diff options
Diffstat (limited to 'modules/gallery/tests')
| -rw-r--r-- | modules/gallery/tests/Data_Rest_Helper_Test.php | 9 | ||||
| -rw-r--r-- | modules/gallery/tests/Database_Test.php | 6 | ||||
| -rw-r--r-- | modules/gallery/tests/File_Structure_Test.php | 48 | ||||
| -rw-r--r-- | modules/gallery/tests/Gallery_Filters.php | 6 | ||||
| -rw-r--r-- | modules/gallery/tests/Gallery_Graphics_Helper_Test.php | 137 | ||||
| -rw-r--r-- | modules/gallery/tests/Graphics_Helper_Test.php | 158 | ||||
| -rw-r--r-- | modules/gallery/tests/Item_Helper_Test.php | 18 | ||||
| -rw-r--r-- | modules/gallery/tests/Item_Model_Test.php | 335 | ||||
| -rw-r--r-- | modules/gallery/tests/Legal_File_Helper_Test.php | 111 | ||||
| -rw-r--r-- | modules/gallery/tests/Movie_Helper_Test.php | 56 | ||||
| -rw-r--r-- | modules/gallery/tests/Photo_Helper_Test.php | 70 | ||||
| -rw-r--r-- | modules/gallery/tests/controller_auth_data.txt | 1 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 28 |
13 files changed, 884 insertions, 99 deletions
diff --git a/modules/gallery/tests/Data_Rest_Helper_Test.php b/modules/gallery/tests/Data_Rest_Helper_Test.php index 69d17997..e6a94864 100644 --- a/modules/gallery/tests/Data_Rest_Helper_Test.php +++ b/modules/gallery/tests/Data_Rest_Helper_Test.php @@ -99,4 +99,13 @@ class Data_Rest_Helper_Test extends Gallery_Unit_Test_Case { // pass } } + + public function cache_buster_test() { + $photo = test::random_photo(); + + $this->assert_same( + url::abs_site("rest/data/{$photo->id}?size=thumb&m=" . filemtime($photo->thumb_path())), + data_rest::url($photo, "thumb")); + } } + diff --git a/modules/gallery/tests/Database_Test.php b/modules/gallery/tests/Database_Test.php index ab3290a9..106062f5 100644 --- a/modules/gallery/tests/Database_Test.php +++ b/modules/gallery/tests/Database_Test.php @@ -147,6 +147,12 @@ class Database_Test extends Gallery_Unit_Test_Case { $sql = str_replace("\n", " ", $sql); $this->assert_same("UPDATE [test_tables] SET [name] = [Test Name] WHERE [1] = [1]", $sql); } + + function escape_for_like_test() { + // Note: literal double backslash is written as \\\ + $this->assert_same('basic\_test', Database::escape_for_like("basic_test")); + $this->assert_same('\\\100\%\_test/', Database::escape_for_like('\100%_test/')); + } } class Database_Mock extends Database { diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php index 8f6e480c..ce75ea13 100644 --- a/modules/gallery/tests/File_Structure_Test.php +++ b/modules/gallery/tests/File_Structure_Test.php @@ -283,4 +283,52 @@ class File_Structure_Test extends Gallery_Unit_Test_Case { $this->assert_true(false, $errors); } } + + public function all_public_functions_in_test_files_end_in_test() { + // Who tests the tests? :-) (ref: http://www.xkcd.com/1163) + $dir = new PhpCodeFilterIterator( + new GalleryCodeFilterIterator( + new RecursiveIteratorIterator( + new RecursiveDirectoryIterator(DOCROOT)))); + foreach ($dir as $file) { + $scan = 0; + if (basename(dirname($file)) == "tests") { + foreach (file($file) as $line) { + if (!substr($file, -9, 9) == "_Test.php") { + continue; + } + + if (preg_match("/class.*extends.*Gallery_Unit_Test_Case/", $line)) { + $scan = 1; + } else if (preg_match("/class.*extends/", $line)) { + $scan = 0; + } + + if ($scan) { + if (preg_match("/^\s*public\s+function/", $line)) { + $this->assert_true( + preg_match("/^\s*public\s+function (setup|teardown|.*_test)\(\) {/", $line), + "public functions must end in _test:\n$file\n$line\n"); + } + } + } + } + } + } + + public function no_extra_spaces_at_end_of_line_test() { + $dir = new GalleryCodeFilterIterator( + new RecursiveIteratorIterator(new RecursiveDirectoryIterator(DOCROOT))); + $errors = ""; + foreach ($dir as $file) { + if (preg_match("/\.(php|css|html|js)$/", $file)) { + foreach (file($file) as $line_num => $line) { + if ((substr($line, -2) == " \n") || (substr($line, -1) == " ")) { + $errors .= "$file at line " . ($line_num + 1) . "\n"; + } + } + } + } + $this->assert_true(empty($errors), "Extra spaces at end of line found at:\n$errors"); + } } diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php index 7209bc93..6c2a6aa3 100644 --- a/modules/gallery/tests/Gallery_Filters.php +++ b/modules/gallery/tests/Gallery_Filters.php @@ -26,7 +26,7 @@ class PhpCodeFilterIterator extends FilterIterator { class GalleryCodeFilterIterator extends FilterIterator { public function accept() { - // Skip anything that we didn"t write + // Skip anything that we didn't write $path_name = $this->getInnerIterator()->getPathName(); $file_name = $this->getInnerIterator()->getFileName(); return !( @@ -47,6 +47,10 @@ class GalleryCodeFilterIterator extends FilterIterator { strpos($path_name, SYSPATH) !== false || strpos($path_name, MODPATH . "gallery/libraries/HTMLPurifier") !== false || strpos($path_name, MODPATH . "gallery/vendor/joomla") !== false || + strpos($path_name, MODPATH . "organize/vendor/ext") !== false || + strpos($path_name, DOCROOT . "lib") !== false || + strpos($path_name, DOCROOT . "themes/admin_wind/css/themeroller") !== false || + strpos($path_name, DOCROOT . "themes/wind/css/themeroller") !