bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated core to 7.58 (right after the site was hacked)

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2018-04-20 23:48:40 +02:00
parent 18f4aba146
commit 9344a61b61
711 changed files with 99690 additions and 480 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
modules/file/tests/file.test
View File

@@ -1626,6 +1626,79 @@ class FilePrivateTestCase extends FileFieldTestCase {
$this->drupalGet($file_url);
$this->assertResponse(403, 'Confirmed that another anonymous user cannot access the permanent file when it is referenced by an unpublished node.');
}
/**
* Tests file access for private nodes when file download access is granted.
*/
function testPrivateFileDownloadAccessGranted() {
// Tell file_module_test to attempt to grant access to all private files,
// and ensure that it is doing so correctly.
$test_file = $this->getTestFile('text');
$uri = file_unmanaged_move($test_file->uri, 'private://');
$file_url = file_create_url($uri);
$this->drupalGet($file_url);
$this->assertResponse(403, 'Access is not granted to an arbitrary private file by default.');
variable_set('file_module_test_grant_download_access', TRUE);
$this->drupalGet($file_url);
$this->assertResponse(200, 'Access is granted to an arbitrary private file after a module grants access to all private files in hook_file_download().');
// Create a public node with a file attached.
$type_name = 'page';
$field_name = strtolower($this->randomName());
$this->createFileField($field_name, $type_name, array('uri_scheme' => 'private'));
$test_file = $this->getTestFile('text');
$nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => FALSE));
$node = node_load($nid, NULL, TRUE);
$file_url = file_create_url($node->{$field_name}[LANGUAGE_NONE][0]['uri']);
// Unpublish the node and ensure that only administrators (not anonymous
// users) can access the node and download the file; the expectation is
// that the File module's hook_file_download() implementation will deny
// access and thereby override the file_module_test module's access grant.
$node->status = NODE_NOT_PUBLISHED;
node_save($node);
$this->drupalLogin($this->admin_user);
$this->drupalGet("node/$nid");
$this->assertResponse(200, 'Administrator can access the unpublished node.');
$this->drupalGet($file_url);
$this->assertResponse(200, 'Administrator can download the file attached to the unpublished node.');
$this->drupalLogOut();
$this->drupalGet("node/$nid");
$this->assertResponse(403, 'Anonymous user cannot access the unpublished node.');
$this->drupalGet($file_url);
$this->assertResponse(403, 'Anonymous user cannot download the file attached to the unpublished node.');
// Re-publish the node and ensure that the node and file can be accessed by
// everyone.
$node->status = NODE_PUBLISHED;
node_save($node);
$this->drupalLogin($this->admin_user);
$this->drupalGet("node/$nid");
$this->assertResponse(200, 'Administrator can access the published node.');
$this->drupalGet($file_url);
$this->assertResponse(200, 'Administrator can download the file attached to the published node.');
$this->drupalLogOut();
$this->drupalGet("node/$nid");
$this->assertResponse(200, 'Anonymous user can access the published node.');
$this->drupalGet($file_url);
$this->assertResponse(200, 'Anonymous user can download the file attached to the published node.');
// Make the node private via the node access system and test that only
// administrators (not anonymous users) can access the node and download
// the file.
$node->private = TRUE;
node_save($node);
$this->drupalLogin($this->admin_user);
$this->drupalGet("node/$nid");
$this->assertResponse(200, 'Administrator can access the private node.');
$this->drupalGet($file_url);
$this->assertResponse(200, 'Administrator can download the file attached to the private node.');
$this->drupalLogOut();
$this->drupalGet("node/$nid");
$this->assertResponse(403, 'Anonymous user cannot access the private node.');
$this->drupalGet($file_url);
$this->assertResponse(403, 'Anonymous user cannot download the file attached to the private node.');
}
}
/**

6
modules/file/tests/file_module_test.info
View File

@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2017-06-21
version = "7.56"
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
project = "drupal"
datestamp = "1498069849"
datestamp = "1522264019"

15
modules/file/tests/file_module_test.module
View File

@@ -67,3 +67,18 @@ function file_module_test_form_submit($form, &$form_state) {
}
drupal_set_message(t('The file id is %fid.', array('%fid' => $fid)));
}
/**
* Implements hook_file_download().
*/
function file_module_test_file_download($uri) {
if (variable_get('file_module_test_grant_download_access')) {
// Mimic what file_get_content_headers() would do if we had a full $file
// object to pass to it.
return array(
'Content-Type' => mime_header_encode(file_get_mimetype($uri)),
'Content-Length' => filesize($uri),
'Cache-Control' => 'private',
);
}
}