12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877 |
- <?php
- /**
- * @file
- * Tests for file.module.
- */
- /**
- * Provides methods specifically for testing File module's field handling.
- */
- class FileFieldTestCase extends DrupalWebTestCase {
- protected $admin_user;
- function setUp() {
- // Since this is a base class for many test cases, support the same
- // flexibility that DrupalWebTestCase::setUp() has for the modules to be
- // passed in as either an array or a variable number of string arguments.
- $modules = func_get_args();
- if (isset($modules[0]) && is_array($modules[0])) {
- $modules = $modules[0];
- }
- $modules[] = 'file';
- $modules[] = 'file_module_test';
- parent::setUp($modules);
- $this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer users', 'administer permissions', 'administer content types', 'administer nodes', 'bypass node access', 'administer fields'));
- $this->drupalLogin($this->admin_user);
- }
- /**
- * Retrieves a sample file of the specified type.
- */
- function getTestFile($type_name, $size = NULL) {
- // Get a file to upload.
- $file = current($this->drupalGetTestFiles($type_name, $size));
- // Add a filesize property to files as would be read by file_load().
- $file->filesize = filesize($file->uri);
- return $file;
- }
- /**
- * Retrieves the fid of the last inserted file.
- */
- function getLastFileId() {
- return (int) db_query('SELECT MAX(fid) FROM {file_managed}')->fetchField();
- }
- /**
- * Creates a new file field.
- *
- * @param $name
- * The name of the new field (all lowercase), exclude the "field_" prefix.
- * @param $type_name
- * The node type that this field will be added to.
- * @param $field_settings
- * A list of field settings that will be added to the defaults.
- * @param $instance_settings
- * A list of instance settings that will be added to the instance defaults.
- * @param $widget_settings
- * A list of widget settings that will be added to the widget defaults.
- */
- function createFileField($name, $type_name, $field_settings = array(), $instance_settings = array(), $widget_settings = array()) {
- $field = array(
- 'field_name' => $name,
- 'type' => 'file',
- 'settings' => array(),
- 'cardinality' => !empty($field_settings['cardinality']) ? $field_settings['cardinality'] : 1,
- );
- $field['settings'] = array_merge($field['settings'], $field_settings);
- field_create_field($field);
- $this->attachFileField($name, 'node', $type_name, $instance_settings, $widget_settings);
- }
- /**
- * Attaches a file field to an entity.
- *
- * @param $name
- * The name of the new field (all lowercase), exclude the "field_" prefix.
- * @param $entity_type
- * The entity type this field will be added to.
- * @param $bundle
- * The bundle this field will be added to.
- * @param $field_settings
- * A list of field settings that will be added to the defaults.
- * @param $instance_settings
- * A list of instance settings that will be added to the instance defaults.
- * @param $widget_settings
- * A list of widget settings that will be added to the widget defaults.
- */
- function attachFileField($name, $entity_type, $bundle, $instance_settings = array(), $widget_settings = array()) {
- $instance = array(
- 'field_name' => $name,
- 'label' => $name,
- 'entity_type' => $entity_type,
- 'bundle' => $bundle,
- 'required' => !empty($instance_settings['required']),
- 'settings' => array(),
- 'widget' => array(
- 'type' => 'file_generic',
- 'settings' => array(),
- ),
- );
- $instance['settings'] = array_merge($instance['settings'], $instance_settings);
- $instance['widget']['settings'] = array_merge($instance['widget']['settings'], $widget_settings);
- field_create_instance($instance);
- }
- /**
- * Updates an existing file field with new settings.
- */
- function updateFileField($name, $type_name, $instance_settings = array(), $widget_settings = array()) {
- $instance = field_info_instance('node', $name, $type_name);
- $instance['settings'] = array_merge($instance['settings'], $instance_settings);
- $instance['widget']['settings'] = array_merge($instance['widget']['settings'], $widget_settings);
- field_update_instance($instance);
- }
- /**
- * Uploads a file to a node.
