View source
<?php
namespace Drupal\KernelTests\Core\File;
use Drupal\Component\Render\FormattableMarkup;
class NameMungingTest extends FileTestBase {
protected $badExtension;
protected $name;
protected $nameWithUcExt;
protected function setUp() : void {
parent::setUp();
$this->badExtension = 'foo';
$this->name = $this
->randomMachineName() . '.' . $this->badExtension . '.txt';
$this->nameWithUcExt = $this
->randomMachineName() . '.' . strtoupper($this->badExtension) . '.txt';
}
public function testMunging() {
$this
->expectDeprecation('file_munge_filename() is deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Dispatch a \\Drupal\\Core\\File\\Event\\FileUploadSanitizeNameEvent event instead. See https://www.drupal.org/node/3032541');
$this
->config('system.file')
->set('allow_insecure_uploads', 0)
->save();
$munged_name = file_munge_filename($this->name, '', TRUE);
$messages = \Drupal::messenger()
->all();
\Drupal::messenger()
->deleteAll();
$this
->assertContainsEquals(strtr('For security reasons, your upload has been renamed to <em class="placeholder">%filename</em>.', [
'%filename' => $munged_name,
]), $messages['status'], 'Alert properly set when a file is renamed.');
$this
->assertNotEquals($this->name, $munged_name, new FormattableMarkup('The new filename (%munged) has been modified from the original (%original)', [
'%munged' => $munged_name,
'%original' => $this->name,
]));
}
public function testMungeNullByte() {
$prefix = $this
->randomMachineName();
$filename = $prefix . '.' . $this->badExtension . "\0.txt";
$this
->assertEquals($prefix . '.' . $this->badExtension . '_.txt', file_munge_filename($filename, ''), 'A filename with a null byte is correctly munged to remove the null byte.');
}
public function testMungeIgnoreInsecure() {
$this
->config('system.file')
->set('allow_insecure_uploads', 1)
->save();
$munged_name = file_munge_filename($this->name, '');
$this
->assertSame($munged_name, $this->name, new FormattableMarkup('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', [
'%munged' => $munged_name,
'%original' => $this->name,
]));
}
public function testMungeIgnoreAllowedExtensions() {
$munged_name = file_munge_filename($this->nameWithUcExt, $this->badExtension);
$this
->assertSame($munged_name, $this->nameWithUcExt);
$munged_name = file_munge_filename($this->name, strtoupper($this->badExtension));
$this
->assertSame($munged_name, $this->name);
}
public function testMungeUnsafe() {
$prefix = $this
->randomMachineName();
$name = "{$prefix}.php.txt";
$munged_name = file_munge_filename($name, 'php txt');
$this
->assertSame("{$prefix}.php_.txt", $munged_name);
}
public function testUnMunge() {
$this
->expectDeprecation('file_unmunge_filename() is deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Use str_replace() instead. See https://www.drupal.org/node/3032541');
$munged_name = file_munge_filename($this->name, '', FALSE);
$unmunged_name = file_unmunge_filename($munged_name);
$this
->assertSame($unmunged_name, $this->name, new FormattableMarkup('The unmunged (%unmunged) filename matches the original (%original)', [
'%unmunged' => $unmunged_name,
'%original' => $this->name,
]));
}
}