== false || substr($path_name, -1, 1) == "~"); } } diff --git a/modules/gallery/tests/Gallery_Graphics_Helper_Test.php b/modules/gallery/tests/Gallery_Graphics_Helper_Test.php new file mode 100644 index 00000000..20096b23 --- /dev/null +++ b/modules/gallery/tests/Gallery_Graphics_Helper_Test.php @@ -0,0 +1,137 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Gallery_Graphics_Helper_Test extends Gallery_Unit_Test_Case { + public function rotate_jpg_test() { + // Input is a 1024x768 jpg, output is rotated 90 degrees + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".jpg"; + $options = array("degrees" => 90); + gallery_graphics::rotate($input_file, $output_file, $options, null); + + // Output is rotated to 768x1024 jpg + $this->assert_equal(array(768, 1024, "image/jpeg", "jpg"), photo::get_file_metadata($output_file)); + } + + public function rotate_jpg_without_options_test() { + // Input is a 1024x768 jpg, output options undefined + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".jpg"; + gallery_graphics::rotate($input_file, $output_file, null, null); + + // Output is not rotated, still a 1024x768 jpg + $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), photo::get_file_metadata($output_file)); + } + + public function rotate_bad_jpg_test() { + // Input is a garbled jpg, output is jpg autofit to 300x300 + $input_file = TMPPATH . test::random_name() . ".jpg"; + $output_file = TMPPATH . test::random_name() . ".jpg"; + $options = array("degrees" => 90); + file_put_contents($input_file, test::lorem_ipsum(200)); + + // Should get passed to Image library and throw an exception + try { + gallery_graphics::rotate($input_file, $output_file, $options, null); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function resize_jpg_test() { + // Input is a 1024x768 jpg, output is jpg autofit to 300x300 + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".jpg"; + $options = array("width" => 300, "height" => 300, "master" => Image::AUTO); + gallery_graphics::resize($input_file, $output_file, $options, null); + + // Output is resized to 300x225 jpg + $this->assert_equal(array(300, 225, "image/jpeg", "jpg"), photo::get_file_metadata($output_file)); + } + + public function resize_jpg_to_png_test() { + // Input is a 1024x768 jpg, output is png autofit to 300x300 + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".png"; + $options = array("width" => 300, "height" => 300, "master" => Image::AUTO); + gallery_graphics::resize($input_file, $output_file, $options, null); + + // Output is resized to 300x225 png + $this->assert_equal(array(300, 225, "image/png", "png"), photo::get_file_metadata($output_file)); + } + + public function resize_jpg_with_no_upscale_test() { + // Input is a 1024x768 jpg, output is jpg autofit to 1200x1200 - should not upscale + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".jpg"; + $options = array("width" => 1200, "height" => 1200, "master" => Image::AUTO); + gallery_graphics::resize($input_file, $output_file, $options, null); + + // Output is copied directly from input + $this->assert_equal(file_get_contents($input_file), file_get_contents($output_file)); + } + + public function resize_jpg_to_png_with_no_upscale_test() { + // Input is a 1024x768 jpg, output is png autofit to 1200x1200 - should not upscale + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".png"; + $options = array("width" => 1200, "height" => 1200, "master" => Image::AUTO); + gallery_graphics::resize($input_file, $output_file, $options, null); + + // Output is converted from input without resize + $this->assert_equal(array(1024, 768, "image/png", "png"), photo::get_file_metadata($output_file)); + } + + public function resize_jpg_without_options_test() { + // Input is a 1024x768 jpg, output is jpg without options - should not attempt resize + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".jpg"; + gallery_graphics::resize($input_file, $output_file, null, null); + + // Output is copied directly from input + $this->assert_equal(file_get_contents($input_file), file_get_contents($output_file)); + } + + public function resize_jpg_to_png_without_options_test() { + // Input is a 1024x768 jpg, output is png without options - should not attempt resize + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".png"; + gallery_graphics::resize($input_file, $output_file, null, null); + + // Output is converted from input without resize + $this->assert_equal(array(1024, 768, "image/png", "png"), photo::get_file_metadata($output_file)); + } + + public function resize_bad_jpg_test() { + // Input is a garbled jpg, output is jpg autofit to 300x300 + $input_file = TMPPATH . test::random_name() . ".jpg"; + $output_file = TMPPATH . test::random_name() . ".jpg"; + $options = array("width" => 300, "height" => 300, "master" => Image::AUTO); + file_put_contents($input_file, test::lorem_ipsum(200)); + + // Should get passed to Image library and throw an exception + try { + gallery_graphics::resize($input_file, $output_file, $options, null); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } +}
\ No newline at end of file diff --git a/modules/gallery/tests/Graphics_Helper_Test.php b/modules/gallery/tests/Graphics_Helper_Test.php new file mode 100644 index 00000000..2cf5caa7 --- /dev/null +++ b/modules/gallery/tests/Graphics_Helper_Test.php @@ -0,0 +1,158 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Graphics_Helper_Test extends Gallery_Unit_Test_Case { + public function generate_photo_test() { + $photo = test::random_photo(); + // Check that the images were correctly resized + $this->assert_equal(array(640, 480, "image/jpeg", "jpg"), + photo::get_file_metadata($photo->resize_path())); + $this->assert_equal(array(200, 150, "image/jpeg", "jpg"), + photo::get_file_metadata($photo->thumb_path())); + // Check that the items table got updated + $this->assert_equal(array(640, 480), array($photo->resize_width, $photo->resize_height)); + $this->assert_equal(array(200, 150), array($photo->thumb_width, $photo->thumb_height)); + // Check that the images are not marked dirty + $this->assert_equal(0, $photo->resize_dirty); + $this->assert_equal(0, $photo->thumb_dirty); + } + + public function generate_movie_test() { + $movie = test::random_movie(); + // Check that the image was correctly resized + $this->assert_equal(array(200, 160, "image/jpeg", "jpg"), + photo::get_file_metadata($movie->thumb_path())); + // Check that the items table got updated + $this->assert_equal(array(200, 