- */
- function uploadNodeFile($file, $field_name, $nid_or_type, $new_revision = TRUE, $extras = array()) {
- $langcode = LANGUAGE_NONE;
- $edit = array(
- "title" => $this->randomName(),
- 'revision' => (string) (int) $new_revision,
- );
- if (is_numeric($nid_or_type)) {
- $nid = $nid_or_type;
- }
- else {
- // Add a new node.
- $extras['type'] = $nid_or_type;
- $node = $this->drupalCreateNode($extras);
- $nid = $node->nid;
- // Save at least one revision to better simulate a real site.
- $this->drupalCreateNode(get_object_vars($node));
- $node = node_load($nid, NULL, TRUE);
- $this->assertNotEqual($nid, $node->vid, 'Node revision exists.');
- }
- // Attach a file to the node.
- $edit['files[' . $field_name . '_' . $langcode . '_0]'] = drupal_realpath($file->uri);
- $this->drupalPost("node/$nid/edit", $edit, t('Save'));
- return $nid;
- }
- /**
- * Removes a file from a node.
- *
- * Note that if replacing a file, it must first be removed then added again.
- */
- function removeNodeFile($nid, $new_revision = TRUE) {
- $edit = array(
- 'revision' => (string) (int) $new_revision,
- );
- $this->drupalPost('node/' . $nid . '/edit', array(), t('Remove'));
- $this->drupalPost(NULL, $edit, t('Save'));
- }
- /**
- * Replaces a file within a node.
- */
- function replaceNodeFile($file, $field_name, $nid, $new_revision = TRUE) {
- $edit = array(
- 'files[' . $field_name . '_' . LANGUAGE_NONE . '_0]' => drupal_realpath($file->uri),
- 'revision' => (string) (int) $new_revision,
- );
- $this->drupalPost('node/' . $nid . '/edit', array(), t('Remove'));
- $this->drupalPost(NULL, $edit, t('Save'));
- }
- /**
- * Asserts that a file exists physically on disk.
- */
- function assertFileExists($file, $message = NULL) {
- $message = isset($message) ? $message : format_string('File %file exists on the disk.', array('%file' => $file->uri));
- $this->assertTrue(is_file($file->uri), $message);
- }
- /**
- * Asserts that a file exists in the database.
- */
- function assertFileEntryExists($file, $message = NULL) {
- entity_get_controller('file')->resetCache();
- $db_file = file_load($file->fid);
- $message = isset($message) ? $message : format_string('File %file exists in database at the correct path.', array('%file' => $file->uri));
- $this->assertEqual($db_file->uri, $file->uri, $message);
- }
- /**
- * Asserts that a file does not exist on disk.
- */
- function assertFileNotExists($file, $message = NULL) {
- $message = isset($message) ? $message : format_string('File %file exists on the disk.', array('%file' => $file->uri));
- $this->assertFalse(is_file($file->uri), $message);
- }
- /**
- * Asserts that a file does not exist in the database.
- */
- function assertFileEntryNotExists($file, $message) {
- entity_get_controller('file')->resetCache();
- $message = isset($message) ? $message : format_string('File %file exists in database at the correct path.', array('%file' => $file->uri));
- $this->assertFalse(file_load($file->fid), $message);
- }
- /**
- * Asserts that a file's status is set to permanent in the database.
- */
- function assertFileIsPermanent($file, $message = NULL) {
- $message = isset($message) ? $message : format_string('File %file is permanent.', array('%file' => $file->uri));
- $this->assertTrue($file->status == FILE_STATUS_PERMANENT, $message);
- }
- /**
- * Creates a temporary file, for a specific user.
- *
- * @param string $data
- * A string containing the contents of the file.
- * @param int $uid
- * The user ID of the file owner.
- *
- * @return object
- * A file object, or FALSE on error.
- */
- function createTemporaryFile($data, $uid = NULL) {
- $file = file_save_data($data, NULL, NULL);
- if ($file) {
- $file->uid = isset($uid) ? $uid : $this->admin_user->uid;
- // Change the file status to be temporary.
