tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Test allowedExtensions in UploadField, return correct HTTP status

Browse Source
This commit is contained in:
Ingo Schommer 2013-07-12 13:16:25 +02:00
parent c2c8498c64
commit 920edf88e7
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
forms/UploadField.php
View File

@ -525,6 +525,7 @@ class UploadField extends FileField {
} }
// Get the uploaded file into a new file object. // Get the uploaded file into a new file object.
// The loadIntoFile() method also validates constraints like allowed extensions
try { try {
$this->upload->loadIntoFile($tmpfile, $fileObject, $this->folderName); $this->upload->loadIntoFile($tmpfile, $fileObject, $this->folderName);
} catch (Exception $e) { } catch (Exception $e) {
@ -559,6 +560,7 @@ class UploadField extends FileField {
} }
$response = new SS_HTTPResponse(Convert::raw2json(array($return))); $response = new SS_HTTPResponse(Convert::raw2json(array($return)));
$response->addHeader('Content-Type', 'text/plain'); $response->addHeader('Content-Type', 'text/plain');
if($return['error']) $response->setStatusCode(403);
return $response; return $response;
} }

33
tests/forms/uploadfield/UploadFieldTest.php
View File

@ -123,6 +123,33 @@ class UploadFieldTest extends FunctionalTest {
$this->assertEquals($record->ManyManyFiles()->Last()->Name, $tmpFileName); $this->assertEquals($record->ManyManyFiles()->Last()->Name, $tmpFileName);
} }
/**
* Partially covered by {@link UploadTest->testUploadAcceptsAllowedExtension()},
* but this test additionally verifies that those constraints are actually enforced
* in this controller method.
*/
public function testAllowedExtensions() {
$this->loginWithPermission('ADMIN');
$invalidFile = 'invalid.php';
$_FILES = array('AllowedExtensionsField' => $this->getUploadFile($invalidFile));
$response = $this->post(
'UploadFieldTest_Controller/Form/field/AllowedExtensionsField/upload',
array('AllowedExtensionsField' => $this->getUploadFile($invalidFile))
);
$this->assertTrue($response->isError());
$this->assertContains('Extension is not allowed', $response->getBody());
$validFile = 'valid.jpg';
$_FILES = array('AllowedExtensionsField' => $this->getUploadFile($validFile));
$response = $this->post(
'UploadFieldTest_Controller/Form/field/AllowedExtensionsField/upload',
array('AllowedExtensionsField' => $this->getUploadFile($validFile))
);
$this->assertFalse($response->isError());
$this->assertNotContains('Extension is not allowed', $response->getBody());
}
public function testAllowedMaxFileNumberWithHasOne() { public function testAllowedMaxFileNumberWithHasOne() {
$this->loginWithPermission('ADMIN'); $this->loginWithPermission('ADMIN');
@ -831,6 +858,9 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
$fieldCanAttachExisting->setConfig('canAttachExisting', false); $fieldCanAttachExisting->setConfig('canAttachExisting', false);
$fieldCanAttachExisting->setRecord($record); $fieldCanAttachExisting->setRecord($record);
$fieldAllowedExtensions = new UploadField('AllowedExtensionsField');
$fieldAllowedExtensions->getValidator()->setAllowedExtensions(array('jpg'));
$form = new Form( $form = new Form(
$this, $this,
'Form', 'Form',
@ -847,7 +877,8 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
$fieldDisabled, $fieldDisabled,
$fieldSubfolder, $fieldSubfolder,
$fieldCanUploadFalse, $fieldCanUploadFalse,
$fieldCanAttachExisting $fieldCanAttachExisting,
$fieldAllowedExtensions
), ),
new FieldList( new FieldList(
new FormAction('submit') new FormAction('submit')