Index: includes/form.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/form.inc,v
retrieving revision 1.289
diff -u -p -u -p -r1.289 form.inc
--- includes/form.inc 27 Sep 2008 19:47:42 -0000 1.289
+++ includes/form.inc 10 Oct 2008 03:04:52 -0000
@@ -2085,7 +2085,7 @@ function theme_textfield($element) {
$extra = '';
$output = '';
- if ($element['#autocomplete_path']) {
+ if ($element['#autocomplete_path'] && menu_valid_path(array('link_path' => $element['#autocomplete_path']))) {
drupal_add_js('misc/autocomplete.js');
$class[] = 'form-autocomplete';
$extra = '';
Index: modules/profile/profile.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile/profile.admin.inc,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 profile.admin.inc
--- modules/profile/profile.admin.inc 21 Aug 2008 19:36:38 -0000 1.12
+++ modules/profile/profile.admin.inc 10 Oct 2008 03:04:53 -0000
@@ -269,6 +269,7 @@ Unless you know what you are doing, it i
$form['fields']['autocomplete'] = array('#type' => 'checkbox',
'#title' => t('Form will auto-complete while user is typing.'),
'#default_value' => $edit['autocomplete'],
+ '#description' => t('For security, auto-complete will be disabled if the user does not have access to user profiles.'),
);
$form['fields']['required'] = array('#type' => 'checkbox',
'#title' => t('The user must enter a value.'),
Index: modules/profile/profile.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile/profile.test,v
retrieving revision 1.6
diff -u -p -u -p -r1.6 profile.test
--- modules/profile/profile.test 5 Jun 2008 21:55:44 -0000 1.6
+++ modules/profile/profile.test 10 Oct 2008 03:04:53 -0000
@@ -248,11 +248,56 @@ class ProfileTestWeights extends Profile
}
}
+class ProfileTestAutocomplete extends ProfileTestCase {
+
+ /**
+ * Implementation of getInfo().
+ */
+ function getInfo() {
+ return array(
+ 'name' => t('Autocompletion'),
+ 'description' => t('Test profile fields with autocompletion.'),
+ 'group' => t('Profile')
+ );
+ }
+
+ /**
+ * Tests profile field autocompletion and permissions.
+ */
+ function testAutocomplete() {
+ $this->drupalLogin($this->admin_user);
+
+ $category = $this->randomName();
+ $field = $this->createProfileField('textfield', $category, array('weight' => 1, 'autocomplete' => 1));
+ $field['value'] = $this->randomName();
+ $autocomplete_html = '';
+ $field_html = '';
+ $this->setProfileField($field, $field['value']);
+
+ $this->drupalGet('user/' . $this->admin_user->uid . '/edit/' . $category);
+ $this->assertRaw($autocomplete_html, t('Autocomplete found.'));
+ $this->assertRaw('misc/autocomplete.js', t('Autocomplete JavaScript found.'));
+ $this->assertRaw('class="form-text form-autocomplete"', t('Autocomplete form element class found.'));
+
+ $this->drupalGet('profile/autocomplete/' . $field['fid'] . '/' . $field['value'][0]);
+ $this->assertResponse(200, t('Autocomplete path allowed to user with permission.'));
+ $this->assertRaw($field['value'], t('Autocomplete value found.'));
+
+ $this->drupalLogout();
+ $this->drupalLogin($this->normal_user);
+
+ $this->drupalGet('user/' . $this->normal_user->uid . '/edit/' . $category);
+ $this->assertNoRaw($autocomplete_html, t('Autocomplete not found.'));
+
+ $this->drupalGet('profile/autocomplete/' . $field['fid'] . '/' . $field['value'][0]);
+ $this->assertResponse(403, t('Autocomplete path denied to user without permission.'));
+ }
+}
+
/**
* TODO:
* - Test field visibility
* - Test profile browsing
- * - Test autocomplete
* - Test required fields
* - Test fields on registration form
* - Test updating fields
Index: modules/user/user.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.test,v
retrieving revision 1.16
diff -u -p -u -p -r1.16 user.test
--- modules/user/user.test 1 Oct 2008 00:54:43 -0000 1.16
+++ modules/user/user.test 10 Oct 2008 03:04:53 -0000
@@ -523,3 +523,43 @@ class UserAdminTestCase extends DrupalWe
$this->assertEqual($account->status, 0, 'User B blocked');
}
}
+
+class UserAutocompleteTestCase extends DrupalWebTestCase {
+
+ /**
+ * Implementation of getInfo().
+ */
+ function getInfo() {
+ return array(
+ 'name' => t('User autocompletion'),
+ 'description' => t('Test user autocompletion functionality.'),
+ 'group' => t('User')
+ );
+ }
+
+ /**
+ * Implementation of setUp().
+ */
+ function setUp() {
+ parent::setUp();
+
+ $this->user1 = $this->drupalCreateUser();
+ $this->user2 = $this->drupalCreateUser(array('access user profiles'));
+ }
+
+ /**
+ * Attempts to access user autocompletion from users with or without the
+ * proper access and verify the correct results.
+ */
+ function testUserAutocomplete() {
+ $this->drupalLogin($this->user1);
+ $this->drupalGet('user/autocomplete/' . $this->user1->name[0]);
+ $this->assertResponse(403, t('Autocompletion access denied to user without permission.'));
+
+ $this->drupalLogout();
+ $this->drupalLogin($this->user2);
+ $this->drupalGet('user/autocomplete/' . $this->user1->name[0]);
+ $this->assertResponse(200, t('Autocompletion access allowed.'));
+ $this->assertRaw($this->user1->name, t('User name found in autocompletion results.'));
+ }
+}