- $file->status = NULL;
- return file_save($file);
- }
- return $file;
- }
- }
- /**
- * Tests adding a file to a non-node entity.
- */
- class FileTaxonomyTermTestCase extends DrupalWebTestCase {
- protected $admin_user;
- public static function getInfo() {
- return array(
- 'name' => 'Taxonomy term file test',
- 'description' => 'Tests adding a file to a non-node entity.',
- 'group' => 'File',
- );
- }
- public function setUp() {
- $modules[] = 'file';
- $modules[] = 'taxonomy';
- parent::setUp($modules);
- $this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer taxonomy'));
- $this->drupalLogin($this->admin_user);
- }
- /**
- * Creates a file field and attaches it to the "Tags" taxonomy vocabulary.
- *
- * @param $name
- * The field name of the file field to create.
- * @param $uri_scheme
- * The URI scheme to use for the file field (for example, "private" to
- * create a field that stores private files or "public" to create a field
- * that stores public files).
- */
- protected function createAttachFileField($name, $uri_scheme) {
- $field = array(
- 'field_name' => $name,
- 'type' => 'file',
- 'settings' => array(
- 'uri_scheme' => $uri_scheme,
- ),
- 'cardinality' => 1,
- );
- field_create_field($field);
- // Attach an instance of it.
- $instance = array(
- 'field_name' => $name,
- 'label' => 'File',
- 'entity_type' => 'taxonomy_term',
- 'bundle' => 'tags',
- 'required' => FALSE,
- 'settings' => array(),
- 'widget' => array(
- 'type' => 'file_generic',
- 'settings' => array(),
- ),
- );
- field_create_instance($instance);
- }
- /**
- * Tests that a public file can be attached to a taxonomy term.
- *
- * This is a regression test for https://www.drupal.org/node/2305017.
- */
- public function testTermFilePublic() {
- $this->_testTermFile('public');
- }
- /**
- * Tests that a private file can be attached to a taxonomy term.
- *
- * This is a regression test for https://www.drupal.org/node/2305017.
- */
- public function testTermFilePrivate() {
- $this->_testTermFile('private');
- }
- /**
- * Runs tests for attaching a file field to a taxonomy term.
- *
- * @param $uri_scheme
- * The URI scheme to use for the file field, either "public" or "private".
- */
- protected function _testTermFile($uri_scheme) {
- $field_name = strtolower($this->randomName());
- $this->createAttachFileField($field_name, $uri_scheme);
- // Get a file to upload.
- $file = current($this->drupalGetTestFiles('text'));
- // Add a filesize property to files as would be read by file_load().
- $file->filesize = filesize($file->uri);
- $langcode = LANGUAGE_NONE;
- $edit = array(
- "name" => $this->randomName(),
- );
- // Attach a file to the term.
- $edit['files[' . $field_name . '_' . $langcode . '_0]'] = drupal_realpath($file->uri);
- $this->drupalPost("admin/structure/taxonomy/tags/add", $edit, t('Save'));
- // Find the term ID we just created.
- $tid = db_query_range('SELECT tid FROM {taxonomy_term_data} ORDER BY tid DESC', 0, 1)->fetchField();
- $terms = entity_load('taxonomy_term', array($tid));
- $term = $terms[$tid];
- $fid = $term->{$field_name}[LANGUAGE_NONE][0]['fid'];
- // Check that the uploaded file is present on the edit form.
- $this->drupalGet("taxonomy/term/$tid/edit");
- $file_input_name = $field_name . '[' . LANGUAGE_NONE . '][0][fid]';
- $this->assertFieldByXpath('//input[@type="hidden" and @name="' . $file_input_name . '"]', $fid, 'File is attached on edit form.');
- // Edit the term and change name without changing the file.
- $edit = array(
- "name" => $this->randomName(),
- );
- $this->drupalPost("taxonomy/term/$tid/edit", $edit, t('Save'));
- // Check that the uploaded file is still present on the edit form.
