1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2012 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Digibug_Controller_Test extends Gallery_Unit_Test_Case {
private $_server;
public function setup() {
$this->_server = $_SERVER;
}
public function teardown() {
$_SERVER = $this->_server;
}
private function _get_proxy() {
$album = test::random_album();
$photo = test::random_photo($album);
access::deny(identity::everybody(), "view_full", $album);
access::deny(identity::registered_users(), "view_full", $album);
$proxy = ORM::factory("digibug_proxy");
$proxy->uuid = random::hash();
$proxy->item_id = $photo->id;
return $proxy->save();
}
public function digibug_request_thumb_test() {
$proxy = $this->_get_proxy();
$controller = new Digibug_Controller();
$controller->print_proxy("thumb", $proxy->uuid);
}
public function digibug_request_full_malicious_ip_test() {
$_SERVER["REMOTE_ADDR"] = "123.123.123.123";
try {
$controller = new Digibug_Controller();
$controller->print_proxy("full", $this->_get_proxy()->uuid);
$this->assert_true(false, "Should have failed with an 404 exception");
} catch (Kohana_404_Exception $e) {
// expected behavior
}
}
public function digibug_request_full_authorized_ip_test() {
$config = Kohana::config("digibug");
$this->assert_true(!empty($config), "The Digibug config is empty");
$ranges = array_values($config["ranges"]);
$low = ip2long($ranges[0]["low"]);
$high = ip2long($ranges[0]["high"]);
$_SERVER["REMOTE_ADDR"] = long2ip(rand($low, $high));
$controller = new Digibug_Controller();
$controller->print_proxy("full", $this->_get_proxy()->uuid);
}
}
|
