X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/b6aa232205d1f889be95a57e76ac391023e00bfd..refs/pull/2233/head:/tests/Uploads/ImageTest.php diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index 3cdcdf3fd..08ac63326 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -71,11 +71,7 @@ class ImageTest extends TestCase $newName = Str::random(); $update = $this->put('/images/' . $image->id, ['name' => $newName]); $update->assertSuccessful(); - $update->assertJson([ - 'id' => $image->id, - 'name' => $newName, - 'type' => 'gallery', - ]); + $update->assertSee($newName); $this->deleteImage($imgDetails['path']); @@ -92,31 +88,22 @@ class ImageTest extends TestCase $imgDetails = $this->uploadGalleryImage(); $image = Image::query()->first(); - $emptyJson = ['images' => [], 'has_more' => false]; - $resultJson = [ - 'images' => [ - [ - 'id' => $image->id, - 'name' => $imgDetails['name'], - ] - ], - 'has_more' => false, - ]; - $pageId = $imgDetails['page']->id; $firstPageRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}"); - $firstPageRequest->assertSuccessful()->assertJson($resultJson); + $firstPageRequest->assertSuccessful()->assertElementExists('div'); + $firstPageRequest->assertSuccessful()->assertSeeText($image->name); $secondPageRequest = $this->get("/images/gallery?page=2&uploaded_to={$pageId}"); - $secondPageRequest->assertSuccessful()->assertExactJson($emptyJson); + $secondPageRequest->assertSuccessful()->assertElementNotExists('div'); $namePartial = substr($imgDetails['name'], 0, 3); $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); - $searchHitRequest->assertSuccessful()->assertJson($resultJson); + $searchHitRequest->assertSuccessful()->assertSee($imgDetails['name']); $namePartial = Str::random(16); - $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); - $searchHitRequest->assertSuccessful()->assertExactJson($emptyJson); + $searchFailRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); + $searchFailRequest->assertSuccessful()->assertDontSee($imgDetails['name']); + $searchFailRequest->assertSuccessful()->assertElementNotExists('div'); } public function test_image_usage() @@ -131,14 +118,10 @@ class ImageTest extends TestCase $page->html = ''; $page->save(); - $usage = $this->get('/images/usage/' . $image->id); + $usage = $this->get('/images/edit/' . $image->id . '?delete=true'); $usage->assertSuccessful(); - $usage->assertJson([ - [ - 'id' => $page->id, - 'name' => $page->name - ] - ]); + $usage->assertSeeText($page->name); + $usage->assertSee($page->getUrl()); $this->deleteImage($imgDetails['path']); } @@ -199,6 +182,38 @@ class ImageTest extends TestCase $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped'); } + public function test_url_entities_removed_from_filenames() + { + $this->asEditor(); + $badNames = [ + "bad-char-#-image.png", + "bad-char-?-image.png", + "?#.png", + "?.png", + "#.png", + ]; + foreach ($badNames as $name) { + $galleryFile = $this->getTestImage($name); + $page = Page::first(); + $badPath = $this->getTestImagePath('gallery', $name); + $this->deleteImage($badPath); + + $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); + $upload->assertStatus(200); + + $lastImage = Image::query()->latest('id')->first(); + $newFileName = explode('.', basename($lastImage->path))[0]; + + $this->assertEquals($lastImage->name, $name); + $this->assertFalse(strpos($lastImage->path, $name), 'Path contains original image name'); + $this->assertFalse(file_exists(public_path($badPath)), 'Uploaded image file name was not stripped of url entities'); + + $this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing'); + + $this->deleteImage($lastImage->path); + } + } + public function test_secure_images_uploads_to_correct_place() { config()->set('filesystems.images', 'local_secure');