- $this->drupalGet("taxonomy/term/$tid/edit");
- $file_input_name = $field_name . '[' . LANGUAGE_NONE . '][0][fid]';
- $this->assertFieldByXpath('//input[@type="hidden" and @name="' . $file_input_name . '"]', $fid, 'File is attached on edit form.');
- // Load term while resetting the cache.
- $terms = entity_load('taxonomy_term', array($tid), array(), TRUE);
- $term = $terms[$tid];
- $this->assertTrue(!empty($term->{$field_name}[LANGUAGE_NONE]), 'Term has attached files.');
- $this->assertEqual($term->{$field_name}[LANGUAGE_NONE][0]['fid'], $fid, 'Same File ID is attached to the term.');
- }
- }
- /**
- * Tests the 'managed_file' element type.
- *
- * @todo Create a FileTestCase base class and move FileFieldTestCase methods
- * that aren't related to fields into it.
- */
- class FileManagedFileElementTestCase extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'Managed file element test',
- 'description' => 'Tests the managed_file element type.',
- 'group' => 'File',
- );
- }
- /**
- * Tests the managed_file element type.
- */
- function testManagedFile() {
- // Check that $element['#size'] is passed to the child upload element.
- $this->drupalGet('file/test');
- $this->assertFieldByXpath('//input[@name="files[nested_file]" and @size="13"]', NULL, 'The custom #size attribute is passed to the child upload element.');
- // Perform the tests with all permutations of $form['#tree'] and
- // $element['#extended'].
- foreach (array(0, 1) as $tree) {
- foreach (array(0, 1) as $extended) {
- $test_file = $this->getTestFile('text');
- $path = 'file/test/' . $tree . '/' . $extended;
- $input_base_name = $tree ? 'nested_file' : 'file';
- // Submit without a file.
- $this->drupalPost($path, array(), t('Save'));
- $this->assertRaw(t('The file id is %fid.', array('%fid' => 0)), 'Submitted without a file.');
- // Submit with a file, but with an invalid form token. Ensure the file
- // was not saved.
- $last_fid_prior = $this->getLastFileId();
- $edit = array(
- 'files[' . $input_base_name . ']' => drupal_realpath($test_file->uri),
- 'form_token' => 'invalid token',
- );
- $this->drupalPost($path, $edit, t('Save'));
- $this->assertText('The form has become outdated. Copy any unsaved work in the form below');
- $last_fid = $this->getLastFileId();
- $this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');
- // Submit a new file, without using the Upload button.
- $last_fid_prior = $this->getLastFileId();
- $edit = array('files[' . $input_base_name . ']' => drupal_realpath($test_file->uri));
- $this->drupalPost($path, $edit, t('Save'));
- $last_fid = $this->getLastFileId();
- $this->assertTrue($last_fid > $last_fid_prior, 'New file got saved.');
- $this->assertRaw(t('The file id is %fid.', array('%fid' => $last_fid)), 'Submit handler has correct file info.');
- // Submit no new input, but with a default file.
- $this->drupalPost($path . '/' . $last_fid, array(), t('Save'));
- $this->assertRaw(t('The file id is %fid.', array('%fid' => $last_fid)), 'Empty submission did not change an existing file.');
- // Now, test the Upload and Remove buttons, with and without Ajax.
- foreach (array(FALSE, TRUE) as $ajax) {
- // Upload, then Submit.
- $last_fid_prior = $this->getLastFileId();
- $this->drupalGet($path);
- $edit = array('files[' . $input_base_name . ']' => drupal_realpath($test_file->uri));
- if ($ajax) {
- $this->drupalPostAJAX(NULL, $edit, $input_base_name . '_upload_button');
- }
- else {
- $this->drupalPost(NULL, $edit, t('Upload'));
- }
- $last_fid = $this->getLastFileId();
- $this->assertTrue($last_fid > $last_fid_prior, 'New file got uploaded.');
- $this->drupalPost(NULL, array(), t('Save'));
- $this->assertRaw(t('The file id is %fid.', array('%fid' => $last_fid)), 'Submit handler has correct file info.');
- // Remove, then Submit.
