public function FileUploadResourceTestBase::testFileUploadStrippedFilePath in Drupal 9
Same name and namespace in other branches
- 8 core/modules/rest/tests/src/Functional/FileUploadResourceTestBase.php \Drupal\Tests\rest\Functional\FileUploadResourceTestBase::testFileUploadStrippedFilePath()
- 10 core/modules/rest/tests/src/Functional/FileUploadResourceTestBase.php \Drupal\Tests\rest\Functional\FileUploadResourceTestBase::testFileUploadStrippedFilePath()
Tests using the file upload route with any path prefixes being stripped.
See also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Dispos...
File
- core/
modules/ rest/ tests/ src/ Functional/ FileUploadResourceTestBase.php, line 360
Class
- FileUploadResourceTestBase
- Tests binary data file upload route.
Namespace
Drupal\Tests\rest\FunctionalCode
public function testFileUploadStrippedFilePath() {
$this
->initAuthentication();
$this
->provisionResource([
static::$format,
], static::$auth ? [
static::$auth,
] : [], [
'POST',
]);
$this
->setUpAuthorization('POST');
$uri = Url::fromUri('base:' . static::$postUri);
$response = $this
->fileRequest($uri, $this->testFileData, [
'Content-Disposition' => 'file; filename="directory/example.txt"',
]);
$this
->assertSame(201, $response
->getStatusCode());
$expected = $this
->getExpectedNormalizedEntity();
$this
->assertResponseData($expected, $response);
// Check the actual file data. It should have been written to the configured
// directory, not /foobar/directory/example.txt.
$this
->assertSame($this->testFileData, file_get_contents('public://foobar/example.txt'));
$response = $this
->fileRequest($uri, $this->testFileData, [
'Content-Disposition' => 'file; filename="../../example_2.txt"',
]);
$this
->assertSame(201, $response
->getStatusCode());
$expected = $this
->getExpectedNormalizedEntity(2, 'example_2.txt', TRUE);
$this
->assertResponseData($expected, $response);
// Check the actual file data. It should have been written to the configured
// directory, not /foobar/directory/example.txt.
$this
->assertSame($this->testFileData, file_get_contents('public://foobar/example_2.txt'));
$this
->assertFileDoesNotExist('../../example_2.txt');
// Check a path from the root. Extensions have to be empty to allow a file
// with no extension to pass validation.
$this->field
->setSetting('file_extensions', '')
->save();
$this
->refreshTestStateAfterRestConfigChange();
$response = $this
->fileRequest($uri, $this->testFileData, [
'Content-Disposition' => 'file; filename="/etc/passwd"',
]);
$this
->assertSame(201, $response
->getStatusCode());
$expected = $this
->getExpectedNormalizedEntity(3, 'passwd', TRUE);
// This mime will be guessed as there is no extension.
$expected['filemime'][0]['value'] = 'application/octet-stream';
$this
->assertResponseData($expected, $response);
// Check the actual file data. It should have been written to the configured
// directory, not /foobar/directory/example.txt.
$this
->assertSame($this->testFileData, file_get_contents('public://foobar/passwd'));
}