Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 63 |
|
0.00% |
0 / 9 |
CRAP | |
0.00% |
0 / 1 |
| phpbb_functional_fileupload_form_test | |
0.00% |
0 / 63 |
|
0.00% |
0 / 9 |
210 | |
0.00% |
0 / 1 |
| setUp | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| tearDown | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
42 | |||
| upload_file | |
0.00% |
0 / 19 |
|
0.00% |
0 / 1 |
2 | |||
| test_empty_file | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| test_invalid_extension | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| test_disallowed_content | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| test_disallowed_content_no_check | |
0.00% |
0 / 16 |
|
0.00% |
0 / 1 |
2 | |||
| test_too_large | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
| test_valid_file | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * |
| 4 | * This file is part of the phpBB Forum Software package. |
| 5 | * |
| 6 | * @copyright (c) phpBB Limited <https://www.phpbb.com> |
| 7 | * @license GNU General Public License, version 2 (GPL-2.0) |
| 8 | * |
| 9 | * For full copyright and license information, please see |
| 10 | * the docs/CREDITS.txt file. |
| 11 | * |
| 12 | */ |
| 13 | |
| 14 | /** |
| 15 | * @group functional |
| 16 | */ |
| 17 | class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case |
| 18 | { |
| 19 | private $path; |
| 20 | |
| 21 | protected function setUp(): void |
| 22 | { |
| 23 | parent::setUp(); |
| 24 | $this->path = __DIR__ . '/fixtures/files/'; |
| 25 | $this->add_lang('posting'); |
| 26 | } |
| 27 | |
| 28 | protected function tearDown(): void |
| 29 | { |
| 30 | $iterator = new DirectoryIterator(__DIR__ . '/../../phpBB/files/'); |
| 31 | foreach ($iterator as $fileinfo) |
| 32 | { |
| 33 | if ( |
| 34 | $fileinfo->isDot() |
| 35 | || $fileinfo->isDir() |
| 36 | || $fileinfo->getFilename() === 'index.htm' |
| 37 | || $fileinfo->getFilename() === '.htaccess' |
| 38 | ) |
| 39 | { |
| 40 | continue; |
| 41 | } |
| 42 | |
| 43 | unlink($fileinfo->getPathname()); |
| 44 | } |
| 45 | } |
| 46 | |
| 47 | private function upload_file($filename, $mimetype) |
| 48 | { |
| 49 | $crawler = self::$client->request( |
| 50 | 'GET', |
| 51 | 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid |
| 52 | ); |
| 53 | |
| 54 | $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid)); |
| 55 | |
| 56 | $file = array( |
| 57 | 'tmp_name' => $this->path . $filename, |
| 58 | 'name' => $filename, |
| 59 | 'type' => $mimetype, |
| 60 | 'size' => filesize($this->path . $filename), |
| 61 | 'error' => UPLOAD_ERR_OK, |
| 62 | ); |
| 63 | |
| 64 | $crawler = self::$client->request( |
| 65 | 'POST', |
| 66 | 'posting.php?mode=reply&t=1&sid=' . $this->sid, |
| 67 | $file_form_data, |
| 68 | array('fileupload' => $file) |
| 69 | ); |
| 70 | |
| 71 | return $crawler; |
| 72 | } |
| 73 | |
| 74 | public function test_empty_file() |
| 75 | { |
| 76 | $this->login(); |
| 77 | |
| 78 | $crawler = $this->upload_file('empty.png', 'image/png'); |
| 79 | $this->assertEquals($this->lang('EMPTY_FILEUPLOAD'), $crawler->filter('p.error')->text()); |
| 80 | } |
| 81 | |
| 82 | public function test_invalid_extension() |
| 83 | { |
| 84 | $this->login(); |
| 85 | |
| 86 | $crawler = $this->upload_file('illegal-extension.bif', 'application/octet-stream'); |
| 87 | $this->assertEquals($this->lang('DISALLOWED_EXTENSION', 'bif'), $crawler->filter('p.error')->text()); |
| 88 | } |
| 89 | |
| 90 | public function test_disallowed_content() |
| 91 | { |
| 92 | $this->login(); |
| 93 | |
| 94 | $crawler = $this->upload_file('disallowed.jpg', 'image/jpeg'); |
| 95 | $this->assertEquals($this->lang('DISALLOWED_CONTENT'), $crawler->filter('p.error')->text()); |
| 96 | } |
| 97 | |
| 98 | public function test_disallowed_content_no_check() |
| 99 | { |
| 100 | $this->login(); |
| 101 | $this->admin_login(); |
| 102 | $this->add_lang('ucp'); |
| 103 | |
| 104 | // Make sure check_attachment_content is set to false |
| 105 | $crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_attachments&mode=attach'); |
| 106 | |
| 107 | $form = $crawler->selectButton('Submit')->form(array( |
| 108 | 'config[check_attachment_content]' => 0, |
| 109 | )); |
| 110 | self::submit($form); |
| 111 | |
| 112 | // Request index for correct URL |
| 113 | self::request('GET', 'index.php?sid=' . $this->sid); |
| 114 | |
| 115 | $crawler = $this->upload_file('disallowed.jpg', 'image/jpeg'); |
| 116 | |
| 117 | // Hitting the UNABLE_GET_IMAGE_SIZE error means we passed the |
| 118 | // DISALLOWED_CONTENT check |
| 119 | $this->assertContainsLang('UNABLE_GET_IMAGE_SIZE', $crawler->text()); |
| 120 | |
| 121 | // Reset check_attachment_content to default (enabled) |
| 122 | $crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_attachments&mode=attach'); |
| 123 | |
| 124 | $form = $crawler->selectButton('Submit')->form(array( |
| 125 | 'config[check_attachment_content]' => 1, |
| 126 | )); |
| 127 | self::submit($form); |
| 128 | } |
| 129 | |
| 130 | public function test_too_large() |
| 131 | { |
| 132 | $this->create_user('fileupload'); |
| 133 | $this->login('fileupload'); |
| 134 | |
| 135 | $crawler = $this->upload_file('too-large.png', 'image/png'); |
| 136 | $this->assertEquals($this->lang('WRONG_FILESIZE', '256', 'KiB'), $crawler->filter('p.error')->text()); |
| 137 | } |
| 138 | |
| 139 | public function test_valid_file() |
| 140 | { |
| 141 | $this->login(); |
| 142 | |
| 143 | $crawler = $this->upload_file('valid.jpg', 'image/jpeg'); |
| 144 | |
| 145 | // Ensure there was no error message rendered |
| 146 | $this->assertStringNotContainsString('<h2>' . $this->lang('INFORMATION') . '</h2>', $this->get_content()); |
| 147 | |
| 148 | // Also the file name should be in the first row of the files table |
| 149 | $this->assertEquals('valid.jpg', $crawler->filter('span.file-name')->eq(1)->text()); |
| 150 | } |
| 151 | } |