View source
<?php
namespace Drupal\Tests\file\Functional;
use Drupal\Component\Render\FormattableMarkup;
use Drupal\comment\Entity\Comment;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\Component\Serialization\Json;
use Drupal\Core\Url;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\Tests\field_ui\Traits\FieldUiTestTrait;
use Drupal\user\RoleInterface;
use Drupal\file\Entity\File;
use Drupal\user\Entity\User;
use Drupal\user\UserInterface;
class FileFieldWidgetTest extends FileFieldTestBase {
use CommentTestTrait;
use FieldUiTestTrait;
protected static $modules = [
'comment',
'block',
];
protected $defaultTheme = 'classy';
protected function setUp() {
parent::setUp();
$this
->drupalPlaceBlock('system_breadcrumb_block');
}
protected function createTemporaryFile($data, UserInterface $user = NULL) {
$file = file_save_data($data, NULL, NULL);
if ($file) {
if ($user) {
$file
->setOwner($user);
}
else {
$file
->setOwner($this->adminUser);
}
$file
->setTemporary();
$file
->save();
}
return $file;
}
public function testSingleValuedWidget() {
$node_storage = $this->container
->get('entity_type.manager')
->getStorage('node');
$type_name = 'article';
$field_name = strtolower($this
->randomMachineName());
$this
->createFileField($field_name, 'node', $type_name);
$test_file = $this
->getTestFile('text');
$nid = $this
->uploadNodeFile($test_file, $field_name, $type_name);
$node = $node_storage
->loadUnchanged($nid);
$node_file = File::load($node->{$field_name}->target_id);
$this
->assertFileExists($node_file
->getFileUri());
$this
->drupalGet($node_file
->createFileUrl());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet("node/{$nid}/edit");
$this
->assertNoFieldByXPath('//input[@type="submit"]', t('Upload'), 'Node with file does not display the "Upload" button.');
$this
->assertFieldByXpath('//input[@type="submit"]', t('Remove'), 'Node with file displays the "Remove" button.');
$this
->drupalPostForm(NULL, [], t('Remove'));
$this
->assertNoFieldByXPath('//input[@type="submit"]', t('Remove'), 'After clicking the "Remove" button, it is no longer displayed.');
$this
->assertFieldByXpath('//input[@type="submit"]', t('Upload'), 'After clicking the "Remove" button, the "Upload" button is displayed.');
$input = $this
->xpath('//input[@name="files[' . $field_name . '_0]"]');
$label = $this
->xpath('//label[@for="' . $input[0]
->getAttribute('id') . '"]');
$this
->assertTrue(isset($label[0]), 'Label for upload found.');
$this
->drupalPostForm(NULL, [], t('Save'));
$node = $node_storage
->loadUnchanged($nid);
$this
->assertTrue(empty($node->{$field_name}->target_id), 'File was successfully removed from the node.');
}
public function testMultiValuedWidget() {
$node_storage = $this->container
->get('entity_type.manager')
->getStorage('node');
$type_name = 'article';
$field_name = 'test_file_field_1';
$field_name2 = 'test_file_field_2';
$cardinality = 3;
$this
->createFileField($field_name, 'node', $type_name, [
'cardinality' => $cardinality,
]);
$this
->createFileField($field_name2, 'node', $type_name, [
'cardinality' => $cardinality,
]);
$test_file = $this
->getTestFile('text');
$this
->drupalGet("node/add/{$type_name}");
foreach ([
$field_name2,
$field_name,
] as $each_field_name) {
for ($delta = 0; $delta < 3; $delta++) {
$edit = [
'files[' . $each_field_name . '_' . $delta . '][]' => \Drupal::service('file_system')
->realpath($test_file
->getFileUri()),
];
$this
->drupalPostForm(NULL, $edit, t('Upload'));
}
}
$this
->assertNoFieldByXpath('//input[@type="submit"]', t('Upload'), 'After uploading 3 files for each field, the "Upload" button is no longer displayed.');
$num_expected_remove_buttons = 6;
foreach ([
$field_name,
$field_name2,
] as $current_field_name) {
$remaining = 3;
foreach ([
1,
1,
0,
] as $delta) {
$buttons = $this
->xpath('//input[@type="submit" and @value="Remove"]');
$this
->assertCount($num_expected_remove_buttons, $buttons, new FormattableMarkup('There are %n "Remove" buttons displayed.', [
