summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.build_number2
-rw-r--r--modules/gallery/controllers/file_proxy.php34
-rw-r--r--modules/gallery/helpers/data_rest.php12
-rw-r--r--modules/gallery/tests/Data_Rest_Helper_Test.php102
-rw-r--r--modules/gallery/tests/File_Proxy_Controller_Test.php130
5 files changed, 264 insertions, 16 deletions
diff --git a/.build_number b/.build_number
index d5542453..53bb770a 100644
--- a/.build_number
+++ b/.build_number
@@ -3,4 +3,4 @@
; process. You don't need to edit it. In fact..
;
; DO NOT EDIT THIS FILE BY HAND!
-build_number=275
+build_number=277
diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index b2120455..df1f7908 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -49,7 +49,9 @@ class File_Proxy_Controller extends Controller {
// Make sure that the request is for a file inside var
$offset = strpos(rawurldecode($request_uri), $var_uri);
if ($offset !== 0) {
- throw new Kohana_404_Exception();
+ $e = new Kohana_404_Exception();
+ $e->test_fail_code = 1;
+ throw $e;
}
// file_uri: albums/foo/bar.jpg
@@ -59,7 +61,9 @@ class File_Proxy_Controller extends Controller {
// path: foo/bar.jpg
list ($type, $path) = explode("/", $file_uri, 2);
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
- throw new Kohana_404_Exception();
+ $e = new Kohana_404_Exception();
+ $e->test_fail_code = 2;
+ throw $e;
}
// If the last element is .album.jpg, pop that off since it's not a real item
@@ -82,22 +86,30 @@ class File_Proxy_Controller extends Controller {
}
if (!$item->loaded()) {
- throw new Kohana_404_Exception();
+ $e = new Kohana_404_Exception();
+ $e->test_fail_code = 3;
+ throw $e;
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
- throw new Kohana_404_Exception();
+ $e = new Kohana_404_Exception();
+ $e->test_fail_code = 4;
+ throw $e;
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
- throw new Kohana_404_Exception();
+ $e = new Kohana_404_Exception();
+ $e->test_fail_code = 5;
+ throw $e;
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
- throw new Kohana_404_Exception();
+ $e = new Kohana_404_Exception();
+ $e->test_fail_code = 6;
+ throw $e;
}
// Note: this code is roughly duplicated in data_rest, so if you modify this, please look to
@@ -112,7 +124,9 @@ class File_Proxy_Controller extends Controller {
}
if (!file_exists($file)) {
- throw new Kohana_404_Exception();
+ $e = new Kohana_404_Exception();
+ $e->test_fail_code = 7;
+ throw $e;
}
header("Content-Length: " . filesize($file));
@@ -146,6 +160,10 @@ class File_Proxy_Controller extends Controller {
}
}
- readfile($file);
+ if (TEST_MODE) {
+ return $file;
+ } else {
+ readfile($file);
+ }
}
}
diff --git a/modules/gallery/helpers/data_rest.php b/modules/gallery/helpers/data_rest.php
index ef4f17e7..ad369037 100644
--- a/modules/gallery/helpers/data_rest.php
+++ b/modules/gallery/helpers/data_rest.php
@@ -51,12 +51,6 @@ class data_rest_Core {
// We don't need to save the session for this request
Session::instance()->abort_save();
- if ($item->is_album() && !$item->album_cover_item_id) {
- // No thumbnail. Return nothing.
- // @todo: what should we do here?
- return;
- }
-
// Dump out the image. If the item is a movie or album, then its thumbnail will be a JPG.
if (($item->is_movie() || $item->is_album()) && $p->size == "thumb") {
header("Content-Type: image/jpeg");
@@ -68,7 +62,11 @@ class data_rest_Core {
if (isset($p->encoding) && $p->encoding == "base64") {
print base64_encode(file_get_contents($file));
} else {
- readfile($file);
+ if (TEST_MODE) {
+ return $file;
+ } else {
+ readfile($file);
+ }
}
// We must exit here to keep the regular REST framework reply code from adding more bytes on
diff --git a/modules/gallery/tests/Data_Rest_Helper_Test.php b/modules/gallery/tests/Data_Rest_Helper_Test.php
new file mode 100644
index 00000000..feec6d32
--- /dev/null
+++ b/modules/gallery/tests/Data_Rest_Helper_Test.php
@@ -0,0 +1,102 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2012 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class Data_Rest_Helper_Test extends Gallery_Unit_Test_Case {
+ public function teardown() {
+ identity::set_active_user(identity::admin_user());
+ }
+
+ public function resolve_test() {
+ $photo = test::random_photo();
+ $resolved = rest::resolve(rest::url("data", $photo, 640));
+ $this->assert_equal($photo->id, $resolved->id);
+ }
+
+ public function resolve_needs_permission_test() {
+ $album = test::random_album();
+ $photo = test::random_photo($album);
+ $album->reload(); // new photo changed the album in the db
+
+ access::deny(identity::everybody(), "view", $album);
+ identity::set_active_user(identity::guest());
+
+ try {
+ data_rest::resolve($photo->id);
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ // pass
+ }
+ }
+
+ public function basic_get_test() {
+ $photo = test::random_photo();
+
+ $request = new stdClass();
+ $request->url = rest::url("data", $photo, "thumb");
+ $request->params = new stdClass();
+
+ $request->params->size = "thumb";
+ $this->assert_same($photo->thumb_path(), data_rest::get($request));
+
+ $request->params->size = "resize";
+ $this->assert_same($photo->resize_path(), data_rest::get($request));
+
+ $request->params->size = "full";
+ $this->assert_same($photo->file_path(), data_rest::get($request));
+ }
+
+ public function illegal_access_test() {
+ $album = test::random_album();
+ $photo = test::random_photo($album);
+ $album->reload();
+
+ access::deny(identity::everybody(), "view", $album);
+ identity::set_active_user(identity::guest());
+
+ $request = new stdClass();
+ $request->url = rest::url("data", $photo, "thumb");
+ $request->params = new stdClass();
+ $request->params->size = "thumb";
+
+ try {
+ data_rest::get($request);
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ // pass
+ }
+ }
+
+ public function missing_file_test() {
+ $photo = test::random_photo();
+
+ $request = new stdClass();
+ $request->url = rest::url("data", $photo, "thumb");
+ $request->params = new stdClass();
+ $request->params->size = "thumb";
+
+ unlink($photo->thumb_path()); // oops!