160), array($movie->thumb_width, $movie->thumb_height)); + // Check that the image is not marked dirty + $this->assert_equal(0, $movie->thumb_dirty); + } + + public function generate_album_cover_test() { + $album = test::random_album(); + $photo = test::random_unique_photo($album); + $album->reload(); + // Check that the image was copied directly from item thumb + $this->assert_equal(file_get_contents($photo->thumb_path()), + file_get_contents($album->thumb_path())); + // Check that the items table got updated + $this->assert_equal(array(200, 150), array($album->thumb_width, $album->thumb_height)); + // Check that the image is not marked dirty + $this->assert_equal(0, $album->thumb_dirty); + } + + public function generate_album_cover_from_png_test() { + $input_file = MODPATH . "gallery/tests/test.jpg"; + $output_file = TMPPATH . test::random_name() . ".png"; + gallery_graphics::resize($input_file, $output_file, null, null); + + $album = test::random_album(); + $photo = test::random_photo_unsaved($album); + $photo->set_data_file($output_file); + $photo->name = "album_cover_from_png.png"; + $photo->save(); + $album->reload(); + // Check that the image was correctly resized and converted to jpg + $this->assert_equal(array(200, 150, "image/jpeg", "jpg"), + photo::get_file_metadata($album->thumb_path())); + // Check that the items table got updated + $this->assert_equal(array(200, 150), array($album->thumb_width, $album->thumb_height)); + // Check that the image is not marked dirty + $this->assert_equal(0, $album->thumb_dirty); + } + + public function generate_album_cover_for_empty_album_test() { + $album = test::random_album(); + // Check that the album cover is the missing image placeholder + $this->assert_same(file_get_contents(MODPATH . "gallery/images/missing_album_cover.jpg"), + file_get_contents($album->thumb_path())); + // Check that the items table got updated with new metadata + $this->assert_equal(array(200, 200), array($album->thumb_width, $album->thumb_height)); + // Check that the image is *not* marked as dirty + $this->assert_equal(0, $album->thumb_dirty); + } + + public function generate_bad_photo_test() { + $photo = test::random_photo(); + // At this point, the photo is valid and has a valid resize and thumb. Make it garble. + file_put_contents($photo->file_path(), test::lorem_ipsum(200)); + // Regenerate + $photo->resize_dirty = 1; + $photo->thumb_dirty = 1; + try { + graphics::generate($photo); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // Exception expected + } + // Check that the images got replaced with missing image placeholders + $this->assert_same(file_get_contents(MODPATH . "gallery/images/missing_photo.jpg"), + file_get_contents($photo->resize_path())); + $this->assert_same(file_get_contents(MODPATH . "gallery/images/missing_photo.jpg"), + file_get_contents($photo->thumb_path())); + // Check that the items table got updated with new metadata + $this->assert_equal(array(200, 200), array($photo->resize_width, $photo->resize_height)); + $this->assert_equal(array(200, 200), array($photo->thumb_width, $photo->thumb_height)); + // Check that the images are marked as dirty + $this->assert_equal(1, $photo->resize_dirty); + $this->assert_equal(1, $photo->thumb_dirty); + } + + public function generate_bad_movie_test() { + // Unlike photos, its ok to have missing movies - no thrown exceptions, thumb_dirty can be reset. + $movie = test::random_movie(); + // At this point, the movie is valid and has a valid thumb. Make it garble. + file_put_contents($movie->file_path(), test::lorem_ipsum(200)); + // Regenerate + $movie->thumb_dirty = 1; + graphics::generate($movie); + // Check that the image got replaced with a missing image placeholder + $this->assert_same(file_get_contents(MODPATH . "gallery/images/missing_movie.jpg"), + file_get_contents($movie->thumb_path())); + // Check that the items table got updated with new metadata + $this->assert_equal(array(200, 200), array($movie->thumb_width, $movie->thumb_height)); + // Check that the image is *not* marked as dirty + $this->assert_equal(0, $movie->thumb_dirty); + } + + public function generate_album_cover_from_bad_photo_test() { + $album = test::random_album(); + $photo = test::random_photo($album); + $album->reload(); + // At this point, the photo is valid and has a valid resize and thumb. Make it garble. + file_put_contents($photo->file_path(), test::lorem_ipsum(200)); + // Regenerate album from garbled photo. + $photo->thumb_dirty = 1; + $photo->save(); + $album->thumb_dirty = 1; + try { + graphics::generate($album); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // Exception expected + } + // Check that the image got replaced with a missing image placeholder + $this->assert_same(file_get_contents(MODPATH . "gallery/images/missing_photo.jpg"), + file_get_contents($album->thumb_path())); + // Check that the items table got updated with new metadata + $this->assert_equal(array(200, 200), array($album->thumb_width, $album->thumb_height)); + // Check that the images are marked as dirty + $this->assert_equal(1, $album->thumb_dirty); + } +}