'%n' => $num_expected_remove_buttons,
]));
foreach ($buttons as $i => $button) {
$key = $i >= $remaining ? $i - $remaining : $i;
$check_field_name = $field_name2;
if ($current_field_name == $field_name && $i < $remaining) {
$check_field_name = $field_name;
}
$this
->assertIdentical($button
->getAttribute('name'), $check_field_name . '_' . $key . '_remove_button');
}
$button_name = $current_field_name . '_' . $delta . '_remove_button';
$this
->getSession()
->getPage()
->findButton($button_name)
->press();
$num_expected_remove_buttons--;
$remaining--;
$upload_button_name = $current_field_name . '_' . $remaining . '_upload_button';
$buttons = $this
->xpath('//input[@type="submit" and @value="Upload" and @name=:name]', [
':name' => $upload_button_name,
]);
$this
->assertCount(1, $buttons, 'The upload button is displayed with the correct name.');
$buttons = $this
->xpath('//input[@type="submit" and @value="Upload"]');
$expected = $current_field_name == $field_name ? 1 : 2;
$this
->assertCount($expected, $buttons, 'After removing a file, only one "Upload" button for each possible field is displayed.');
}
}
$this
->assertNoFieldByXPath('//input[@type="submit"]', t('Remove'), 'After removing all files, there is no "Remove" button displayed.');
$this
->drupalPostForm(NULL, [
'title[0][value]' => $this
->randomMachineName(),
], t('Save'));
preg_match('/node\\/([0-9])/', $this
->getUrl(), $matches);
$nid = $matches[1];
$node = $node_storage
->loadUnchanged($nid);
$this
->assertTrue(empty($node->{$field_name}->target_id), 'Node was successfully saved without any files.');
$upload_files_node_revision = [
$test_file,
$test_file,
$test_file,
$test_file,
];
foreach ($upload_files_node_revision as $i => $file) {
$edit['files[test_file_field_1_0][' . $i . ']'] = \Drupal::service('file_system')
->realpath($test_file
->getFileUri());
}
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->assertSession()
->fieldExists('files[test_file_field_1_0][]');
$submit_xpath = $this
->assertSession()
->buttonExists('Save')
->getXpath();
$client = $this
->getSession()
->getDriver()
->getClient();
$form = $client
->getCrawler()
->filterXPath($submit_xpath)
->form();
$client
->request($form
->getMethod(), $form
->getUri(), $form
->getPhpValues(), $edit);
$node = $node_storage
->loadUnchanged($nid);
$this
->assertEqual(count($node->{$field_name}), $cardinality, 'More files than allowed could not be saved to node.');
$upload_files_node_creation = [
$test_file,
$test_file,
];
$nid = $this
->uploadNodeFiles($upload_files_node_creation, $field_name, $type_name, TRUE, []);
$node = $node_storage
->loadUnchanged($nid);
$this
->assertEqual(count($node->{$field_name}), count($upload_files_node_creation), 'Node was successfully saved with multiple files.');
$this
->uploadNodeFile($test_file, $field_name, $node
->id(), 1, [], TRUE);
$node = $node_storage
->loadUnchanged($nid);
$this
->assertEqual(count($node->{$field_name}), $cardinality, 'Node was successfully revised to maximum number of files.');
$upload_files = [
$test_file,
$test_file,
$test_file,
];
$nid = $this
->uploadNodeFiles($upload_files, $field_name, $type_name, TRUE, []);
$node = $node_storage
->loadUnchanged($nid);
$this
->assertEqual(count($node->{$field_name}), $cardinality, 'Node was successfully saved with maximum number of files.');
}
public function testPrivateFileSetting() {
$node_storage = $this->container
->get('entity_type.manager')
->getStorage('node');
user_role_grant_permissions($this->adminUser->roles[0]->target_id, [
'administer node fields',
]);
$type_name = 'article';
$field_name = strtolower($this
->randomMachineName());
$this
->createFileField($field_name, 'node', $type_name);
$field = FieldConfig::loadByName('node', $type_name, $field_name);
$field_id = $field
->id();
$test_file = $this
->getTestFile('text');
$edit = [
'settings[uri_scheme]' => 'private',