- $this->drupalGet($path . '/' . $last_fid);
- if ($ajax) {
- $this->drupalPostAJAX(NULL, array(), $input_base_name . '_remove_button');
- }
- else {
- $this->drupalPost(NULL, array(), t('Remove'));
- }
- $this->drupalPost(NULL, array(), t('Save'));
- $this->assertRaw(t('The file id is %fid.', array('%fid' => 0)), 'Submission after file removal was successful.');
- // Upload, then Remove, then Submit.
- $this->drupalGet($path);
- $edit = array('files[' . $input_base_name . ']' => drupal_realpath($test_file->uri));
- if ($ajax) {
- $this->drupalPostAJAX(NULL, $edit, $input_base_name . '_upload_button');
- $this->drupalPostAJAX(NULL, array(), $input_base_name . '_remove_button');
- }
- else {
- $this->drupalPost(NULL, $edit, t('Upload'));
- $this->drupalPost(NULL, array(), t('Remove'));
- }
- $this->drupalPost(NULL, array(), t('Save'));
- $this->assertRaw(t('The file id is %fid.', array('%fid' => 0)), 'Submission after file upload and removal was successful.');
- }
- }
- }
- }
- }
- /**
- * Tests file field widget.
- */
- class FileFieldWidgetTestCase extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'File field widget test',
- 'description' => 'Tests the file field widget, single and multi-valued, with and without AJAX, with public and private files.',
- 'group' => 'File',
- );
- }
- /**
- * Tests upload and remove buttons for a single-valued File field.
- */
- function testSingleValuedWidget() {
- // Use 'page' instead of 'article', so that the 'article' image field does
- // not conflict with this test. If in the future the 'page' type gets its
- // own default file or image field, this test can be made more robust by
- // using a custom node type.
- $type_name = 'page';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name);
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $test_file = $this->getTestFile('text');
- foreach (array('nojs', 'js') as $type) {
- // Create a new node with the uploaded file and ensure it got uploaded
- // successfully.
- // @todo This only tests a 'nojs' submission, because drupalPostAJAX()
- // does not yet support file uploads.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, 'New file saved to disk on node creation.');
- // Test that running field_attach_update() leaves the file intact.
- $field = new stdClass();
- $field->type = $type_name;
- $field->nid = $nid;
- field_attach_update('node', $field);
- $node = node_load($nid);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, 'New file still saved to disk on field update.');
- // Ensure the file can be downloaded.
- $this->drupalGet(file_create_url($node_file->uri));
- $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
- // Ensure the edit page has a remove button instead of an upload button.
- $this->drupalGet("node/$nid/edit");
- $this->assertNoFieldByXPath('//input[@type="submit"]', t('Upload'), 'Node with file does not display the "Upload" button.');
- $this->assertFieldByXpath('//input[@type="submit"]', t('Remove'), 'Node with file displays the "Remove" button.');
- // "Click" the remove button (emulating either a nojs or js submission).
- switch ($type) {
- case 'nojs':
- $this->drupalPost(NULL, array(), t('Remove'));
- break;
- case 'js':
- $button = $this->xpath('//input[@type="submit" and @value="' . t('Remove') . '"]');
- $this->drupalPostAJAX(NULL, array(), array((string) $button[0]['name'] => (string) $button[0]['value']));
- break;
- }
- // Ensure the page now has an upload button instead of a remove button.
- $this->assertNoFieldByXPath('//input[@type="submit"]', t('Remove'), 'After clicking the "Remove" button, it is no longer displayed.');
- $this->assertFieldByXpath('//input[@type="submit"]', t('Upload'), 'After clicking the "Remove" button, the "Upload" button is displayed.');
- // Save the node and ensure it does not have the file.
- $this->drupalPost(NULL, array(), t('Save'));
- $node = node_load($nid, NULL, TRUE);
- $this->assertTrue(empty($node->{$field_name}[LANGUAGE_NONE][0]['fid']), 'File was successfully removed from the node.');
- }
- }
- /**
- * Tests exploiting the temporary file removal of another user using fid.