\ No newline at end of file diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 0c08d1af..f5b99bec 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -235,4 +235,22 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $level3b->id, item::find_by_relative_url("{$level1->slug}/{$level2b->slug}/{$level3b->slug}")->id); } + + public function resequence_child_weights_test() { + $album = test::random_album_unsaved(); + $album->sort_column = "id"; + $album->save(); + + $photo1 = test::random_photo($album); + $photo2 = test::random_photo($album); + $this->assert_true($photo2->weight > $photo1->weight); + + $album->reload(); + $album->sort_order = "DESC"; + $album->save(); + item::resequence_child_weights($album); + + $this->assert_equal(2, $photo1->reload()->weight); + $this->assert_equal(1, $photo2->reload()->weight); + } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index dc4432a6..fcb5c2ad 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -66,7 +66,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function rename_photo_test() { - $item = test::random_photo(); + $item = test::random_unique_photo(); $original_name = $item->name; $thumb_file = file_get_contents($item->thumb_path()); @@ -89,7 +89,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function rename_album_test() { $album = test::random_album(); - $photo = test::random_photo($album); + $photo = test::random_unique_photo($album); $album->reload(); $thumb_file = file_get_contents($photo->thumb_path()); @@ -126,33 +126,15 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function item_rename_wont_accept_slash_test() { $item = test::random_photo(); - try { - $item->name = test::random_name() . "/"; - $item->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "no_slashes"), $e->validation->errors()); - return; - } - $this->assert_true(false, "Shouldn't get here"); - } - - public function item_rename_over_existing_name_gets_uniqified_test() { - // Create a test photo - $item = test::random_photo(); - $item2 = test::random_photo(); - - $item->name = $item2->name; + $item->name = "/no_slashes/allowed/"; $item->save(); - - // foo.jpg should become foo-####.jpg - $this->assert_true( - preg_match("/" . str_replace(".jpg", "", $item2->name) . "-\d+\.jpg/", $item->name)); + $this->assert_equal("no_slashes_allowed.jpg", $item->name); } public function move_album_test() { $album2 = test::random_album(); $album1 = test::random_album($album2); - $photo = test::random_photo($album1); + $photo = test::random_unique_photo($album1); $thumb_file = file_get_contents($photo->thumb_path()); $resize_file = file_get_contents($photo->resize_path()); @@ -180,7 +162,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function move_photo_test() { $album1 = test::random_album(); - $photo = test::random_photo($album1); + $photo = test::random_unique_photo($album1); $album2 = test::random_album(); @@ -205,7 +187,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_equal($fullsize_file, file_get_contents($photo->file_path())); } - public function move_album_with_conflicting_target_gets_uniqified_test() { + public function move_album_with_conflicting_target_gets_uniquified_test() { $album = test::random_album(); $source = test::random_album_unsaved($album); $source->name = $album->name; @@ -217,9 +199,9 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $source->parent_id = item::root()->id; $source->save(); - // foo should become foo-#### - $this->assert_true(preg_match("/{$album->name}-\d+/", $source->name)); - $this->assert_true(preg_match("/{$album->slug}-\d+/", $source->slug)); + // foo should become foo-01 + $this->assert_same("{$album->name}-01", $source->name); + $this->assert_same("{$album->slug}-01", $source->slug); } public function move_album_fails_wrong_target_type_test() { @@ -239,7 +221,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(false, "Shouldn't get here"); } - public function move_photo_with_conflicting_target_gets_uniqified_test() { + public function move_photo_with_conflicting_target_gets_uniquified_test() { $photo1 = test::random_photo(); $album = test::random_album(); $photo2 = test::random_photo_unsaved($album); @@ -247,17 +229,16 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo2->save(); // $photo1 and $photo2 have the same name, so if we move $photo1 into the root they should - // conflict and get uniqified. + // conflict and get uniquified. $photo2->parent_id = item::root()->id; $photo2->save(); - // foo.jpg should become foo-####.jpg - $this->assert_true( - preg_match("/" . str_replace(".jpg", "", $photo1->name) . "-\d+\.jpg/", $photo2->name)); + // foo.jpg should become foo-01.jpg + $this->assert_same(pathinfo($photo1->name, PATHINFO_FILENAME) . "-01.jpg", $photo2->name); - // foo should become foo - $this->assert_true(preg_match("/{$photo1->slug}/", $photo2->name)); + // foo should become foo-01 + $this->assert_same("{$photo1->slug}-01", $photo2->slug); } public function move_album_inside_descendent_fails_test() { @@ -342,30 +323,17 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function photo_files_must_have_an_extension_test() { - try { - $photo = test::random_photo_unsaved(); - $photo->mime_type = "image/jpeg"; - $photo->name = "no_extension"; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); - return; // pass - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo_unsaved(); + $photo->name = "no_extension_photo"; + $photo->save(); + $this->assert_equal("no_extension_photo.jpg", $photo->name); } public function movie_files_must_have_an_extension_test() { - try { - $movie = test::random_movie_unsaved(); - $movie->type = "movie"; - $movie->mime_type = "video/x-flv"; - $movie->name = "no_extension"; - $movie->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); - return; // pass - } - $this->assert_true(false, "Shouldn't get here"); + $movie = test::random_movie_unsaved(); + $movie->name = "no_extension_movie"; + $movie->save(); + $this->assert_equal("no_extension_movie.flv", $movie->name); } public function cant_delete_root_album_test() { @@ -399,7 +367,16 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_false($response["can_edit"]); } - public function first_photo_becomes_album_cover() { + public function as_restful_array_with_add_bit_test() { + $response = item::root()->as_restful_array(); + $this->assert_true($response["can_add"]); + + identity::set_active_user(identity::guest()); + $response = item::root()->as_restful_array(); + $this->assert_false($response["can_add"]); + } + + public