $this->set_reflection_property($filespec, 'extension', $extension);
+ $filespec->set_upload_namespace($upload);
+ $this->set_reflection_property($filespec, 'local', true);
$this->assertEquals($expected, $filespec->move_file($this->path . 'copies'));
- $this->assertEquals($filespec->file_moved, file_exists($this->path . 'copies/' . $realname));
+ $this->assertEquals($filespec->get('file_moved'), file_exists($this->path . 'copies/' . $realname));
if ($error)
{
$this->assertEquals($error, $filespec->error[0]);
}
- $phpEx = '';
+ $this->phpbb_root_path = $phpbb_root_path;
+ }
+
+ public function test_move_file_error()
+ {
+ $filespec = $this->get_filespec();
+ $this->assertFalse($filespec->move_file('foobar'));
+ $filespec->error[] = 'foo';
+ $this->assertFalse($filespec->move_file('foo'));
+ }
+
+ public function data_move_file_copy()
+ {
+ return array(
+ array('gif_copy', true, false, array()),
+ array('gif_copy', true, true, array()),
+ array('foo_bar', false, false, array('GENERAL_UPLOAD_ERROR')),
+ array('foo_bar', false, true, array('GENERAL_UPLOAD_ERROR')),
+ );
+ }
+
+ /**
+ * @dataProvider data_move_file_copy
+ */
+ public function test_move_file_copy($tmp_name, $move_success, $safe_mode_on, $expected_error)
+ {
+ // Initialise a blank filespec object for use with trivial methods
+ $upload_ary = array(
+ 'name' => 'gif_moved',
+ 'type' => 'image/gif',
+ 'size' => '',
+ 'tmp_name' => $this->path . 'copies/' . $tmp_name,
+ 'error' => '',
+ );
+
+ $php_ini = $this->getMockBuilder('\bantu\IniGetWrapper\IniGetWrapper')
+ ->getMock();
+ $php_ini->expects($this->any())
+ ->method('getBool')
+ ->with($this->anything())
+ ->willReturn($safe_mode_on);
+ $upload = new phpbb_mock_fileupload();
+ $upload->max_filesize = self::UPLOAD_MAX_FILESIZE;
+ $filespec = new \phpbb\files\filespec($this->filesystem, $this->language, $php_ini, new \FastImageSize\FastImagesize, '', $this->mimetype_guesser);
+ $filespec->set_upload_ary($upload_ary);
+ $this->set_reflection_property($filespec, 'local', false);
+ $this->set_reflection_property($filespec, 'extension', 'gif');
+ $filespec->set_upload_namespace($upload);
+
+ $this->assertEquals($move_success, $filespec->move_file($this->path . 'copies'));
+ $this->assertEquals($filespec->get('file_moved'), file_exists($this->path . 'copies/gif_moved'));
+ $this->assertSame($expected_error, $filespec->error);
+ }
+
+ public function data_move_file_imagesize()
+ {
+ return array(
+ array(
+ array(
+ 'width' => 2,
+ 'height' => 2,
+ 'type' => IMAGETYPE_GIF,
+ ),
+ array()
+ ),
+ array(
+ array(
+ 'width' => 2,
+ 'height' => 2,
+ 'type' => -1,
+ ),
+ array('Image file type -1 for mimetype image/gif not supported.')
+ ),
+ array(
+ array(
+ 'width' => 0,
+ 'height' => 0,
+ 'type' => IMAGETYPE_GIF,
+ ),
+ array('The image file you tried to attach is invalid.')
+ ),
+ array(
+ false,
+ array('It was not possible to determine the dimensions of the image. Please verify that the URL you entered is correct.')
+ )
+ );
+ }
+
+ /**
+ * @dataProvider data_move_file_imagesize
+ */
+ public function test_move_file_imagesize($imagesize_return, $expected_error)
+ {
+ // Initialise a blank filespec object for use with trivial methods
+ $upload_ary = array(
+ 'name' => 'gif_moved',
+ 'type' => 'image/gif',
+ 'size' => '',
+ 'tmp_name' => $this->path . 'copies/gif_copy',
+ 'error' => '',
+ );
+
+ $imagesize = $this->getMockBuilder('\FastImageSize\FastImageSize')
+ ->getMock();
+ $imagesize->expects($this->any())
+ ->method('getImageSize')
+ ->with($this->anything())
+ ->willReturn($imagesize_return);
+
+ $upload = new phpbb_mock_fileupload();
+ $upload->max_filesize = self::UPLOAD_MAX_FILESIZE;
+ $filespec = new \phpbb\files\filespec($this->filesystem, $this->language, new \bantu\IniGetWrapper\IniGetWrapper, $imagesize, '', $this->mimetype_guesser);
+ $filespec->set_upload_ary($upload_ary);
+ $this->set_reflection_property($filespec, 'local', false);
+ $this->set_reflection_property($filespec, 'extension', 'gif');
+ $filespec->set_upload_namespace($upload);
+
+ $this->assertEquals(true, $filespec->move_file($this->path . 'copies'));
+ $this->assertEquals($filespec->get('file_moved'), file_exists($this->path . 'copies/gif_moved'));
+ $this->assertSame($expected_error, $filespec->error);
+ }
+
+ /**
+ * @dataProvider clean_filename_variables
+ */
+ public function test_uploadname($filename)
+ {
+ $type_cast_helper = new \phpbb\request\type_cast_helper();
+
+ $upload_name = '';
+ $type_cast_helper->set_var($upload_name, $filename, 'string', true, true);
+ $filespec = $this->get_filespec(array('name'=> $upload_name));
+
+ $this->assertSame(trim(utf8_basename(htmlspecialchars($filename))), $filespec->get('uploadname'));
+ }
+
+ public function test_is_uploaded()
+ {
+ $filespec = new \phpbb\files\filespec($this->filesystem, $this->language, new \bantu\IniGetWrapper\IniGetWrapper, new \FastImageSize\FastImageSize(), $this->phpbb_root_path, null);
+ $reflection_filespec = new ReflectionClass($filespec);
+ $plupload_property = $reflection_filespec->getProperty('plupload');
+ $plupload_property->setAccessible(true);
+ $plupload_mock = $this->getMockBuilder('\phpbb\plupload\plupload')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $plupload_mock->expects($this->any())
+ ->method('is_active')
+ ->will($this->returnValue(true));
+ $plupload_property->setValue($filespec, $plupload_mock);
+ $is_uploaded = $reflection_filespec->getMethod('is_uploaded');
+
+ // Plupload is active and file does not exist
+ $this->assertFalse($is_uploaded->invoke($filespec));
+
+ // Plupload is not active and file was not uploaded
+ $plupload_property->setValue($filespec, null);
+ $this->assertFalse($is_uploaded->invoke($filespec));
}
}