X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/3000/head:/tests/Uploads/ImageTest.php
diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php
index 1c736d672..69b6dc90e 100644
--- a/tests/Uploads/ImageTest.php
+++ b/tests/Uploads/ImageTest.php
@@ -1,44 +1,45 @@
-first();
$admin = $this->getAdmin();
$this->actingAs($admin);
$imgDetails = $this->uploadGalleryImage($page);
$relPath = $imgDetails['path'];
- $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: '. public_path($relPath));
+ $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: ' . public_path($relPath));
$this->deleteImage($relPath);
$this->assertDatabaseHas('images', [
- 'url' => $this->baseUrl . $relPath,
- 'type' => 'gallery',
+ 'url' => $this->baseUrl . $relPath,
+ 'type' => 'gallery',
'uploaded_to' => $page->id,
- 'path' => $relPath,
- 'created_by' => $admin->id,
- 'updated_by' => $admin->id,
- 'name' => $imgDetails['name'],
+ 'path' => $relPath,
+ 'created_by' => $admin->id,
+ 'updated_by' => $admin->id,
+ 'name' => $imgDetails['name'],
]);
}
public function test_image_display_thumbnail_generation_does_not_increase_image_size()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
@@ -47,7 +48,7 @@ class ImageTest extends TestCase
$imgDetails = $this->uploadGalleryImage($page, 'compressed.png');
$relPath = $imgDetails['path'];
- $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: '. public_path($relPath));
+ $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: ' . public_path($relPath));
$displayImage = $imgDetails['response']->thumbs->display;
$displayImageRelPath = implode('/', array_slice(explode('/', $displayImage), 3));
@@ -77,7 +78,7 @@ class ImageTest extends TestCase
$this->assertDatabaseHas('images', [
'type' => 'gallery',
- 'name' => $newName
+ 'name' => $newName,
]);
}
@@ -108,14 +109,14 @@ class ImageTest extends TestCase
public function test_image_usage()
{
- $page = Page::first();
+ $page = Page::query()->first();
$editor = $this->getEditor();
$this->actingAs($editor);
$imgDetails = $this->uploadGalleryImage($page);
$image = Image::query()->first();
- $page->html = '
';
+ $page->html = '
';
$page->save();
$usage = $this->get('/images/edit/' . $image->id . '?delete=true');
@@ -128,7 +129,7 @@ class ImageTest extends TestCase
public function test_php_files_cannot_be_uploaded()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
@@ -136,7 +137,7 @@ class ImageTest extends TestCase
$relPath = $this->getTestImagePath('gallery', $fileName);
$this->deleteImage($relPath);
- $file = $this->getTestImage($fileName);
+ $file = $this->newTestImageFromBase64('bad-php.base64', $fileName);
$upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
$upload->assertStatus(302);
@@ -144,13 +145,13 @@ class ImageTest extends TestCase
$this->assertDatabaseMissing('images', [
'type' => 'gallery',
- 'name' => $fileName
+ 'name' => $fileName,
]);
}
public function test_php_like_files_cannot_be_uploaded()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
@@ -158,43 +159,51 @@ class ImageTest extends TestCase
$relPath = $this->getTestImagePath('gallery', $fileName);
$this->deleteImage($relPath);
- $file = $this->getTestImage($fileName);
+ $file = $this->newTestImageFromBase64('bad-phtml.base64', $fileName);
$upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
$upload->assertStatus(302);
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped');
}
- public function test_files_with_double_extensions_cannot_be_uploaded()
+ public function test_files_with_double_extensions_will_get_sanitized()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
$fileName = 'bad.phtml.png';
$relPath = $this->getTestImagePath('gallery', $fileName);
- $this->deleteImage($relPath);
+ $expectedRelPath = dirname($relPath) . '/bad-phtml.png';
+ $this->deleteImage($expectedRelPath);
- $file = $this->getTestImage($fileName);
+ $file = $this->newTestImageFromBase64('bad-phtml-png.base64', $fileName);
$upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
- $upload->assertStatus(302);
+ $upload->assertStatus(200);
+
+ $lastImage = Image::query()->latest('id')->first();
+
+ $this->assertEquals('bad.phtml.png', $lastImage->name);
+ $this->assertEquals('bad-phtml.png', basename($lastImage->path));
+ $this->assertFileDoesNotExist(public_path($relPath), 'Uploaded image file name was not stripped of dots');
+ $this->assertFileExists(public_path($expectedRelPath));
- $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped');
+ $this->deleteImage($lastImage->path);
}
public function test_url_entities_removed_from_filenames()
{
$this->asEditor();
$badNames = [
- "bad-char-#-image.png",
- "bad-char-?-image.png",
- "?#.png",
- "?.png",
- "#.png",
+ 'bad-char-#-image.png',
+ 'bad-char-?-image.png',
+ '?#.png',
+ '?.png',
+ '#.png',
];
foreach ($badNames as $name) {
$galleryFile = $this->getTestImage($name);
- $page = Page::first();
+ $page = Page::query()->first();
$badPath = $this->getTestImagePath('gallery', $name);
$this->deleteImage($badPath);
@@ -219,13 +228,13 @@ class ImageTest extends TestCase
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$galleryFile = $this->getTestImage('my-secure-test-upload.png');