function first_photo_becomes_album_cover_test() { $album = test::random_album(); $photo = test::random_photo($album); $album->reload(); @@ -450,8 +427,21 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"), - $e->validation->errors()); + $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); + return; // pass + } + $this->assert_true(false, "Shouldn't get here"); + } + + public function unsafe_data_file_replacement_with_valid_extension_test() { + $temp_file = TMPPATH . "masquerading_php.jpg"; + copy(MODPATH . "gallery/tests/Item_Model_Test.php", $temp_file); + try { + $photo = test::random_photo(); + $photo->set_data_file($temp_file); + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -469,55 +459,72 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { preg_match("|http://./var/albums/name_\w+\.jpg\?m=\d+|", $photo->file_url()), $photo->file_url() . " is malformed"); - // Albums have special thumbnails. Empty album has cachebuster of 0 since it has no thumbnail $album = test::random_album(); $this->assert_true( - preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=0|", $album->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); $photo = test::random_photo($album); $this->assert_true( preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); + + // If the file does not exist, we should return a cache buster of m=0. + unlink($album->thumb_path()); + $this->assert_true( + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=0|", $album->thumb_url()), + $album->thumb_url() . " is malformed"); } - public function legal_extension_test() { - foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) { + public function legal_extension_that_does_match_gets_used_test() { + foreach (array("jpg", "JPG", "Jpg", "jpeg") as $extension) { $photo = test::random_photo_unsaved(item::root()); - $photo->name = $name; + $photo->name = test::random_name() . ".{$extension}"; $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal($extension, pathinfo($photo->name, PATHINFO_EXTENSION)); } } public function illegal_extension_test() { foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl", "test.php.png") as $name) { - try { - $photo = test::random_photo_unsaved(item::root()); - $photo->name = $name; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "illegal_data_file_extension"), - $e->validation->errors()); - continue; - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); } } public function cant_rename_to_illegal_extension_test() { foreach (array("test.php.test", "test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) { - try { - $photo = test::random_photo(item::root()); - $photo->name = $name; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "illegal_data_file_extension"), - $e->validation->errors()); - continue; - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); + } + } + + public function legal_extension_that_doesnt_match_gets_fixed_test() { + foreach (array("test.png", "test.mp4", "test.GIF") as $name) { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); + } + } + + public function rename_to_legal_extension_that_doesnt_match_gets_fixed_test() { + foreach (array("test.png", "test.mp4", "test.GIF") as $name) { + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); } } @@ -526,4 +533,164 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $album->name = $album->name . ".foo.bar"; $album->save(); } + + public function no_conflict_when_parents_different_test() { + $parent1 = test::random_album(); + $parent2 = test::random_album(); + $photo1 = test::random_photo($parent1); + $photo2 = test::random_photo($parent2); + + $photo2->name = $photo1->name; + $photo2->slug = $photo1->slug; + $photo2->save(); + + // photo2 has same name and slug as photo1 but different parent - no conflict. + $this->assert_same($photo1->name, $photo2->name); + $this->assert_same($photo1->slug, $photo2->slug); + } + + public function fix_conflict_when_names_identical_test() { + $parent = test::random_album(); + $photo1 = test::random_photo($parent); + $photo2 = test::random_photo($parent); + + $photo1_orig_base = pathinfo($photo1->name, PATHINFO_FILENAME); + $photo2_orig_slug = $photo2->slug; + + $photo2->name = $photo1->name; + $photo2->save(); + + // photo2 has same name as photo1 - conflict resolved by renaming with -01. + $this->assert_same("{$photo1_orig_base}-01.jpg", $photo2->name); + $this->assert_same("{$photo2_orig_slug}-01", $photo2->slug); + } + + public function fix_conflict_when_slugs_identical_test() { + $parent = test::random_album(); + $photo1 = test::random_photo($parent); + $photo2 = test::random_photo($parent); + + $photo2_orig_base = pathinfo($photo2->name, PATHINFO_FILENAME); + + $photo2->slug = $photo1->slug; + $photo2->save(); + + // photo2 has same slug as photo1 - conflict resolved by renaming with -01. + $this->assert_same("{$photo2_orig_base}-01.jpg", $photo2->name); + $this->assert_same("{$photo1->slug}-01", $photo2->slug); + } + + public function no_conflict_when_parents_different_for_albums_test() { + $parent1 = test::random_album(); + $parent2 = test::random_album(); + $album1 = test::random_album($parent1); + $album2 = test::random_album($parent2); + + $album2->name = $album1->name; + $album2->slug = $album1->slug; + $album2->save(); + + // album2 has same name and slug as album1 but different parent - no conflict. + $this->assert_same($album1->name, $album2->name); + $this->assert_same($album1->slug, $album2->slug); + } + + public function fix_conflict_when_names_identical_for_albums_test() { + $parent = test::random_album(); + $album1 = test::random_album($parent); + $album2 = test::random_album($parent); + + $album2_orig_slug = $album2->slug; + + $album2->name = $album1->name; + $album2->save(); + + // album2 has same name as album1 - conflict resolved by renaming with -01. + $this->assert_same("{$album1->name}-01", $album2->name); + $this->assert_same("{$album2_orig_slug}-01", $album2->slug); + } + + public function fix_conflict_when_slugs_identical_for_albums_test() { + $parent = test::random_album(); + $album1 = test::random_album($parent); + $album2 = test::random_album($parent); + + $album2_orig_name = $album2->name; + + $album2->slug = $album1->slug; + $album2->save(); + + // album2 has same slug as album1 - conflict resolved by renaming with -01. + $this->assert_same("{$album2_orig_name}-01", $album2->name); + $this->assert_same("{$album1->slug}-01", $album2->slug); + } + + public function no_conflict_when_base_names_identical_between_album_and_photo_test() { + $parent = test::random_album(); + $album = test::random_album($parent); + $photo = test::random_photo($parent); + + $photo_orig_slug = $photo->slug; + + $photo->name = "{$album->name}.jpg"; + $photo->save(); + + // photo has same base name as album - no conflict. + $this->assert_same("{$album->name}.jpg", $photo->name); + $this->assert_same($photo_orig_slug, $photo->slug); + } + + public function fix_conflict_when_full_names_identical_between_album_and_photo_test() { + $parent = test::random_album(); + $photo = test::random_photo($parent); + $album = test::random_album($parent); + + $album_orig_slug = $album->slug; + + $album->name = $photo->name; + $album->save(); + + // album has same full name as album - conflict resolved by renaming with -01. + $this->assert_same("{$photo->name}-01", $album->name); + $this->assert_same("{$album_orig_slug}-01", $album->slug); + } + + public function fix_conflict_when_slugs_identical_between_album_and_photo_test() { + $parent = test::random_album(); + $album = test::random_album($parent); + $photo = test::random_photo($parent); + + $photo_orig_base = pathinfo($photo->name, PATHINFO_FILENAME); + + $photo->slug = $album->slug; + $photo->save(); + + // photo has same slug as album - conflict resolved by renaming with -01. + $this->assert_same("{$photo_orig_base}-01.jpg", $photo->name); + $this->assert_same("{$album->slug}-01", $photo->slug); + } + + public function fix_conflict_when_base_names_identical_between_jpg_png_flv_test() { + $parent = test::random_album(); + $item1 = test::random_photo($parent); + $item2 = test::random_photo($parent); + $item3 = test::random_movie($parent); + + $item1_orig_base = pathinfo($item1->name, PATHINFO_FILENAME); + $item2_orig_slug = $item2->slug; + $item3_orig_slug = $item3->slug; + + $item2->set_data_file(MODPATH . "gallery/images/graphicsmagick.png"); + $item2->name = "{$item1_orig_base}.png"; + $item2->save(); + + $item3->name = "{$item1_orig_base}.flv"; + $item3->save(); + + // item2 and item3 have same base name as item1 - conflict resolved by renaming with -01 and -02. + $this->assert_same("{$item1_orig_base}-01.png", $item2->name); + $this->assert_same("{$item2_orig_slug}-01", $item2->slug); + $this->assert_same("{$item1_orig_base}-02.flv", $item3->name); + $this->assert_same("{$item3_orig_slug}-02", $item3->slug); + } } diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php index 5db99935..7ed5214b 100644 --- a/modules/gallery/tests/Legal_File_Helper_Test.php +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -40,6 +40,63 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal(3, count(legal_file::get_movie_types_by_extension())); } + public function get_types_by_extension_test() { + $this->assert_equal("image/jpeg", legal_file::get_types_by_extension("jpg")); // photo + $this->assert_equal("video/x-flv", legal_file::get_types_by_extension("FLV")); // movie + $this->assert_equal(null, legal_file::get_types_by_extension("php")); // invalid + $this->assert_equal(null, legal_file::get_types_by_extension("php.flv")); // invalid w/ . + + // No extension returns full array + $this->assert_equal(7, count(legal_file::get_types_by_extension())); + } + + public function get_photo_extensions_test() { + $this->assert_equal(true, legal_file::get_photo_extensions("jpg")); // regular + $this->assert_equal(true, legal_file::get_photo_extensions("JPG")); // all caps + $this->assert_equal(true, legal_file::get_photo_extensions("Png")); // some caps + $this->assert_equal(false, legal_file::get_photo_extensions("php")); // invalid + $this->assert_equal(false, legal_file::get_photo_extensions("php.jpg")); // invalid w/ . + + // No extension returns full array + $this->assert_equal(4, count(legal_file::get_photo_extensions())); + } + + public function get_movie_extensions_test() { + $this->assert_equal(true, legal_file::get_movie_extensions("flv")); // regular + $this->assert_equal(true, legal_file::get_movie_extensions("FLV")); // all caps + $this->assert_equal(true, legal_file::get_movie_extensions("Mp4")); // some caps + $this->assert_equal(false, legal_file::get_movie_extensions("php")); // invalid + $this->assert_equal(false, legal_file::get_movie_extensions("php.jpg")); // invalid w/ . + + // No extension returns full array + $this->assert_equal(3, count(legal_file::get_movie_extensions())); + } + + public function get_extensions_test() { + $this->assert_equal(true, legal_file::get_extensions("jpg")); // photo + $this->assert_equal(true, legal_file::get_extensions("FLV")); // movie + $this->assert_equal(false, legal_file::get_extensions("php")); // invalid + $this->assert_equal(false, legal_file::get_extensions("php.jpg")); // invalid w/ . + + // No extension returns full array + $this->assert_equal(7, count(legal_file::get_extensions())); + } + + public function get_filters_test() { + // All 7 extensions both uppercase and lowercase + $this->assert_equal(14, count(legal_file::get_filters())); + } + + public function get_photo_types_test() { + // Note that this is one *less* than photo extensions