Révision 388c412d
Ajouté par Assos Assos il y a environ 7 ans
drupal7/sites/all/modules/media/tests/media.test | ||
---|---|---|
685 | 685 |
foreach ($settings['extension'] as $extension) { |
686 | 686 |
$file = $this->createFileEntity(array('scheme' => $scheme, 'uid' => $this->admin_user->uid, 'type' => $type, 'filemime' => media_get_extension_mimetype($extension))); |
687 | 687 |
|
688 |
// Some of the settings such as the scheme and extension are unsafe to |
|
689 |
// pass as query arguments, cache them and pass the cache ID. |
|
688 | 690 |
$options = array( |
689 |
'query' => array( |
|
690 |
'enabledPlugins' => array( |
|
691 |
'media_default--media_browser_1' => 'media_default--media_browser_1', |
|
692 |
), |
|
693 |
'schemes' => array($scheme), |
|
694 |
'types' => array($type), |
|
695 |
'file_extensions' => $extension, |
|
691 |
'enabledPlugins' => array( |
|
692 |
'media_default--media_browser_1' => 'media_default--media_browser_1', |
|
696 | 693 |
), |
694 |
'schemes' => array($scheme), |
|
695 |
'types' => array($type), |
|
696 |
'file_extensions' => $extension, |
|
697 | 697 |
); |
698 | 698 |
|
699 |
$cid = drupal_get_token(drupal_random_bytes(32)); |
|
700 |
cache_set('media_options:' . $cid, $options, 'cache_form', REQUEST_TIME + 21600); |
|
701 |
|
|
699 | 702 |
// Verify that the file is displayed. |
700 |
$this->drupalGet('media/browser', $options);
|
|
703 |
$this->drupalGet('media/browser', array('query' => array('options' => $cid)));
|
|
701 | 704 |
$this->assertResponse(200); |
702 | 705 |
$xpath = $this->buildXPathQuery('//ul[@class="media-list-thumbnails"]/li/div[@data-fid=:fid]/@data-fid', array( |
703 | 706 |
':fid' => $file->fid, |
... | ... | |
714 | 717 |
// Perform the tests with none and all of the restrictions. |
715 | 718 |
foreach (array('none', 'all') as $restrictions) { |
716 | 719 |
$options = array( |
717 |
'query' => array( |
|
718 |
'enabledPlugins' => array( |
|
719 |
'media_default--media_browser_1' => 'media_default--media_browser_1', |
|
720 |
), |
|
720 |
'enabledPlugins' => array( |
|
721 |
'media_default--media_browser_1' => 'media_default--media_browser_1', |
|
721 | 722 |
), |
722 | 723 |
); |
723 | 724 |
|
724 | 725 |
switch ($restrictions) { |
725 | 726 |
case 'none': |
726 |
$options['query']['schemes'] = array();
|
|
727 |
$options['query']['types'] = array();
|
|
728 |
$options['query']['file_extensions'] = array();
|
|
727 |
$options['schemes'] = array(); |
|
728 |
$options['types'] = array(); |
|
729 |
$options['file_extensions'] = array(); |
|
729 | 730 |
break; |
730 | 731 |
case 'all': |
731 |
$options['query']['schemes'] = $settings['scheme'];
|
|
732 |
$options['query']['types'] = $settings['type'];
|
|
733 |
$options['query']['file_extensions'] = implode(' ', $settings['extension']);
|
|
732 |
$options['schemes'] = $settings['scheme']; |
|
733 |
$options['types'] = $settings['type']; |
|
734 |
$options['file_extensions'] = implode(' ', $settings['extension']); |
|
734 | 735 |
break; |
735 | 736 |
} |
736 | 737 |
|
738 |
$cid = drupal_get_token(drupal_random_bytes(32)); |
|
739 |
cache_set('media_options:' . $cid, $options, 'cache_form', REQUEST_TIME + 21600); |
|
740 |
|
|
737 | 741 |
// Verify that all of the files are displayed. |
738 |
$this->drupalGet('media/browser', $options);
|
|
742 |
$this->drupalGet('media/browser', array('query' => array('options' => $cid)));
|
|
739 | 743 |
$this->assertResponse(200); |
740 | 744 |
$files = $this->xpath('//ul[@class="media-list-thumbnails"]/li/div[@data-fid]'); |
741 | 745 |
$this->assertEqual(count($files), 8, format_string('All of the files were displayed when %restrictions of the restrictions were enabled.', array('%restrictions' => $restrictions))); |
... | ... | |
749 | 753 |
$file = $this->createFileEntity(array('scheme' => $scheme, 'uid' => $this->admin_user->uid, 'type' => $type, 'filemime' => media_get_extension_mimetype($extension))); |
750 | 754 |
|
751 | 755 |
$options = array( |
752 |
'query' => array( |
|
753 |
'enabledPlugins' => array( |
|
754 |
'media_default--media_browser_1' => 'media_default--media_browser_1', |
|
