#2001 - Make filename sanitizing more consistent.

- legal_file - added sanitize_filname() to sanitize photo/movie filenames.
- admin_watermarks - revised add() to use new function.
- item model - added _process_data_file_info() to validate the data file, get its metadata, and sanitize the item name.
- item model - revised save() for new items to use _process_data_file_info *before* the slug is checked.
- item model - revised save() for updated items to use _process_data_file_info.
- item model - revised save() for updated items to sanitize name if changed.
- uploader - removed call to smash_extensions (item model does this when it calls sanitize_filename).
- Legal_File_Helper_Test - added unit tests for sanitize_filename.
- Item_Model_Test - revised existing unit tests based on changes.
- Item_Model_Test - added new unit tests for names with legal but incorrect extensions.
- Averted take over by HAL with fix #2001...
This commit is contained in:
shadlaws
2013-02-12 00:37:33 +01:00
parent e109f0b511
commit d04a6fc87d
6 changed files with 202 additions and 108 deletions

View File

@@ -126,14 +126,9 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
public function item_rename_wont_accept_slash_test() {
$item = test::random_photo();
try {
$item->name = test::random_name() . "/";
$item->save();
} catch (ORM_Validation_Exception $e) {
$this->assert_equal(array("name" => "no_slashes"), $e->validation->errors());
return;
}
$this->assert_true(false, "Shouldn't get here");
$item->name = "/no_slashes/allowed/";
$item->save();
$this->assert_equal("no_slashes_allowed.jpg", $item->name);
}
public function move_album_test() {
@@ -328,30 +323,17 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
}
public function photo_files_must_have_an_extension_test() {
try {
$photo = test::random_photo_unsaved();
$photo->mime_type = "image/jpeg";
$photo->name = "no_extension";
$photo->save();
} catch (ORM_Validation_Exception $e) {
$this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors());
return; // pass
}
$this->assert_true(false, "Shouldn't get here");
$photo = test::random_photo_unsaved();
$photo->name = "no_extension_photo";
$photo->save();
$this->assert_equal("no_extension_photo.jpg", $photo->name);
}
public function movie_files_must_have_an_extension_test() {
try {
$movie = test::random_movie_unsaved();
$movie->type = "movie";
$movie->mime_type = "video/x-flv";
$movie->name = "no_extension";
$movie->save();
} catch (ORM_Validation_Exception $e) {
$this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors());
return; // pass
}
$this->assert_true(false, "Shouldn't get here");
$movie = test::random_movie_unsaved();
$movie->name = "no_extension_movie";
$movie->save();
$this->assert_equal("no_extension_movie.flv", $movie->name);
}
public function cant_delete_root_album_test() {
@@ -445,7 +427,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
$photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php");
$photo->save();
} catch (ORM_Validation_Exception $e) {
$this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors());
$this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors());
return; // pass
}
$this->assert_true(false, "Shouldn't get here");
@@ -462,6 +444,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
$this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors());
return; // pass
}
$this->assert_true(false, "Shouldn't get here");
}
public function urls_test() {
@@ -493,43 +476,55 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
$album->thumb_url() . " is malformed");
}
public function legal_extension_test() {
foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) {
public function legal_extension_that_does_match_gets_used_test() {
foreach (array("jpg", "JPG", "Jpg", "jpeg") as $extension) {
$photo = test::random_photo_unsaved(item::root());
$photo->name = $name;
$photo->name = test::random_name() . ".{$extension}";
$photo->save();
// Should get renamed with the correct jpg extension of the data file.
$this->assert_equal($extension, pathinfo($photo->name, PATHINFO_EXTENSION));
}
}
public function illegal_extension_test() {
foreach (array("test.php", "test.PHP", "test.php5", "test.php4",
"test.pl", "test.php.png") as $name) {
try {
$photo = test::random_photo_unsaved(item::root());
$photo->name = $name;
$photo->save();
} catch (ORM_Validation_Exception $e) {
$this->assert_equal(array("name" => "illegal_data_file_extension"),
$e->validation->errors());
continue;
}
$this->assert_true(false, "Shouldn't get here");
$photo = test::random_photo_unsaved(item::root());
$photo->name = $name;
$photo->save();
// Should get renamed with the correct jpg extension of the data file.
$this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION));
}
}
public function cant_rename_to_illegal_extension_test() {
foreach (array("test.php.test", "test.php", "test.PHP",
"test.php5", "test.php4", "test.pl") as $name) {
try {
$photo = test::random_photo(item::root());
$photo->name = $name;
$photo->save();
} catch (ORM_Validation_Exception $e) {
$this->assert_equal(array("name" => "illegal_data_file_extension"),
$e->validation->errors());
continue;
}
$this->assert_true(false, "Shouldn't get here");
$photo = test::random_photo(item::root());
$photo->name = $name;
$photo->save();
// Should get renamed with the correct jpg extension of the data file.
$this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION));
}
}
public function legal_extension_that_doesnt_match_gets_fixed_test() {
foreach (array("test.png", "test.mp4", "test.GIF") as $name) {
$photo = test::random_photo_unsaved(item::root());
$photo->name = $name;
$photo->save();
// Should get renamed with the correct jpg extension of the data file.
$this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION));
}
}
public function rename_to_legal_extension_that_doesnt_match_gets_fixed_test() {
foreach (array("test.png", "test.mp4", "test.GIF") as $name) {
$photo = test::random_photo(item::root());
$photo->name = $name;
$photo->save();
// Should get renamed with the correct jpg extension of the data file.
$this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION));
}
}