From 6ceb10424b4dc1bba6cfc1bd3a17c4428ae9c98c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 16 May 2009 22:20:16 +0000 Subject: Don't allow albums/photos/movies to end in "." because it risks securit issues (and so Kohana won't route them, see http://dev.kohanaphp.com/issues/684). Partial fix for ticket #248. --- core/tests/Album_Helper_Test.php | 13 +++++++++++++ core/tests/Movie_Helper_Test.php | 16 ++++++++++++++-- core/tests/Photo_Helper_Test.php | 16 ++++++++++++++-- 3 files changed, 41 insertions(+), 4 deletions(-) (limited to 'core/tests') diff --git a/core/tests/Album_Helper_Test.php b/core/tests/Album_Helper_Test.php index 522d58d9..80afa8d1 100644 --- a/core/tests/Album_Helper_Test.php +++ b/core/tests/Album_Helper_Test.php @@ -71,4 +71,17 @@ class Album_Helper_Test extends Unit_Test_Case { $this->assert_true(false, "Shouldn't create an album with / in the name"); } + + public function create_album_silently_trims_trailing_periods_test() { + $rand = rand(); + $root = ORM::factory("item", 1); + try { + $album = album::create($root, $rand . "..", $rand, $rand); + } catch (Exception $e) { + $this->assert_equal("@todo NAME_CANNOT_END_IN_PERIOD", $e->getMessage()); + return; + } + + $this->assert_true(false, "Shouldn't create an album with trailing . in the name"); + } } diff --git a/core/tests/Movie_Helper_Test.php b/core/tests/Movie_Helper_Test.php index 0899154e..b92ef3f8 100644 --- a/core/tests/Movie_Helper_Test.php +++ b/core/tests/Movie_Helper_Test.php @@ -22,8 +22,7 @@ class Movie_Helper_Test extends Unit_Test_Case { $rand = rand(); $root = ORM::factory("item", 1); try { - $filename = DOCROOT . "core/tests/test.jpg"; - $photo = photo::create($root, $filename, "$rand/.jpg", $rand, $rand); + $movie = movie::create($root, DOCROOT . "core/tests/test.jpg", "$rand/.jpg", $rand, $rand); } catch (Exception $e) { // pass return; @@ -31,4 +30,17 @@ class Movie_Helper_Test extends Unit_Test_Case { $this->assert_true(false, "Shouldn't create a movie with / in the name"); } + + public function create_movie_shouldnt_allow_names_with_trailing_periods_test() { + $rand = rand(); + $root = ORM::factory("item", 1); + try { + $movie = movie::create($root, DOCROOT . "core/tests/test.jpg", "$rand.jpg.", $rand, $rand); + } catch (Exception $e) { + $this->assert_equal("@todo NAME_CANNOT_END_IN_PERIOD", $e->getMessage()); + return; + } + + $this->assert_true(false, "Shouldn't create a movie with trailing . in the name"); + } } diff --git a/core/tests/Photo_Helper_Test.php b/core/tests/Photo_Helper_Test.php index 81405b79..deb11bb9 100644 --- a/core/tests/Photo_Helper_Test.php +++ b/core/tests/Photo_Helper_Test.php @@ -85,8 +85,7 @@ class Photo_Helper_Test extends Unit_Test_Case { $rand = rand(); $root = ORM::factory("item", 1); try { - $filename = DOCROOT . "core/tests/test.jpg"; - $photo = photo::create($root, $filename, "$rand/.jpg", $rand, $rand); + $photo = photo::create($root, DOCROOT . "core/tests/test.jpg", "$rand/.jpg", $rand, $rand); } catch (Exception $e) { // pass return; @@ -94,4 +93,17 @@ class Photo_Helper_Test extends Unit_Test_Case { $this->assert_true(false, "Shouldn't create a photo with / in the name"); } + + public function create_photo_silently_trims_trailing_periods_test() { + $rand = rand(); + $root = ORM::factory("item", 1); + try { + $photo = photo::create($root, DOCROOT . "core/tests/test.jpg", "$rand.jpg.", $rand, $rand); + } catch (Exception $e) { + $this->assert_equal("@todo NAME_CANNOT_END_IN_PERIOD", $e->getMessage()); + return; + } + + $this->assert_true(false, "Shouldn't create a photo with trailing . in the name"); + } } -- cgit v1.2.3