1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
<?php
/**
*
* @package testing
* @copyright (c) 2012 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once __DIR__ . '/../../phpBB/includes/functions.php';
require_once __DIR__ . '/../../phpBB/includes/utf/utf_tools.php';
require_once __DIR__ . '/../../phpBB/includes/functions_upload.php';
require_once __DIR__ . '/../mock/fileupload.php';
class phpbb_filespec_test extends phpbb_test_case
{
const TEST_COUNT = 100;
const PREFIX = 'phpbb_';
const MAX_STR_LEN = 50;
private $config;
private $filespec;
public $path;
protected function setUp()
{
global $config;
if (!is_array($config))
{
$config = array();
}
$config['rand_seed'] = '';
$config['rand_seed_last_update'] = time() + 600;
$config['mime_triggers'] = 'body|head|html|img|plaintext|a href|pre|script|table|title';
$this->config = $config;
$this->path = __DIR__ . '/fixture/';
$this->init_filespec();
}
public function additional_checks_variables()
{
return array(
array('GIF', true),
array('JPG', false),
array('PNG', true),
array('TIF', false),
array('TXT', true),
);
}
public function check_content_variables()
{
return array(
array('GIF', true),
array('JPG', true),
array('PNG', true),
array('TIF', true),
array('TXT', false),
);
}
public function get_extension_variables()
{
return array(
array('file.png', 'png'),
array('file.phpbb.gif', 'gif'),
array('file..', ''),
array('.file..jpg.webp', 'webp'),
);
}
private function init_filespec($override = array())
{
// Initialise a blank filespec object for use with trivial methods
$upload_ary = array(
'name' => '',
'type' => '',
'size' => '',
'tmp_name' => '',
'error' => '',
);
$this->filespec = new filespec(array_merge($upload_ary, $override), null);
}
public function is_image_variables()
{
return array(
array('GIF', 'image/gif', true),
array('JPG', 'image/jpg', true),
array('PNG', 'image/png', true),
array('TIF', 'image/tif', true),
array('TXT', 'text/plain', false),
);
}
/**
* @dataProvider additional_checks_variables
*/
public function test_additional_checks($filename, $expected)
{
global $user;
$user = new phpbb_mock_user();
$upload = new phpbb_mock_fileupload();
$this->init_filespec(array('tmp_name', $this->path . $filename));
$this->filespec->upload = $upload;
$this->filespec->file_moved = true;
$this->filespec->filesize = $this->filespec->get_filesize($this->path . $filename);
$this->assertEquals($expected, $this->filespec->additional_checks());
}
/**
* @dataProvider check_content_variables
*/
public function test_check_content($filename, $expected)
{
$disallowed_content = explode('|', $this->config['mime_triggers']);
$this->init_filespec(array('tmp_name' => $this->path . $filename));
$this->assertEquals($expected, $this->filespec->check_content($disallowed_content));
}
public function test_clean_filename_real()
{
$available_chars = str_split('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\'\\" /:*?<>|[];(){},#+=-_`');
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
for ($tests = 0; $tests < self::TEST_COUNT; $tests++)
{
$len = mt_rand(1, self::MAX_STR_LEN);
$str = '';
for ($j = 0; $j < $len; $j++)
{
$index = mt_rand(0, sizeof($available_chars) - 1);
$str .= $available_chars[$index];
}
$this->init_filespec(array('name' => $str));
$this->filespec->clean_filename('real', self::PREFIX);
$name = $this->filespec->realname;
$this->assertEquals(0, preg_match('/%(\w{2})/', $name));
foreach ($bad_chars as $char)
{
$this->assertFalse(strpos($name, $char));
}
}
}
public function test_clean_filename_unique()
{
$filenames = array();
for ($tests = 0; $tests < self::TEST_COUNT; $tests++)
{
$this->init_filespec();
$this->filespec->clean_filename('unique', self::PREFIX);
$name = $this->filespec->realname;
$this->assertTrue(strlen($name) === 32 + strlen(self::PREFIX));
$this->assertRegExp('#^[A-Za-z0-9]+$#', substr($name, strlen(self::PREFIX)));
$this->assertFalse(isset($filenames[$name]));
$filenames[$name] = true;
}
}
/**
* @dataProvider get_extension_variables
*/
public function test_get_extension($filename, $expected)
{
$this->assertEquals($expected, $this->filespec->get_extension($filename));
}
/**
* @dataProvider is_image_variables
*/
public function test_is_image($filename, $mimetype, $expected)
{
$this->init_filespec(array('tmp_name' => $this->path . $filename, 'type' => $mimetype));
$this->assertEquals($expected, $this->filespec->is_image());
}
}
|
