3 namespace Drupal\KernelTests\Core\File;
6 * Tests filename munging and unmunging.
10 class NameMungingTest extends FileTestBase {
15 protected $badExtension;
25 protected $nameWithUcExt;
27 protected function setUp() {
29 $this->badExtension = 'php';
30 $this->name = $this->randomMachineName() . '.' . $this->badExtension . '.txt';
31 $this->nameWithUcExt = $this->randomMachineName() . '.' . strtoupper($this->badExtension) . '.txt';
35 * Create a file and munge/unmunge the name.
37 public function testMunging() {
38 // Disable insecure uploads.
39 $this->config('system.file')->set('allow_insecure_uploads', 0)->save();
40 $munged_name = file_munge_filename($this->name, '', TRUE);
41 $messages = \Drupal::messenger()->all();
42 \Drupal::messenger()->deleteAll();
43 $this->assertTrue(in_array(strtr('For security reasons, your upload has been renamed to <em class="placeholder">%filename</em>.', ['%filename' => $munged_name]), $messages['status']), 'Alert properly set when a file is renamed.');
44 $this->assertNotEqual($munged_name, $this->name, format_string('The new filename (%munged) has been modified from the original (%original)', ['%munged' => $munged_name, '%original' => $this->name]));
48 * Tests munging with a null byte in the filename.
50 public function testMungeNullByte() {
51 $prefix = $this->randomMachineName();
52 $filename = $prefix . '.' . $this->badExtension . "\0.txt";
53 $this->assertEqual(file_munge_filename($filename, ''), $prefix . '.' . $this->badExtension . '_.txt', 'A filename with a null byte is correctly munged to remove the null byte.');
57 * If the system.file.allow_insecure_uploads setting evaluates to true, the file should
58 * come out untouched, no matter how evil the filename.
60 public function testMungeIgnoreInsecure() {
61 $this->config('system.file')->set('allow_insecure_uploads', 1)->save();
62 $munged_name = file_munge_filename($this->name, '');
63 $this->assertSame($munged_name, $this->name, format_string('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', ['%munged' => $munged_name, '%original' => $this->name]));
67 * White listed extensions are ignored by file_munge_filename().
69 public function testMungeIgnoreWhitelisted() {
70 // Declare our extension as whitelisted. The declared extensions should
71 // be case insensitive so test using one with a different case.
72 $munged_name = file_munge_filename($this->nameWithUcExt, $this->badExtension);
73 $this->assertSame($munged_name, $this->nameWithUcExt, format_string('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', ['%munged' => $munged_name, '%original' => $this->nameWithUcExt]));
74 // The allowed extensions should also be normalized.
75 $munged_name = file_munge_filename($this->name, strtoupper($this->badExtension));
76 $this->assertSame($munged_name, $this->name, format_string('The new filename (%munged) matches the original (%original) also when the whitelisted extension is in uppercase.', ['%munged' => $munged_name, '%original' => $this->name]));
80 * Ensure that unmunge gets your name back.
82 public function testUnMunge() {
83 $munged_name = file_munge_filename($this->name, '', FALSE);
84 $unmunged_name = file_unmunge_filename($munged_name);
85 $this->assertSame($unmunged_name, $this->name, format_string('The unmunged (%unmunged) filename matches the original (%original)', ['%unmunged' => $unmunged_name, '%original' => $this->name]));