];
$this
->drupalPostForm("admin/structure/types/manage/{$type_name}/fields/{$field_id}/storage", $edit, t('Save field settings'));
$nid = $this
->uploadNodeFile($test_file, $field_name, $type_name);
$node = $node_storage
->loadUnchanged($nid);
$node_file = File::load($node->{$field_name}->target_id);
$this
->assertFileExists($node_file
->getFileUri());
$this
->drupalGet($node_file
->createFileUrl());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet("admin/structure/types/manage/{$type_name}/fields/{$field_id}/storage");
$this
->assertFieldByXpath('//input[@id="edit-settings-uri-scheme-public" and @disabled="disabled"]', 'public', 'Upload destination setting disabled.');
$node
->delete();
$this
->drupalGet("admin/structure/types/manage/{$type_name}/fields/{$field_id}/storage");
$this
->assertFieldByXpath('//input[@id="edit-settings-uri-scheme-public" and not(@disabled)]', 'public', 'Upload destination setting enabled.');
}
public function testPrivateFileComment() {
$user = $this
->drupalCreateUser([
'access comments',
]);
$roles = $this->adminUser
->getRoles();
user_role_grant_permissions($roles[1], [
'administer comment fields',
'administer comments',
]);
user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments',
]);
user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, [
'post comments',
'skip comment approval',
]);
$this
->addDefaultCommentField('node', 'article');
$name = strtolower($this
->randomMachineName());
$label = $this
->randomMachineName();
$storage_edit = [
'settings[uri_scheme]' => 'private',
];
$this
->fieldUIAddNewField('admin/structure/comment/manage/comment', $name, $label, 'file', $storage_edit);
\Drupal::service('entity_field.manager')
->clearCachedFieldDefinitions();
$edit = [
'title[0][value]' => $this
->randomMachineName(),
];
$this
->drupalPostForm('node/add/article', $edit, t('Save'));
$node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$text_file = $this
->getTestFile('text');
$edit = [
'files[field_' . $name . '_' . 0 . ']' => \Drupal::service('file_system')
->realpath($text_file
->getFileUri()),
'comment_body[0][value]' => $comment_body = $this
->randomMachineName(),
];
$this
->drupalPostForm('node/' . $node
->id(), $edit, t('Save'));
preg_match('/comment-([0-9]+)/', $this
->getUrl(), $matches);
$cid = $matches[1];
$this
->drupalLogin($user);
$comment = Comment::load($cid);
$comment_file = $comment->{'field_' . $name}->entity;
$this
->assertFileExists($comment_file
->getFileUri());
$url = $comment_file
->createFileUrl();
$this
->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
$this
->drupalGet($comment_file
->createFileUrl());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalLogout();
$this
->drupalGet($comment_file
->createFileUrl());
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalLogin($this->adminUser);
$edit = [
'status[value]' => FALSE,
];
$this
->drupalPostForm('node/' . $node
->id() . '/edit', $edit, t('Save'));
$this
->drupalLogin($user);
$this
->drupalGet($comment_file
->createFileUrl());
$this
->assertSession()
->statusCodeEquals(403);
}
public function testWidgetValidation() {
$type_name = 'article';
$field_name = strtolower($this
->randomMachineName());
$this
->createFileField($field_name, 'node', $type_name);
$this
->updateFileField($field_name, $type_name, [
'file_extensions' => 'txt',
]);
$type = 'nojs';
$node = $this
->drupalCreateNode([
'type' => 'article',
]);
$nid = $node
->id();
$this
->drupalGet("node/{$nid}/edit");
$test_file_text = $this
->getTestFile('text');
$test_file_image = $this
->getTestFile('image');
$name = 'files[' . $field_name . '_0]';
$edit[$name] = \Drupal::service('file_system')
->realpath($test_file_image
->getFileUri());
$this
->drupalPostForm(NULL, $edit, t('Upload'));
$error_message = t('Only files with the following extensions are allowed: %files-allowed.', [
'%files-allowed' => 'txt',
]);
$this