- $page = Page::first();
- $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png');
+ $page = Page::query()->first();
+ $expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-test-upload.png');
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
$upload->assertStatus(200);
- $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: '. $expectedPath);
+ $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath);
if (file_exists($expectedPath)) {
unlink($expectedPath);
@@ -237,8 +246,8 @@ class ImageTest extends TestCase
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$galleryFile = $this->getTestImage('my-secure-test-upload.png');
- $page = Page::first();
- $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png');
+ $page = Page::query()->first();
+ $expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-test-upload.png');
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
$imageUrl = json_decode($upload->getContent(), true)['url'];
@@ -260,12 +269,12 @@ class ImageTest extends TestCase
config()->set('filesystems.images', 'local_secure');
$this->asAdmin();
$galleryFile = $this->getTestImage('my-system-test-upload.png');
- $expectedPath = public_path('uploads/images/system/' . Date('Y-m') . '/my-system-test-upload.png');
+ $expectedPath = public_path('uploads/images/system/' . date('Y-m') . '/my-system-test-upload.png');
$upload = $this->call('POST', '/settings', [], [], ['app_logo' => $galleryFile], []);
$upload->assertRedirect('/settings');
- $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: '. $expectedPath);
+ $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath);
if (file_exists($expectedPath)) {
unlink($expectedPath);
@@ -274,7 +283,7 @@ class ImageTest extends TestCase
public function test_image_delete()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$imageName = 'first-image.png';
$relPath = $this->getTestImagePath('gallery', $imageName);
@@ -283,12 +292,12 @@ class ImageTest extends TestCase
$this->uploadImage($imageName, $page->id);
$image = Image::first();
- $delete = $this->delete( '/images/' . $image->id);
+ $delete = $this->delete('/images/' . $image->id);
$delete->assertStatus(200);
$this->assertDatabaseMissing('images', [
- 'url' => $this->baseUrl . $relPath,
- 'type' => 'gallery'
+ 'url' => $this->baseUrl . $relPath,
+ 'type' => 'gallery',
]);
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected');
@@ -296,7 +305,7 @@ class ImageTest extends TestCase
public function test_image_delete_does_not_delete_similar_images()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$imageName = 'first-image.png';
@@ -311,7 +320,7 @@ class ImageTest extends TestCase
$folder = public_path(dirname($relPath));
$imageCount = count(glob($folder . '/*'));
- $delete = $this->delete( '/images/' . $image->id);
+ $delete = $this->delete('/images/' . $image->id);
$delete->assertStatus(200);
$newCount = count(glob($folder . '/*'));
@@ -338,9 +347,9 @@ class ImageTest extends TestCase
$this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []);
$this->assertDatabaseHas('images', [
- 'type' => 'user',
+ 'type' => 'user',
'uploaded_to' => $editor->id,
- 'created_by' => $admin->id,
+ 'created_by' => $admin->id,
]);
}
@@ -353,7 +362,7 @@ class ImageTest extends TestCase
$this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []);
$profileImages = Image::where('type', '=', 'user')->where('created_by', '=', $editor->id)->get();
- $this->assertTrue($profileImages->count() === 1, "Found profile images does not match upload count");
+ $this->assertTrue($profileImages->count() === 1, 'Found profile images does not match upload count');
$imagePath = public_path($profileImages->first()->path);
$this->assertTrue(file_exists($imagePath));
@@ -362,12 +371,12 @@ class ImageTest extends TestCase
$userDelete->assertStatus(302);
$this->assertDatabaseMissing('images', [
- 'type' => 'user',
- 'created_by' => $editor->id
+ 'type' => 'user',
+ 'created_by' => $editor->id,
]);
$this->assertDatabaseMissing('images', [
- 'type' => 'user',
- 'uploaded_to' => $editor->id
+ 'type' => 'user',
+ 'uploaded_to' => $editor->id,
]);
$this->assertFalse(file_exists($imagePath));
@@ -375,7 +384,7 @@ class ImageTest extends TestCase
public function test_deleted_unused_images()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
@@ -389,9 +398,9 @@ class ImageTest extends TestCase
$pageRepo = app(PageRepo::class);
$pageRepo->update($page, [
- 'name' => $page->name,
- 'html' => $page->html . "![](\"{$image-)
url}\">",
- 'summary' => ''
+ 'name' => $page->name,
+ 'html' => $page->html . "url}\">",
+ 'summary' => '',
]);
// Ensure no images are reported as deletable
@@ -401,9 +410,9 @@ class ImageTest extends TestCase
// Save a revision of our page without the image;
$pageRepo->update($page, [
- 'name' => $page->name,
- 'html' => "Hello
",
- 'summary' => ''
+ 'name' => $page->name,
+ 'html' => 'Hello
',
+ 'summary' => '',
]);
// Ensure revision images are picked up okay
@@ -427,5 +436,4 @@ class ImageTest extends TestCase
$this->deleteImage($relPath);
}
-
-}
\ No newline at end of file
+}