- */
- function testTemporaryFileRemovalExploit() {
- // Create a victim user.
- $victim_user = $this->drupalCreateUser();
- // Create an attacker user.
- $attacker_user = $this->drupalCreateUser(array(
- 'access content',
- 'create page content',
- 'edit any page content',
- ));
- // Log in as the attacker user.
- $this->drupalLogin($attacker_user);
- // Perform tests using the newly created users.
- $this->doTestTemporaryFileRemovalExploit($victim_user->uid, $attacker_user->uid);
- }
- /**
- * Tests exploiting the temporary file removal for anonymous users using fid.
- */
- public function testTemporaryFileRemovalExploitAnonymous() {
- // Set up an anonymous victim user.
- $victim_uid = 0;
- // Set up an anonymous attacker user.
- $attacker_uid = 0;
- // Set up permissions for anonymous attacker user.
- user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
- 'access content' => TRUE,
- 'create page content' => TRUE,
- 'edit any page content' => TRUE,
- ));
- // In order to simulate being the anonymous attacker user, we need to log
- // out here since setUp() has logged in the admin.
- $this->drupalLogout();
- // Perform tests using the newly set up users.
- $this->doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid);
- }
- /**
- * Tests validation with the Upload button.
- */
- function testWidgetValidation() {
- $type_name = 'article';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name);
- $this->updateFileField($field_name, $type_name, array('file_extensions' => 'txt'));
- foreach (array('nojs', 'js') as $type) {
- // Create node and prepare files for upload.
- $node = $this->drupalCreateNode(array('type' => 'article'));
- $nid = $node->nid;
- $this->drupalGet("node/$nid/edit");
- $test_file_text = $this->getTestFile('text');
- $test_file_image = $this->getTestFile('image');
- $field = field_info_field($field_name);
- $name = 'files[' . $field_name . '_' . LANGUAGE_NONE . '_0]';
- // Upload file with incorrect extension, check for validation error.
- $edit[$name] = drupal_realpath($test_file_image->uri);
- switch ($type) {
- case 'nojs':
- $this->drupalPost(NULL, $edit, t('Upload'));
- break;
- case 'js':
- $button = $this->xpath('//input[@type="submit" and @value="' . t('Upload') . '"]');
- $this->drupalPostAJAX(NULL, $edit, array((string) $button[0]['name'] => (string) $button[0]['value']));
- break;
- }
- $error_message = t('Only files with the following extensions are allowed: %files-allowed.', array('%files-allowed' => 'txt'));
- $this->assertRaw($error_message, t('Validation error when file with wrong extension uploaded (JSMode=%type).', array('%type' => $type)));
- // Upload file with correct extension, check that error message is removed.
- $edit[$name] = drupal_realpath($test_file_text->uri);
- switch ($type) {
- case 'nojs':
- $this->drupalPost(NULL, $edit, t('Upload'));
- break;
- case 'js':
- $button = $this->xpath('//input[@type="submit" and @value="' . t('Upload') . '"]');
- $this->drupalPostAJAX(NULL, $edit, array((string) $button[0]['name'] => (string) $button[0]['value']));
- break;
- }
- $this->assertNoRaw($error_message, t('Validation error removed when file with correct extension uploaded (JSMode=%type).', array('%type' => $type)));
- }
- }
- /**
- * Helper for testing exploiting the temporary file removal using fid.
- *
- * @param int $victim_uid
- * The victim user ID.
- * @param int $attacker_uid
- * The attacker user ID.
- */
- protected function doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid) {
- // Use 'page' instead of 'article', so that the 'article' image field does
- // not conflict with this test. If in the future the 'page' type gets its
- // own default file or image field, this test can be made more robust by
- // using a custom node type.
- $type_name = 'page';
- $field_name = 'test_file_field';
- $this->createFileField($field_name, $type_name);
- $test_file = $this->getTestFile('text');
- foreach (array('nojs', 'js') as $type) {
- // Create a temporary file owned by the anonymous victim user. This will be
- // as if they had uploaded the file, but not saved the node they were
- // editing or creating.
