X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/c429cf78187e80deb63982a282a1c6889f30291a..refs/pull/3598/head:/tests/Uploads/AttachmentTest.php diff --git a/tests/Uploads/AttachmentTest.php b/tests/Uploads/AttachmentTest.php index 2248bc2c5..27a23bcae 100644 --- a/tests/Uploads/AttachmentTest.php +++ b/tests/Uploads/AttachmentTest.php @@ -17,13 +17,13 @@ class AttachmentTest extends TestCase */ protected function getTestFile(string $fileName): UploadedFile { - return new UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', 55, null, true); + return new UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', null, true); } /** * Uploads a file with the given name. */ - protected function uploadFile(string $name, int $uploadedTo = 0): \Illuminate\Foundation\Testing\TestResponse + protected function uploadFile(string $name, int $uploadedTo = 0): \Illuminate\Testing\TestResponse { $file = $this->getTestFile($name); @@ -44,6 +44,21 @@ class AttachmentTest extends TestCase return Attachment::query()->latest()->first(); } + /** + * Create a new upload attachment from the given data. + */ + protected function createUploadAttachment(Page $page, string $filename, string $content, string $mimeType): Attachment + { + $file = tmpfile(); + $filePath = stream_get_meta_data($file)['uri']; + file_put_contents($filePath, $content); + $upload = new UploadedFile($filePath, $filename, $mimeType, null, true); + + $this->call('POST', '/attachments/upload', ['uploaded_to' => $page->id], [], ['file' => $upload], []); + + return $page->attachments()->latest()->firstOrFail(); + } + /** * Delete all uploaded files. * To assist with cleanup. @@ -76,9 +91,9 @@ class AttachmentTest extends TestCase $upload->assertStatus(200); $attachment = Attachment::query()->orderBy('id', 'desc')->first(); - $expectedResp['path'] = $attachment->path; - $upload->assertJson($expectedResp); + + $expectedResp['path'] = $attachment->path; $this->assertDatabaseHas('attachments', $expectedResp); $this->deleteUploads(); @@ -94,7 +109,8 @@ class AttachmentTest extends TestCase $attachment = Attachment::query()->orderBy('id', 'desc')->first(); $this->assertStringNotContainsString($fileName, $attachment->path); - $this->assertStringEndsWith('.txt', $attachment->path); + $this->assertStringEndsWith('-txt', $attachment->path); + $this->deleteUploads(); } public function test_file_display_and_access() @@ -112,7 +128,8 @@ class AttachmentTest extends TestCase $pageGet->assertSee($attachment->getUrl()); $attachmentGet = $this->get($attachment->getUrl()); - $attachmentGet->assertSee('Hi, This is a test file for testing the upload process.'); + $content = $attachmentGet->streamedContent(); + $this->assertStringContainsString('Hi, This is a test file for testing the upload process.', $content); $this->deleteUploads(); } @@ -305,6 +322,22 @@ class AttachmentTest extends TestCase // http-foundation/Response does some 'fixing' of responses to add charsets to text responses. $attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8'); $attachmentGet->assertHeader('Content-Disposition', 'inline; filename="upload_test_file.txt"'); + $attachmentGet->assertHeader('X-Content-Type-Options', 'nosniff'); + + $this->deleteUploads(); + } + + public function test_html_file_access_with_open_forces_plain_content_type() + { + $page = Page::query()->first(); + $this->asAdmin(); + + $attachment = $this->createUploadAttachment($page, 'test_file.html', '

testing

', 'text/html'); + + $attachmentGet = $this->get($attachment->getUrl(true)); + // http-foundation/Response does some 'fixing' of responses to add charsets to text responses. + $attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8'); + $attachmentGet->assertHeader('Content-Disposition', 'inline; filename="test_file.html"'); $this->deleteUploads(); }