diff options
| author | shadlaws <shad@shadlaws.com> | 2013-02-08 13:51:41 +0100 |
|---|---|---|
| committer | shadlaws <shad@shadlaws.com> | 2013-02-08 13:51:41 +0100 |
| commit | 0312d1b071bd4434ddb3f82888b0323da6bf3732 (patch) | |
| tree | ce89c93a8ebde82d5e576804ec253bc5a0747017 /modules/gallery/tests/Item_Model_Test.php | |
| parent | 40c5cba2dccdb217bd93274f65d16fd5558257fe (diff) | |
#1994 - Make get_file_metadata throw an exception if photo or movie is unidentifiable/illegal.
- photo & movie helpers: modified to throw exceptions when file is known to be unidentifiable/illegal.
- item model: revised to work with exceptions and be more explicit when the data file is invalid.
- item model: removed duplicate get_file_metadata call for updated items.
- admin_watermarks controller: revised to work with exceptions (really cleans up logic here).
- graphics helper: revised to handle invalid placeholders (a nearly-impossible corner case, but still...).
- photo & movie helper tests: revised to work with exceptions, added new tests for illegal files with valid extensions.
- item model tests: revised to work with exceptions, added new tests for illegal files with valid extensions.
Diffstat (limited to 'modules/gallery/tests/Item_Model_Test.php')
| -rw-r--r-- | modules/gallery/tests/Item_Model_Test.php | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index a1c5bce6..a93498dd 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -445,13 +445,25 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"), - $e->validation->errors()); + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); } + public function unsafe_data_file_replacement_with_valid_extension_test() { + $temp_file = TMPPATH . "masquerading_php.jpg"; + copy(MODPATH . "gallery/tests/Item_Model_Test.php", $temp_file); + try { + $photo = test::random_photo(); + $photo->set_data_file($temp_file); + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); + return; // pass + } + } + public function urls_test() { $photo = test::random_photo(); $this->assert_true( |