since jpeg and jpg have the same mime. + $this->assert_equal(3, count(legal_file::get_photo_types())); + } + + public function get_movie_types_test() { + // Note that this is one *more* than movie extensions since video/flv is added. + $this->assert_equal(4, count(legal_file::get_movie_types())); + } + public function change_extension_test() { $this->assert_equal("foo.jpg", legal_file::change_extension("foo.png", "jpg")); } @@ -79,10 +136,62 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case { public function smash_extensions_test() { $this->assert_equal("foo_bar.jpg", legal_file::smash_extensions("foo.bar.jpg")); $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("foo.bar.baz.jpg")); - $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("foo.bar.baz.jpg")); $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("...foo...bar..baz...jpg")); $this->assert_equal("/path/to/foo_bar.jpg", legal_file::smash_extensions("/path/to/foo.bar.jpg")); $this->assert_equal("/path/to.to/foo_bar.jpg", legal_file::smash_extensions("/path/to.to/foo.bar.jpg")); $this->assert_equal("foo_bar-12345678.jpg", legal_file::smash_extensions("foo.bar-12345678.jpg")); } + + public function smash_extensions_pass_thru_names_without_extensions_test() { + $this->assert_equal("foo", legal_file::smash_extensions("foo")); + $this->assert_equal("foo.", legal_file::smash_extensions("foo.")); + $this->assert_equal(".foo", legal_file::smash_extensions(".foo")); + $this->assert_equal(".", legal_file::smash_extensions(".")); + $this->assert_equal("", legal_file::smash_extensions("")); + $this->assert_equal(null, legal_file::smash_extensions(null)); + } + + public function sanitize_filename_with_no_rename_test() { + $this->assert_equal("foo.jpeg", legal_file::sanitize_filename("foo.jpeg", "jpg", "photo")); + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.jpg", "jpeg", "photo")); + $this->assert_equal("foo.MP4", legal_file::sanitize_filename("foo.MP4", "mp4", "movie")); + $this->assert_equal("foo.mp4", legal_file::sanitize_filename("foo.mp4", "MP4", "movie")); + } + + public function sanitize_filename_with_corrected_extension_test() { + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.png", "jpg", "photo")); + $this->assert_equal("foo.MP4", legal_file::sanitize_filename("foo.jpg", "MP4", "movie")); + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.php", "jpg", "photo")); + } + + public function sanitize_filename_with_non_standard_chars_and_dots_test() { + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo", "jpg", "photo")); + $this->assert_equal("foo.mp4", legal_file::sanitize_filename("foo.", "mp4", "movie")); + $this->assert_equal("foo.jpeg", legal_file::sanitize_filename(".foo.jpeg", "jpg", "photo")); + $this->assert_equal("foo_2013_02_10.jpeg", + legal_file::sanitize_filename("foo.2013/02/10.jpeg", "jpg", "photo")); + $this->assert_equal("foo_bar_baz.jpg", + legal_file::sanitize_filename("...foo...bar..baz...png", "jpg", "photo")); + $this->assert_equal("j'écris@un#nom_bizarre(mais quand_même_ça_passe.jpg", + legal_file::sanitize_filename("/j'écris@un#nom/bizarre(mais quand.même/ça_passe.\$ÇÀ@€#_", "jpg", "photo")); + } + + public function sanitize_filename_with_no_base_name_test() { + $this->assert_equal("photo.jpg", legal_file::sanitize_filename(".png", "jpg", "photo")); + $this->assert_equal("movie.mp4", legal_file::sanitize_filename("__..__", "mp4", "movie")); + $this->assert_equal("photo.jpg", legal_file::sanitize_filename(".", "jpg", "photo")); + $this->assert_equal("movie.mp4", legal_file::sanitize_filename(null, "mp4", "movie")); + } + + public function sanitize_filename_with_invalid_arguments_test() { + foreach (array("flv" => "photo", "jpg" => "movie", "php" => "photo", + null => "movie", "jpg" => "album", "jpg" => null) as $extension => $type) { + try { + legal_file::sanitize_filename("foo.jpg", $extension, $type); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + } }
\ No newline at end of file diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php index ff7f798c..03fa2da9 100644 --- a/modules/gallery/tests/Movie_Helper_Test.php +++ b/modules/gallery/tests/Movie_Helper_Test.php @@ -46,4 +46,60 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal($seconds, movie::hhmmssdd_to_seconds($hhmmssdd)); } } + + public function get_file_metadata_test() { + $movie = test::random_movie(); + $this->assert_equal(array(360, 288, "video/x-flv", "flv", 6.00), + movie::get_file_metadata($movie->file_path())); + } + + public function get_file_metadata_with_non_existent_file_test() { + try { + $metadata = movie::get_file_metadata(MODPATH . "gallery/tests/this_does_not_exist"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_no_extension_test() { + copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_no_extension"); + // Since mime type and extension are based solely on the filename, this is considered invalid. + try { + $metadata = movie::get_file_metadata(TMPPATH . "test_flv_with_no_extension"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_illegal_extension_test() { + try { + $metadata = movie::get_file_metadata(MODPATH . "gallery/tests/Movie_Helper_Test.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { + copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_php_extension.php"); + // Since mime type and extension are based solely on the filename, this is considered invalid. + try { + $metadata = movie::get_file_metadata(TMPPATH . "test_flv_with_php_extension.