X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a644f64c6bc6b0abab84acc16f0359e038457d66..refs/pull/2734/head:/tests/Uploads/ImageTest.php diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index 9b0e004b1..c03d15dd7 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -165,21 +165,29 @@ class ImageTest extends TestCase $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped'); } - public function test_files_with_double_extensions_cannot_be_uploaded() + public function test_files_with_double_extensions_will_get_sanitized() { - $page = Page::first(); + $page = Page::query()->first(); $admin = $this->getAdmin(); $this->actingAs($admin); $fileName = 'bad.phtml.png'; $relPath = $this->getTestImagePath('gallery', $fileName); - $this->deleteImage($relPath); + $expectedRelPath = dirname($relPath) . '/bad-phtml.png'; + $this->deleteImage($expectedRelPath); $file = $this->newTestImageFromBase64('bad-phtml-png.base64', $fileName); $upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); - $upload->assertStatus(302); + $upload->assertStatus(200); + + $lastImage = Image::query()->latest('id')->first(); + + $this->assertEquals('bad.phtml.png', $lastImage->name); + $this->assertEquals('bad-phtml.png', basename($lastImage->path)); + $this->assertFileDoesNotExist(public_path($relPath), 'Uploaded image file name was not stripped of dots'); + $this->assertFileExists(public_path($expectedRelPath)); - $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped'); + $this->deleteImage($lastImage->path); } public function test_url_entities_removed_from_filenames() @@ -428,4 +436,4 @@ class ImageTest extends TestCase $this->deleteImage($relPath); } -} \ No newline at end of file +}