- $victim_tmp_file = $this->createTemporaryFile('some text', $victim_uid);
- $victim_tmp_file = file_load($victim_tmp_file->fid);
- $this->assertTrue($victim_tmp_file->status != FILE_STATUS_PERMANENT, 'New file saved to disk is temporary.');
- $this->assertFalse(empty($victim_tmp_file->fid), 'New file has a fid');
- $this->assertEqual($victim_uid, $victim_tmp_file->uid, 'New file belongs to the victim user');
- // Have attacker create a new node with a different uploaded file and
- // ensure it got uploaded successfully.
- // @todo Can we test AJAX? See https://www.drupal.org/node/2538260
- $edit = array(
- 'title' => $type . '-title',
- );
- // Attach a file to a node.
- $langcode = LANGUAGE_NONE;
- $edit['files[' . $field_name . '_' . $langcode . '_0]'] = drupal_realpath($test_file->uri);
- $this->drupalPost("node/add/$type_name", $edit, 'Save');
- $node = $this->drupalGetNodeByTitle($edit['title']);
- $node_file = file_load($node->{$field_name}[$langcode][0]['fid']);
- $this->assertFileExists($node_file, 'New file saved to disk on node creation.');
- $this->assertEqual($attacker_uid, $node_file->uid, 'New file belongs to the attacker.');
- // Ensure the file can be downloaded.
- $this->drupalGet(file_create_url($node_file->uri));
- $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
- // "Click" the remove button (emulating either a nojs or js submission).
- // In this POST request, the attacker "guesses" the fid of the victim's
- // temporary file and uses that to remove this file.
- $this->drupalGet('node/' . $node->nid . '/edit');
- switch ($type) {
- case 'nojs':
- $this->drupalPost(NULL, array("{$field_name}[$langcode][0][fid]" => (string) $victim_tmp_file->fid), 'Remove');
- break;
- case 'js':
- $button = $this->xpath('//input[@type="submit" and @value="Remove"]');
- $this->drupalPostAJAX(NULL, array("{$field_name}[$langcode][0][fid]" => (string) $victim_tmp_file->fid), array((string) $button[0]['name'] => (string) $button[0]['value']));
- break;
- }
- // The victim's temporary file should not be removed by the attacker's
- // POST request.
- $this->assertFileExists($victim_tmp_file);
- }
- }
- /**
- * Tests upload and remove buttons for multiple multi-valued File fields.
- */
- function testMultiValuedWidget() {
- // Use 'page' instead of 'article', so that the 'article' image field does
- // not conflict with this test. If in the future the 'page' type gets its
- // own default file or image field, this test can be made more robust by
- // using a custom node type.
- $type_name = 'page';
- $field_name = strtolower($this->randomName());
- $field_name2 = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name, array('cardinality' => 3));
- $this->createFileField($field_name2, $type_name, array('cardinality' => 3));
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $field2 = field_info_field($field_name2);
- $instance2 = field_info_instance('node', $field_name2, $type_name);
- $test_file = $this->getTestFile('text');
- foreach (array('nojs', 'js') as $type) {
- // Visit the node creation form, and upload 3 files for each field. Since
- // the field has cardinality of 3, ensure the "Upload" button is displayed
- // until after the 3rd file, and after that, isn't displayed. Because
- // SimpleTest triggers the last button with a given name, so upload to the
- // second field first.
- // @todo This is only testing a non-Ajax upload, because drupalPostAJAX()
- // does not yet emulate jQuery's file upload.
- //
- $this->drupalGet("node/add/$type_name");
- foreach (array($field_name2, $field_name) as $each_field_name) {
- for ($delta = 0; $delta < 3; $delta++) {
- $edit = array('files[' . $each_field_name . '_' . LANGUAGE_NONE . '_' . $delta . ']' => drupal_realpath($test_file->uri));
- // If the Upload button doesn't exist, drupalPost() will automatically
- // fail with an assertion message.
