diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2012-05-05 18:52:44 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2012-05-05 18:52:44 -0700 |
| commit | 801c9a98e438a9c6a072630c3a051435986f6cf0 (patch) | |
| tree | 09c316787785d0a0b7ca344687aef44e553bfeee | |
| parent | 0a811f9a4ebabf50081402d611b7cb3ccceb3e7f (diff) | |
Fix #1846.
| -rw-r--r-- | modules/gallery/models/item.php | 20 | ||||
| -rw-r--r-- | modules/gallery/tests/Item_Model_Test.php | 50 |
2 files changed, 60 insertions, 10 deletions
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index e90e0fcb..0e3f0fb8 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -803,18 +803,22 @@ class Item_Model_Core extends ORM_MPTT { } if ($this->is_movie() || $this->is_photo()) { - if (!$this->loaded()) { + $ext = pathinfo($this->name, PATHINFO_EXTENSION); + + if (!$this->loaded() && !$ext) { // New items must have an extension - $ext = pathinfo($this->name, PATHINFO_EXTENSION); - if (!$ext) { + $v->add_error("name", "illegal_data_file_extension"); + return; + } + + if ($this->is_photo()) { + if (!in_array(strtolower($ext), legal_file::get_photo_extensions())) { $v->add_error("name", "illegal_data_file_extension"); - return; } + } - if ($this->is_photo() && - !in_array(strtolower($ext), array_map("strtolower", legal_file::get_photo_extensions())) || - $this->is_movie() && - !in_array(strtolower($ext), array_map("strtolower", legal_file::get_movie_extensions()))) { + if ($this->is_movie()) { + if (!in_array(strtolower($ext), legal_file::get_movie_extensions())) { $v->add_error("name", "illegal_data_file_extension"); } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 205d0a08..6d40230f 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -333,7 +333,36 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->mime_type = "video/x-flv"; $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("type" => "read_only"), $e->validation->errors()); + $this->assert_same( + array("name" => "illegal_data_file_extension", "type" => "read_only"), + $e->validation->errors()); + return; // pass + } + $this->assert_true(false, "Shouldn't get here"); + } + + public function photo_files_must_have_an_extension_test() { + try { + $photo = test::random_photo_unsaved(); + $photo->mime_type = "image/jpeg"; + $photo->name = "no_extension"; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); + return; // pass + } + $this->assert_true(false, "Shouldn't get here"); + } + + public function movie_files_must_have_an_extension_test() { + try { + $movie = test::random_photo_unsaved(); + $movie->type = "movie"; + $movie->mime_type = "video/x-flv"; + $movie->name = "no_extension"; + $movie->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -421,7 +450,8 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("mime_type" => "invalid"), $e->validation->errors()); + $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"), + $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -473,4 +503,20 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(false, "Shouldn't get here"); } } + + public function cant_rename_to_illegal_extension_test() { + foreach (array("test.php.test", "test.php", "test.PHP", + "test.php5", "test.php4", "test.pl") as $name) { + try { + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("name" => "illegal_data_file_extension"), + $e->validation->errors()); + continue; + } + $this->assert_true(false, "Shouldn't get here"); + } + } } |