From 0312d1b071bd4434ddb3f82888b0323da6bf3732 Mon Sep 17 00:00:00 2001
From: shadlaws <shad@shadlaws.com>
Date: Fri, 8 Feb 2013 13:51:41 +0100
Subject: #1994 - Make get_file_metadata throw an exception if photo or movie
 is unidentifiable/illegal. - photo & movie helpers: modified to throw
 exceptions when file is known to be unidentifiable/illegal. - item model:
 revised to work with exceptions and be more explicit when the data file is
 invalid. - item model: removed duplicate get_file_metadata call for updated
 items. - admin_watermarks controller: revised to work with exceptions (really
 cleans up logic here). - graphics helper: revised to handle invalid
 placeholders (a nearly-impossible corner case, but still...). - photo & movie
 helper tests: revised to work with exceptions, added new tests for illegal
 files with valid extensions. - item model tests: revised to work with
 exceptions, added new tests for illegal files with valid extensions.

---
 modules/gallery/tests/Item_Model_Test.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/tests/Item_Model_Test.php')

diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php
index a1c5bce6..a93498dd 100644
--- a/modules/gallery/tests/Item_Model_Test.php
+++ b/modules/gallery/tests/Item_Model_Test.php
@@ -445,13 +445,25 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
       $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php");
       $photo->save();
     } catch (ORM_Validation_Exception $e) {
-      $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"),
-                         $e->validation->errors());
+      $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors());
       return;  // pass
     }
     $this->assert_true(false, "Shouldn't get here");
   }
 
+  public function unsafe_data_file_replacement_with_valid_extension_test() {
+    $temp_file = TMPPATH . "masquerading_php.jpg";
+    copy(MODPATH . "gallery/tests/Item_Model_Test.php", $temp_file);
+    try {
+      $photo = test::random_photo();
+      $photo->set_data_file($temp_file);
+      $photo->save();
+    } catch (ORM_Validation_Exception $e) {
+      $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors());
+      return;  // pass
+    }
+  }
+
   public function urls_test() {
     $photo = test::random_photo();
     $this->assert_true(
-- 
cgit v1.2.3