->assertRaw($error_message, t('Validation error when file with wrong extension uploaded (JSMode=%type).', [
'%type' => $type,
]));
$edit[$name] = \Drupal::service('file_system')
->realpath($test_file_text
->getFileUri());
$this
->drupalPostForm(NULL, $edit, t('Upload'));
$this
->assertNoRaw($error_message, t('Validation error removed when file with correct extension uploaded (JSMode=%type).', [
'%type' => $type,
]));
}
public function testWidgetElement() {
$field_name = mb_strtolower($this
->randomMachineName());
$html_name = str_replace('_', '-', $field_name);
$this
->createFileField($field_name, 'node', 'article', [
'cardinality' => FieldStorageConfig::CARDINALITY_UNLIMITED,
]);
$file = $this
->getTestFile('text');
$xpath = "//details[@data-drupal-selector='edit-{$html_name}']/div[@class='details-wrapper']/table";
$this
->drupalGet('node/add/article');
$elements = $this
->xpath($xpath);
$this
->assertCount(0, $elements);
$edit['files[' . $field_name . '_0][]'] = $this->container
->get('file_system')
->realpath($file
->getFileUri());
$this
->drupalPostForm(NULL, $edit, "{$field_name}_0_upload_button");
$elements = $this
->xpath($xpath);
$this
->assertCount(1, $elements);
$http_client = $this
->getHttpClient();
$key = $this
->randomMachineName();
$post_request = $http_client
->request('POST', $this
->buildUrl('file/progress/' . $key), [
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
],
'http_errors' => FALSE,
]);
$this
->assertNotEquals(500, $post_request
->getStatusCode());
$body = Json::decode($post_request
->getBody());
$this
->assertStringContainsString('Starting upload...', $body['message']);
}
public function testTemporaryFileRemovalExploit() {
$victim_user = $this
->drupalCreateUser();
$attacker_user = $this
->drupalCreateUser([
'access content',
'create article content',
'edit any article content',
]);
$this
->drupalLogin($attacker_user);
$this
->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}
public function testTemporaryFileRemovalExploitAnonymous() {
$victim_user = User::getAnonymousUser();
$attacker_user = User::getAnonymousUser();
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access content' => TRUE,
'create article content' => TRUE,
'edit any article content' => TRUE,
]);
$this
->drupalLogout();
$this
->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}
protected function doTestTemporaryFileRemovalExploit(UserInterface $victim_user, UserInterface $attacker_user) {
$type_name = 'article';
$field_name = 'test_file_field';
$this
->createFileField($field_name, 'node', $type_name);
$test_file = $this
->getTestFile('text');
$type = 'no-js';
$victim_tmp_file = $this
->createTemporaryFile('some text', $victim_user);
$victim_tmp_file = File::load($victim_tmp_file
->id());
$this
->assertTrue($victim_tmp_file
->isTemporary(), 'New file saved to disk is temporary.');
$this
->assertFalse(empty($victim_tmp_file
->id()), 'New file has an fid.');
$this
->assertEqual($victim_user
->id(), $victim_tmp_file
->getOwnerId(), 'New file belongs to the victim.');
$edit = [
'title[0][value]' => $type . '-title',
];
$edit['files[' . $field_name . '_0]'] = $this->container
->get('file_system')
->realpath($test_file
->getFileUri());
$this
->drupalPostForm(Url::fromRoute('node.add', [
'node_type' => $type_name,
]), $edit, t('Save'));
$node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$node_file = File::load($node->{$field_name}->target_id);
$this
->assertFileExists($node_file
->getFileUri());
$this
->assertEqual($attacker_user
->id(), $node_file
->getOwnerId(), 'New file belongs to the attacker.');
$this
->drupalGet($node_file
->createFileUrl());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet($node
->toUrl('edit-form'));
$file_id_field = $this
->assertSession()
->hiddenFieldExists($field_name . '[0][fids]');
$file_id_field
->setValue((string) $victim_tmp_file
->id());
$this
->drupalPostForm(NULL, [], 'Remove');
$this
->assertFileExists($victim_tmp_file
->getFileUri());
}
}