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { + copy(MODPATH . "gallery/tests/Photo_Helper_Test.php", TMPPATH . "test_php_with_flv_extension.flv"); + // Since mime type and extension are based solely on the filename, this is considered valid. + // Of course, FFmpeg cannot extract width, height, or duration from the file. Note that this + // isn't a really a security problem, since the filename doesn't have a php extension and + // therefore will never be executed. + $this->assert_equal(array(0, 0, "video/x-flv", "flv", 0), + movie::get_file_metadata(TMPPATH . "test_php_with_flv_extension.flv")); + } } diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php new file mode 100644 index 00000000..79b5ccfd --- /dev/null +++ b/modules/gallery/tests/Photo_Helper_Test.php @@ -0,0 +1,70 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Photo_Helper_Test extends Gallery_Unit_Test_Case { + public function get_file_metadata_test() { + $photo = test::random_photo(); + $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), + photo::get_file_metadata($photo->file_path())); + } + + public function get_file_metadata_with_non_existent_file_test() { + try { + $metadata = photo::get_file_metadata(MODPATH . "gallery/tests/this_does_not_exist"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_no_extension_test() { + copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_no_extension"); + $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), + photo::get_file_metadata(TMPPATH . "test_jpg_with_no_extension")); + } + + public function get_file_metadata_with_illegal_extension_test() { + try { + $metadata = photo::get_file_metadata(MODPATH . "gallery/tests/Photo_Helper_Test.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { + // This ensures that we correctly "re-type" files with invalid extensions if the contents + // themselves are valid. This is needed to ensure that issues similar to those corrected by + // ticket #1855, where an image that looked valid (header said jpg) with a php extension was + // previously accepted without changing its extension, do not arise and cause security issues. + copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_php_extension.php"); + $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), + photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php")); + } + + public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { + copy(MODPATH . "gallery/tests/Photo_Helper_Test.php", TMPPATH . "test_php_with_jpg_extension.jpg"); + try { + $metadata = photo::get_file_metadata(TMPPATH . "test_php_with_jpg_extension.jpg"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } +} diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index a7bc28dd..9473f9f6 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -25,6 +25,7 @@ modules/gallery/controllers/user_profile.php send modules/gallery/controllers/welcome_message.php index DIRTY_AUTH modules/organize/controllers/organize.php tree DIRTY_CSRF modules/organize/controllers/organize.php delete DIRTY_AUTH +modules/organize/controllers/organize.php tag DIRTY_AUTH modules/rest/controllers/rest.php index DIRTY_CSRF|DIRTY_AUTH modules/rest/controllers/rest.php reset_api_key_confirm DIRTY_AUTH modules/rest/controllers/rest.php reset_api_key DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 7d77645d..51347f86 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -295,19 +295,21 @@ modules/organize/views/organize_frame.html.php 12 DIRTY_JS url::f modules/organize/views/organize_frame.html.php 56 DIRTY_JS url::site("organize/album_info/__ID__") modules/organize/views/organize_frame.html.php 94 DIRTY_JS access::csrf_token() modules/organize/views/organize_frame.html.php 96 DIRTY_JS url::site("organize/set_sort/__ID__") -modules/organize/views/organize_frame.html.php 116 DIRTY_JS url::site("organize/delete") -modules/organize/views/organize_frame.html.php 125 DIRTY_JS access::csrf_token() -modules/organize/views/organize_frame.html.php 238 DIRTY_JS url::site("organize/rearrange") -modules/organize/views/organize_frame.html.php 249 DIRTY_JS access::csrf_token() -modules/organize/views/organize_frame.html.php 287 DIRTY_JS $key -modules/organize/views/organize_frame.html.php 410 DIRTY_JS url::site("organize/tree/{$album->id}") -modules/organize/views/organize_frame.html.php 468 DIRTY_JS url::site("organize/reparent") -modules/organize/views/organize_frame.html.php 491 DIRTY_JS access::csrf_token() -modules/organize/views/organize_frame.html.php 507 DIRTY_JS access::can("edit",item::root()) -modules/organize/views/organize_frame.html.php 509 DIRTY_JS html::clean(item::root()->title) -modules/organize/views/organize_frame.html.php 511 DIRTY_JS item::root()->id -modules/organize/views/organize_frame.html.php 519 DIRTY_JS $album->id -modules/organize/views/organize_frame.html.php 520 DIRTY_JS $album->id +modules/organize/views/organize_frame.html.php 116 DIRTY_JS url::site("organize/tag") +modules/organize/views/organize_frame.html.php 126 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 140 DIRTY_JS url::site("organize/delete") +modules/organize/views/organize_frame.html.php 149 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 264 DIRTY_JS url::site("organize/rearrange") +modules/organize/views/organize_frame.html.php 275 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 314 DIRTY_JS $key +modules/organize/views/organize_frame.html.php 476 DIRTY_JS url::site("organize/tree/{$album->id}") +modules/organize/views/organize_frame.html.php 534 DIRTY_JS url::site("organize/reparent") +modules/organize/views/organize_frame.html.php 557 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 573 DIRTY_JS access::can("edit",item::root()) +modules/organize/views/organize_frame.html.php 575 DIRTY_JS html::clean(item::root()->title) +modules/organize/views/organize_frame.html.php 577 DIRTY_JS item::root()->id +modules/organize/views/organize_frame.html.php 585 DIRTY_JS $album->id +modules/organize/views/organize_frame.html.php 586 DIRTY_JS $album->id modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 3 DIRTY_ATTR request::protocol() |