#1951 - Make metadata generation more flexible (photo and movie helpers).

- added photo_get_file_metadata and movie_get_file_metadata events
- modified photo::get_file_metadata and movie::get_file_metadata to use them
- ensure that non-readable files throw exceptions
- redirected other photo metadata calls in core to photo::get_file_metadata (the helper function already exists, but in many places getimagesize is still called directly)
- added some unit tests (neither of the functions above had one)

2 files changed, 88 insertions, 0 deletions

diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php
index ff7f798c..0c262620 100644
--- a/modules/gallery/tests/Movie_Helper_Test.php
+++ b/modules/gallery/tests/Movie_Helper_Test.php
@@ -46,4 +46,36 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
       $this->assert_equal($seconds, movie::hhmmssdd_to_seconds($hhmmssdd));
     }
   }
+
+  public function get_file_metadata_test() {
+    $movie = test::random_movie();
+    $this->assert_equal(array(360, 288, "video/x-flv", "flv", 6.00),
+                        movie::get_file_metadata($movie->file_path()));
+  }
+
+  public function get_file_metadata_with_non_existent_file_test() {
+    try {
+      $metadata = movie::get_file_metadata(MODPATH . "gallery/tests/this_does_not_exist");
+      $this->assert_true(false, "Shouldn't get here");
+    } catch (Exception $e) {
+      // pass
+    }
+  }
+
+  public function get_file_metadata_with_no_extension_test() {
+    copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_no_extension");
+    $this->assert_equal(array(360, 288, null, null, 6.00),
+                        movie::get_file_metadata(TMPPATH . "test_flv_with_no_extension"));
+  }
+
+  public function get_file_metadata_with_illegal_extension_test() {
+    $this->assert_equal(array(0, 0, null, null, 0),
+                        movie::get_file_metadata(MODPATH . "gallery/tests/Movie_Helper_Test.php"));
+  }
+
+  public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() {
+    copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_php_extension.php");
+    $this->assert_equal(array(360, 288, null, null, 6.00),
+                        movie::get_file_metadata(TMPPATH . "test_flv_with_php_extension.php"));
+  }
 }
diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php
new file mode 100644
index 00000000..5207a6db
--- /dev/null
+++ b/modules/gallery/tests/Photo_Helper_Test.php
@@ -0,0 +1,56 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Photo_Helper_Test extends Gallery_Unit_Test_Case {
+  public function get_file_metadata_test() {
+    $photo = test::random_photo();
+    $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
+                        photo::get_file_metadata($photo->file_path()));
+  }
+
+  public function get_file_metadata_with_non_existent_file_test() {
+    try {
+      $metadata = photo::get_file_metadata(MODPATH . "gallery/tests/this_does_not_exist");
+      $this->assert_true(false, "Shouldn't get here");
+    } catch (Exception $e) {
+      // pass
+    }
+  }
+
+  public function get_file_metadata_with_no_extension_test() {
+    copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_no_extension");
+    $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
+                        photo::get_file_metadata(TMPPATH . "test_jpg_with_no_extension"));
+  }
+
+  public function get_file_metadata_with_illegal_extension_test() {
+    $this->assert_equal(array(0, 0, null, null),
+                        photo::get_file_metadata(MODPATH . "gallery/tests/Photo_Helper_Test.php"));
+  }
+
+  public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() {
+    // This ensures that we correctly "re-type" files with invalid extensions if the contents
+    // themselves are valid.  This is needed to ensure that issues similar to those corrected by
+    // ticket #1855, where an image that looked valid (header said jpg) with a php extension was
+    // previously accepted without changing its extension, do not arise and cause security issues.
+    copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_php_extension.php");
+    $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
+                        photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php"));
+  }
+}