+
+ try {
+ data_rest::get($request);
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ // pass
+ }
+ }
+}
diff --git a/modules/gallery/tests/File_Proxy_Controller_Test.php b/modules/gallery/tests/File_Proxy_Controller_Test.php
new file mode 100644
index 00000000..dab2b8f3
--- /dev/null
+++ b/modules/gallery/tests/File_Proxy_Controller_Test.php
@@ -0,0 +1,130 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2012 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class File_Proxy_Controller_Test extends Gallery_Unit_Test_Case {
+ public function setup() {
+ $this->_save = array($_SERVER);
+ }
+
+ public function teardown() {
+ list($_SERVER) = $this->_save;
+ identity::set_active_user(identity::admin_user());
+ }
+
+ public function basic_test() {
+ $photo = test::random_photo();
+ $_SERVER["REQUEST_URI"] = url::file("var/albums/{$photo->name}");
+ $controller = new File_Proxy_Controller();
+ $this->assert_same($photo->file_path(), $controller->__call("", array()));
+ }
+
+ public function query_params_are_ignored_test() {
+ $photo = test::random_photo();
+ $_SERVER["REQUEST_URI"] = url::file("var/albums/{$photo->name}?a=1&b=2");
+ $controller = new File_Proxy_Controller();
+ $this->assert_same($photo->file_path(), $controller->__call("", array()));
+ }
+
+ public function file_must_be_in_var_test() {
+ $_SERVER["REQUEST_URI"] = url::file("index.php");
+ $controller = new File_Proxy_Controller();
+ try {
+ $controller->__call("", array());
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ $this->assert_same(1, $e->test_fail_code);
+ }
+ }
+
+ public function file_must_be_in_albums_thumbs_or_resizes_test() {
+ $_SERVER["REQUEST_URI"] = url::file("var/test/var/uploads/.htaccess");
+ $controller = new File_Proxy_Controller();
+ try {
+ $controller->__call("", array());
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ $this->assert_same(2, $e->test_fail_code);
+ }
+ }
+
+ public function movie_thumbnails_are_jpgs_test() {
+ $movie = test::random_movie();
+ $name = legal_file::change_extension($movie->name, "jpg");
+ $_SERVER["REQUEST_URI"] = url::file("var/thumbs/{$movie->name}");
+ $controller = new File_Proxy_Controller();
+ $this->assert_same($movie->thumb_path(), $controller->__call("", array()));
+ }
+
+ public function invalid_item_test() {
+ $photo = test::random_photo();
+ $_SERVER["REQUEST_URI"] = url::file("var/albums/x_{$photo->name}");
+ $controller = new File_Proxy_Controller();
+ try {
+ $controller->__call("", array());
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ $this->assert_same(3, $e->test_fail_code);
+ }
+ }
+
+ public function need_view_full_permission_to_view_original_test() {
+ $album = test::random_album();
+ $photo = test::random_photo($album);
+ $album = $album->reload(); // adding the photo changed the album in the db
+ $_SERVER["REQUEST_URI"] = url::file("var/albums/{$album->name}/{$photo->name}");
+ $controller = new File_Proxy_Controller();
+
+ access::deny(identity::everybody(), "view_full", $album);
+ identity::set_active_user(identity::guest());
+
+ try {
+ $controller->__call("", array());
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ $this->assert_same(5, $e->test_fail_code);
+ }
+ }
+
+ public function cant_proxy_an_album_test() {
+ $album = test::random_album();
+ $_SERVER["REQUEST_URI"] = url::file("var/albums/{$album->name}");
+ $controller = new File_Proxy_Controller();
+
+ try {
+ $controller->__call("", array());
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ $this->assert_same(6, $e->test_fail_code);
+ }
+ }
+
+ public function missing_file_test() {
+ $photo = test::random_photo();
+ $_SERVER["REQUEST_URI"] = url::file("var/albums/{$photo->name}");
+ unlink($photo->file_path());
+ $controller = new File_Proxy_Controller();
+
+ try {
+ $controller->__call("", array());
+ $this->assert_true(false);
+ } catch (Kohana_404_Exception $e) {
+ $this->assert_same(7, $e->test_fail_code);
+ }
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 04:00:25 +0000