You are here

public function ValidateTest::testInsecureExtensions in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/file/tests/src/Kernel/ValidateTest.php \Drupal\Tests\file\Kernel\ValidateTest::testInsecureExtensions()
  2. 10 core/modules/file/tests/src/Kernel/ValidateTest.php \Drupal\Tests\file\Kernel\ValidateTest::testInsecureExtensions()

Tests hard-coded security check in file_validate().

File

core/modules/file/tests/src/Kernel/ValidateTest.php, line 41

Class

ValidateTest
Tests the file_validate() function.

Namespace

Drupal\Tests\file\Kernel

Code

public function testInsecureExtensions() {
  $file = $this
    ->createFile('test.php', 'Invalid PHP');

  // Test that file_validate() will check for insecure extensions by default.
  $errors = file_validate($file, []);
  $this
    ->assertEquals('For security reasons, your upload has been rejected.', $errors[0]);
  $this
    ->assertFileHooksCalled([
    'validate',
  ]);
  file_test_reset();

  // Test that the 'allow_insecure_uploads' is respected.
  $this
    ->config('system.file')
    ->set('allow_insecure_uploads', TRUE)
    ->save();
  $errors = file_validate($file, []);
  $this
    ->assertEmpty($errors);
  $this
    ->assertFileHooksCalled([
    'validate',
  ]);
}