View source
<?php
namespace Drupal\system\Tests\File;
class NameMungingTest extends FileTestBase {
protected $badExtension;
protected $name;
protected $nameWithUcExt;
protected function setUp() {
parent::setUp();
$this->badExtension = 'php';
$this->name = $this
->randomMachineName() . '.' . $this->badExtension . '.txt';
$this->nameWithUcExt = $this
->randomMachineName() . '.' . strtoupper($this->badExtension) . '.txt';
}
function testMunging() {
$this
->config('system.file')
->set('allow_insecure_uploads', 0)
->save();
$munged_name = file_munge_filename($this->name, '', TRUE);
$messages = drupal_get_messages();
$this
->assertTrue(in_array(strtr('For security reasons, your upload has been renamed to <em class="placeholder">%filename</em>.', array(
'%filename' => $munged_name,
)), $messages['status']), 'Alert properly set when a file is renamed.');
$this
->assertNotEqual($munged_name, $this->name, format_string('The new filename (%munged) has been modified from the original (%original)', array(
'%munged' => $munged_name,
'%original' => $this->name,
)));
}
function testMungeNullByte() {
$prefix = $this
->randomMachineName();
$filename = $prefix . '.' . $this->badExtension . "\0.txt";
$this
->assertEqual(file_munge_filename($filename, ''), $prefix . '.' . $this->badExtension . '_.txt', 'A filename with a null byte is correctly munged to remove the null byte.');
}
function testMungeIgnoreInsecure() {
$this
->config('system.file')
->set('allow_insecure_uploads', 1)
->save();
$munged_name = file_munge_filename($this->name, '');
$this
->assertIdentical($munged_name, $this->name, format_string('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', array(
'%munged' => $munged_name,
'%original' => $this->name,
)));
}
function testMungeIgnoreWhitelisted() {
$munged_name = file_munge_filename($this->nameWithUcExt, $this->badExtension);
$this
->assertIdentical($munged_name, $this->nameWithUcExt, format_string('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', array(
'%munged' => $munged_name,
'%original' => $this->nameWithUcExt,
)));
$munged_name = file_munge_filename($this->name, strtoupper($this->badExtension));
$this
->assertIdentical($munged_name, $this->name, format_string('The new filename (%munged) matches the original (%original) also when the whitelisted extension is in uppercase.', array(
'%munged' => $munged_name,
'%original' => $this->name,
)));
}
function testUnMunge() {
$munged_name = file_munge_filename($this->name, '', FALSE);
$unmunged_name = file_unmunge_filename($munged_name);
$this
->assertIdentical($unmunged_name, $this->name, format_string('The unmunged (%unmunged) filename matches the original (%original)', array(
'%unmunged' => $unmunged_name,
'%original' => $this->name,
)));
}
}