755 |
), |
|
756 |
'schemes' => array($scheme, 'public'), // Include a local stream wrapper in order to trigger extension restrictions. |
|
757 |
'types' => array($type), |
|
758 |
'file_extensions' => 'fake', // Use an invalid file extension to ensure that it does not affect restrictions. |
|
756 |
'enabledPlugins' => array( |
|
757 |
'media_default--media_browser_1' => 'media_default--media_browser_1', |
|
759 | 758 |
), |
759 |
'schemes' => array($scheme, 'public'), // Include a local stream wrapper in order to trigger extension restrictions. |
|
760 |
'types' => array($type), |
|
761 |
'file_extensions' => 'fake', // Use an invalid file extension to ensure that it does not affect restrictions. |
|
760 | 762 |
); |
761 | 763 |
|
764 |
$cid = drupal_get_token(drupal_random_bytes(32)); |
|
765 |
cache_set('media_options:' . $cid, $options, 'cache_form', REQUEST_TIME + 21600); |
|
766 |
|
|
762 | 767 |
// Verify that the file is displayed. |
763 |
$this->drupalGet('media/browser', $options);
|
|
768 |
$this->drupalGet('media/browser', array('query' => array('options' => $cid)));
|
|
764 | 769 |
$this->assertResponse(200); |
765 | 770 |
$xpath = $this->buildXPathQuery('//ul[@class="media-list-thumbnails"]/li/div[@data-fid=:fid]/@data-fid', array( |
766 | 771 |
':fid' => $file->fid, |
... | ... | |
896 | 901 |
$this->assertTrue(strpos($javascript, $settings) > 0, 'Rendered media element adds the global settings.'); |
897 | 902 |
} |
898 | 903 |
|
904 |
/** |
|
905 |
* Tests that the field widget does not contain the insecure settings. |
|
906 |
*/ |
|
907 |
function testInsecureSettings() { |
|
908 |
// Use 'page' instead of 'article', so that the 'article' image field does |
|
909 |
// not conflict with this test. If in the future the 'page' type gets its |
|
910 |
// own default file or image field, this test can be made more robust by |
|
911 |
// using a custom node type. |
|
912 |
$type_name = 'page'; |
|
913 |
$field_name = strtolower($this->randomName()); |
|
914 |
$this->createFileField($field_name, $type_name); |
|
915 |
$this->drupalGet("node/add/$type_name"); |
|
916 |
|
|
917 |
$insecure_settings = array( |
|
918 |
'file_directory', |
|
919 |
'file_extensions', |
|
920 |
'max_filesize', |
|
921 |
'uri_scheme', |
|
922 |
); |
|
923 |
foreach ($insecure_settings as $setting) { |
|
924 |
$this->assertNoRaw($setting, format_string('Media file field widget does not contain the insecure element-specific setting @setting.', array( |
|
925 |
'@setting' => $setting, |
|
926 |
))); |
|
927 |
} |
|
928 |
} |
|
929 |
|
|
899 | 930 |
/** |
900 | 931 |
* Tests the media file field widget settings. |
901 | 932 |
*/ |
... | ... | |
934 | 965 |
), |
935 | 966 |
); |
936 | 967 |
$settings = drupal_json_encode(drupal_array_merge_deep_array($field_widget)); |
937 |
$this->assertTrue(strpos($javascript, $settings) > 0, 'Media file field widget adds element-specific settings.'); |
|
968 |
$string_with_options = '-0-upload":{"global":{"options":"'; |
|
969 |
$index_of_cid = strpos($javascript, $string_with_options) + strlen($string_with_options); |
|
970 |
$index_end_of_cid = strpos($javascript, '"', $index_of_cid + 1); |
|
971 |
$cid = substr($javascript, $index_of_cid, ($index_end_of_cid - $index_of_cid)); |
|
972 |
|
|
973 |
// Retrieve the security sensitive options from the cache using the cid parsed out from the $javascript variable |
|
974 |
$retrieved_settings = cache_get('media_options:' . $cid, 'cache_form'); |
|
975 |
$retrieved_settings = array('.js-media-element-edit-' . $field_name . '-' . LANGUAGE_NONE . '-0-upload' => array( |
|
976 |
'global' => $retrieved_settings->data)); |
|
977 |
$retrieved_settings_json = drupal_json_encode($retrieved_settings); |
|
978 |
|
|
979 |
$this->assertTrue($retrieved_settings_json == $settings, 'Media file field widget retrieved from cache and has element-specific settings.'); |
|
980 |
$this->assertTrue(strpos($javascript, $cid) > 0, 'Media file field widget is cached and its` cache id is found.'); |
|
938 | 981 |
} |
939 | 982 |
} |
940 | 983 |
|
Formats disponibles : Unified diff
Weekly update of contrib modules