Index: modules/simpletest/tests/file.test =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/tests/file.test,v retrieving revision 1.7 diff -u -p -r1.7 file.test --- modules/simpletest/tests/file.test 12 Oct 2008 06:37:40 -0000 1.7 +++ modules/simpletest/tests/file.test 4 Nov 2008 20:01:14 -0000 @@ -1136,4 +1136,102 @@ class FileSaveDataTest extends FileHookT $file = file_save_data($contents, 'asdf.txt', FILE_EXISTS_ERROR); $this->assertFalse($file, t("Overwriting a file fails when FILE_EXISTS_ERROR is specified.")); } -} \ No newline at end of file +} + +/** + * Tests for download/file transfer functions. + */ +class FileDownloadTest extends FileTestCase { + /** + * Implementation of getInfo(). + */ + function getInfo() { + return array( + 'name' => t('File download'), + 'description' => t('Tests for file download/transfer functions.'), + 'group' => t('File'), + ); + } + + /** + * Implementation of setUp(). + */ + function setUp() { + parent::setUp('file_test'); + + // Set file downloads to private so handler functions get called. + variable_set('file_downloads', FILE_DOWNLOADS_PRIVATE); + } + + /** + * Tests for file_download(). + */ + function testFileTransfer() { + // Create file. + $base_file = $this->createFile(); + // Copy files to files directory. + $file = file_copy(clone $base_file); + // Set file_test access header to allow the download. + file_test_set_access(TRUE); + + $url = file_create_url($file->filename); + $this->drupalHead($url); + $this->assertRaw('Content-Type: test_file', t('Found header set by file_test module on private download.')); + + // Deny access to all downloads via a -1 header. + file_test_set_access(FALSE); + $this->drupalHead($url); + $this->assertResponse(403, t('Correctly denied access to a file when file_test sets the header to -1.')); + + // Try non-existent file. + $url = file_create_url($this->randomName()); + $this->drupalHead($url); + $this->assertResponse(404, t('Correctly returned 404 response for a non-existent file.')); + } +} + +/** + * Tests for file_munge_filename() and file_unmunge_filename(). + */ +class FileNameMungingTest extends FileTestCase { + /** + * Implementation of getInfo(). + */ + function getInfo() { + return array( + 'name' => t('File naming'), + 'description' => t('Filename munging and unmunging tests.'), + 'group' => t('File'), + ); + } + + /** + * Create a file and munge/unmunge the name. + */ + function testFileNameMunging() { + $file = $this->createFile(); + $insecure_extension = 'php'; + $extension = 'txt'; + $original_name = $file->filename . '.' . $insecure_extension . '.' . $extension; + + // If allow insecure uploads is enabled, the file should come out + // untouched, no matter what. + variable_set('allow_insecure_uploads', 1); + $munged_name = file_munge_filename($original_name, ''); + $this->assertIdentical($munged_name, $original_name, t('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', array('%munged' => $munged_name, '%original' => $original_name))); + + // Disable insecure uploads. + variable_set('allow_insecure_uploads', 0); + $munged_name = file_munge_filename($original_name, '', TRUE); + $messages = drupal_get_messages(); + $this->assertTrue(in_array(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $munged_name)), $messages['status']), t('Alert properly set when a file is renamed.')); + $this->assertNotEqual($munged_name, $original_name, t('The new filename (%munged) has been modified from the original (%original)', array('%munged' => $munged_name, '%original' => $original_name))); + $unmunged_name = file_unmunge_filename($munged_name); + $this->assertIdentical($unmunged_name, $original_name, t('The unmunged (%unmunged) filename matches the original (%original)', array('%unmunged' => $unmunged_name, '%original' => $original_name))); + + // Declare our extension as whitelisted. + $munged_name = file_munge_filename($original_name, $insecure_extension); + $this->assertIdentical($munged_name, $original_name, t('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', array('%munged' => $munged_name, '%original' => $original_name))); + } +} + \ No newline at end of file Index: modules/simpletest/tests/file_test.module =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/tests/file_test.module,v retrieving revision 1.2 diff -u -p -r1.2 file_test.module --- modules/simpletest/tests/file_test.module 9 Oct 2008 00:02:29 -0000 1.2 +++ modules/simpletest/tests/file_test.module 4 Nov 2008 20:01:14 -0000 @@ -118,6 +118,22 @@ function file_test_file_status(&$file) { */ function file_test_file_download(&$file) { $GLOBALS['file_test_results']['download'][] = func_get_args(); + + $access = file_test_get_access(); + if ($access === TRUE) { + // Add a header for testing file_transfer(). + return array( + 'Content-Type: test_file', + ); + } + elseif ($access === FALSE) { + // Deny access to the file. + return array( + -1, + ); + } + + // If access hasn't been defined, simply return the test array. return $GLOBALS['file_test_hook_return']['download']; } @@ -164,3 +180,21 @@ function file_test_file_delete(&$file) { $GLOBALS['file_test_results']['delete'][] = func_get_args(); } +/** + * Set a session variable that is used to determine the file headers added via + * file_test_file_download(). + * + * @param boolean $value + * A value of FALSE will deny access to files, while a value of true will + * allow access. + */ +function file_test_set_access($value) { + variable_set('file_test_file_access', $value); +} + +/** + * Return the current access state for file_test_file_download(). + */ +function file_test_get_access() { + return variable_get('file_test_file_access', NULL); +} \ No newline at end of file