public function test_image_upload()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
public function test_image_display_thumbnail_generation_does_not_increase_image_size()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
public function test_image_usage()
{
- $page = Page::first();
+ $page = Page::query()->first();
$editor = $this->getEditor();
$this->actingAs($editor);
public function test_php_files_cannot_be_uploaded()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
public function test_php_like_files_cannot_be_uploaded()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped');
}
- public function test_files_with_double_extensions_cannot_be_uploaded()
+ public function test_files_with_double_extensions_will_get_sanitized()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
$fileName = 'bad.phtml.png';
$relPath = $this->getTestImagePath('gallery', $fileName);
- $this->deleteImage($relPath);
+ $expectedRelPath = dirname($relPath) . '/bad-phtml.png';
+ $this->deleteImage($expectedRelPath);
$file = $this->newTestImageFromBase64('bad-phtml-png.base64', $fileName);
$upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
- $upload->assertStatus(302);
+ $upload->assertStatus(200);
+
+ $lastImage = Image::query()->latest('id')->first();
+
+ $this->assertEquals('bad.phtml.png', $lastImage->name);
+ $this->assertEquals('bad-phtml.png', basename($lastImage->path));
+ $this->assertFileDoesNotExist(public_path($relPath), 'Uploaded image file name was not stripped of dots');
+ $this->assertFileExists(public_path($expectedRelPath));
- $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped');
+ $this->deleteImage($lastImage->path);
}
public function test_url_entities_removed_from_filenames()
];
foreach ($badNames as $name) {
$galleryFile = $this->getTestImage($name);
- $page = Page::first();
+ $page = Page::query()->first();
$badPath = $this->getTestImagePath('gallery', $name);
$this->deleteImage($badPath);
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$galleryFile = $this->getTestImage('my-secure-test-upload.png');
- $page = Page::first();
+ $page = Page::query()->first();
$expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png');
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$galleryFile = $this->getTestImage('my-secure-test-upload.png');
- $page = Page::first();
+ $page = Page::query()->first();
$expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png');
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
public function test_image_delete()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$imageName = 'first-image.png';
$relPath = $this->getTestImagePath('gallery', $imageName);
public function test_image_delete_does_not_delete_similar_images()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$imageName = 'first-image.png';
public function test_deleted_unused_images()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
$this->deleteImage($relPath);
}
-}
\ No newline at end of file
+}
projects / bookstack / blobdiff