X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/da1cea06ca5db56a9635bf8bb01da2516d601620..refs/pull/2700/head:/tests/Uploads/ImageTest.php diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index 416927ac9..c03d15dd7 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -2,7 +2,7 @@ use BookStack\Entities\Repos\PageRepo; use BookStack\Uploads\Image; -use BookStack\Entities\Page; +use BookStack\Entities\Models\Page; use BookStack\Uploads\ImageService; use Illuminate\Support\Str; use Tests\TestCase; @@ -71,11 +71,7 @@ class ImageTest extends TestCase $newName = Str::random(); $update = $this->put('/images/' . $image->id, ['name' => $newName]); $update->assertSuccessful(); - $update->assertJson([ - 'id' => $image->id, - 'name' => $newName, - 'type' => 'gallery', - ]); + $update->assertSee($newName); $this->deleteImage($imgDetails['path']); @@ -92,31 +88,22 @@ class ImageTest extends TestCase $imgDetails = $this->uploadGalleryImage(); $image = Image::query()->first(); - $emptyJson = ['images' => [], 'has_more' => false]; - $resultJson = [ - 'images' => [ - [ - 'id' => $image->id, - 'name' => $imgDetails['name'], - ] - ], - 'has_more' => false, - ]; - $pageId = $imgDetails['page']->id; $firstPageRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}"); - $firstPageRequest->assertSuccessful()->assertJson($resultJson); + $firstPageRequest->assertSuccessful()->assertElementExists('div'); + $firstPageRequest->assertSuccessful()->assertSeeText($image->name); $secondPageRequest = $this->get("/images/gallery?page=2&uploaded_to={$pageId}"); - $secondPageRequest->assertSuccessful()->assertExactJson($emptyJson); + $secondPageRequest->assertSuccessful()->assertElementNotExists('div'); $namePartial = substr($imgDetails['name'], 0, 3); $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); - $searchHitRequest->assertSuccessful()->assertJson($resultJson); + $searchHitRequest->assertSuccessful()->assertSee($imgDetails['name']); $namePartial = Str::random(16); - $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); - $searchHitRequest->assertSuccessful()->assertExactJson($emptyJson); + $searchFailRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); + $searchFailRequest->assertSuccessful()->assertDontSee($imgDetails['name']); + $searchFailRequest->assertSuccessful()->assertElementNotExists('div'); } public function test_image_usage() @@ -131,14 +118,10 @@ class ImageTest extends TestCase $page->html = ''; $page->save(); - $usage = $this->get('/images/usage/' . $image->id); + $usage = $this->get('/images/edit/' . $image->id . '?delete=true'); $usage->assertSuccessful(); - $usage->assertJson([ - [ - 'id' => $page->id, - 'name' => $page->name - ] - ]); + $usage->assertSeeText($page->name); + $usage->assertSee($page->getUrl()); $this->deleteImage($imgDetails['path']); } @@ -153,7 +136,7 @@ class ImageTest extends TestCase $relPath = $this->getTestImagePath('gallery', $fileName); $this->deleteImage($relPath); - $file = $this->getTestImage($fileName); + $file = $this->newTestImageFromBase64('bad-php.base64', $fileName); $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); @@ -175,28 +158,68 @@ class ImageTest extends TestCase $relPath = $this->getTestImagePath('gallery', $fileName); $this->deleteImage($relPath); - $file = $this->getTestImage($fileName); + $file = $this->newTestImageFromBase64('bad-phtml.base64', $fileName); $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped'); } - public function test_files_with_double_extensions_cannot_be_uploaded() + public function test_files_with_double_extensions_will_get_sanitized() { - $page = Page::first(); + $page = Page::query()->first(); $admin = $this->getAdmin(); $this->actingAs($admin); $fileName = 'bad.phtml.png'; $relPath = $this->getTestImagePath('gallery', $fileName); - $this->deleteImage($relPath); + $expectedRelPath = dirname($relPath) . '/bad-phtml.png'; + $this->deleteImage($expectedRelPath); - $file = $this->getTestImage($fileName); + $file = $this->newTestImageFromBase64('bad-phtml-png.base64', $fileName); $upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); - $upload->assertStatus(302); + $upload->assertStatus(200); + + $lastImage = Image::query()->latest('id')->first(); + + $this->assertEquals('bad.phtml.png', $lastImage->name); + $this->assertEquals('bad-phtml.png', basename($lastImage->path)); + $this->assertFileDoesNotExist(public_path($relPath), 'Uploaded image file name was not stripped of dots'); + $this->assertFileExists(public_path($expectedRelPath)); - $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped'); + $this->deleteImage($lastImage->path); + } + + public function test_url_entities_removed_from_filenames() + { + $this->asEditor(); + $badNames = [ + "bad-char-#-image.png", + "bad-char-?-image.png", + "?#.png", + "?.png", + "#.png", + ]; + foreach ($badNames as $name) { + $galleryFile = $this->getTestImage($name); + $page = Page::first(); + $badPath = $this->getTestImagePath('gallery', $name); + $this->deleteImage($badPath); + + $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); + $upload->assertStatus(200); + + $lastImage = Image::query()->latest('id')->first(); + $newFileName = explode('.', basename($lastImage->path))[0]; + + $this->assertEquals($lastImage->name, $name); + $this->assertFalse(strpos($lastImage->path, $name), 'Path contains original image name'); + $this->assertFalse(file_exists(public_path($badPath)), 'Uploaded image file name was not stripped of url entities'); + + $this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing'); + + $this->deleteImage($lastImage->path); + } } public function test_secure_images_uploads_to_correct_place() @@ -262,10 +285,11 @@ class ImageTest extends TestCase $page = Page::first(); $this->asAdmin(); $imageName = 'first-image.png'; + $relPath = $this->getTestImagePath('gallery', $imageName); + $this->deleteImage($relPath); $this->uploadImage($imageName, $page->id); $image = Image::first(); - $relPath = $this->getTestImagePath('gallery', $imageName); $delete = $this->delete( '/images/' . $image->id); $delete->assertStatus(200); @@ -278,6 +302,31 @@ class ImageTest extends TestCase $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); } + public function test_image_delete_does_not_delete_similar_images() + { + $page = Page::first(); + $this->asAdmin(); + $imageName = 'first-image.png'; + + $relPath = $this->getTestImagePath('gallery', $imageName); + $this->deleteImage($relPath); + + $this->uploadImage($imageName, $page->id); + $this->uploadImage($imageName, $page->id); + $this->uploadImage($imageName, $page->id); + + $image = Image::first(); + $folder = public_path(dirname($relPath)); + $imageCount = count(glob($folder . '/*')); + + $delete = $this->delete( '/images/' . $image->id); + $delete->assertStatus(200); + + $newCount = count(glob($folder . '/*')); + $this->assertEquals($imageCount - 1, $newCount, 'More files than expected have been deleted'); + $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); + } + protected function getTestProfileImage() { $imageName = 'profile.png'; @@ -387,4 +436,4 @@ class ImageTest extends TestCase $this->deleteImage($relPath); } -} \ No newline at end of file +}