- $this->drupalPost(NULL, $edit, t('Upload'));
- }
- }
- $this->assertNoFieldByXpath('//input[@type="submit"]', t('Upload'), 'After uploading 3 files for each field, the "Upload" button is no longer displayed.');
- $num_expected_remove_buttons = 6;
- foreach (array($field_name, $field_name2) as $current_field_name) {
- // How many uploaded files for the current field are remaining.
- $remaining = 3;
- // Test clicking each "Remove" button. For extra robustness, test them out
- // of sequential order. They are 0-indexed, and get renumbered after each
- // iteration, so array(1, 1, 0) means:
- // - First remove the 2nd file.
- // - Then remove what is then the 2nd file (was originally the 3rd file).
- // - Then remove the first file.
- foreach (array(1,1,0) as $delta) {
- // Ensure we have the expected number of Remove buttons, and that they
- // are numbered sequentially.
- $buttons = $this->xpath('//input[@type="submit" and @value="Remove"]');
- $this->assertTrue(is_array($buttons) && count($buttons) === $num_expected_remove_buttons, format_string('There are %n "Remove" buttons displayed (JSMode=%type).', array('%n' => $num_expected_remove_buttons, '%type' => $type)));
- foreach ($buttons as $i => $button) {
- $key = $i >= $remaining ? $i - $remaining : $i;
- $check_field_name = $field_name2;
- if ($current_field_name == $field_name && $i < $remaining) {
- $check_field_name = $field_name;
- }
- $this->assertIdentical((string) $button['name'], $check_field_name . '_' . LANGUAGE_NONE . '_' . $key. '_remove_button');
- }
- // "Click" the remove button (emulating either a nojs or js submission).
- $button_name = $current_field_name . '_' . LANGUAGE_NONE . '_' . $delta . '_remove_button';
- switch ($type) {
- case 'nojs':
- // drupalPost() takes a $submit parameter that is the value of the
- // button whose click we want to emulate. Since we have multiple
- // buttons with the value "Remove", and want to control which one we
- // use, we change the value of the other ones to something else.
- // Since non-clicked buttons aren't included in the submitted POST
- // data, and since drupalPost() will result in $this being updated
- // with a newly rebuilt form, this doesn't cause problems.
- foreach ($buttons as $button) {
- if ($button['name'] != $button_name) {
- $button['value'] = 'DUMMY';
- }
- }
- $this->drupalPost(NULL, array(), t('Remove'));
- break;
- case 'js':
- // drupalPostAJAX() lets us target the button precisely, so we don't
- // require the workaround used above for nojs.
- $this->drupalPostAJAX(NULL, array(), array($button_name => t('Remove')));
- break;
- }
- $num_expected_remove_buttons--;
- $remaining--;
- // Ensure an "Upload" button for the current field is displayed with the
- // correct name.
- $upload_button_name = $current_field_name . '_' . LANGUAGE_NONE . '_' . $remaining . '_upload_button';
- $buttons = $this->xpath('//input[@type="submit" and @value="Upload" and @name=:name]', array(':name' => $upload_button_name));
- $this->assertTrue(is_array($buttons) && count($buttons) == 1, format_string('The upload button is displayed with the correct name (JSMode=%type).', array('%type' => $type)));
- // Ensure only at most one button per field is displayed.
- $buttons = $this->xpath('//input[@type="submit" and @value="Upload"]');
- $expected = $current_field_name == $field_name ? 1 : 2;
- $this->assertTrue(is_array($buttons) && count($buttons) == $expected, format_string('After removing a file, only one "Upload" button for each possible field is displayed (JSMode=%type).', array('%type' => $type)));
- }
- }
- // Ensure the page now has no Remove buttons.
- $this->assertNoFieldByXPath('//input[@type="submit"]', t('Remove'), format_string('After removing all files, there is no "Remove" button displayed (JSMode=%type).', array('%type' => $type)));
- // Save the node and ensure it does not have any files.
- $this->drupalPost(NULL, array('title' => $this->randomName()), t('Save'));
- $matches = array();
- preg_match('/node\/([0-9]+)/', $this->getUrl(), $matches);
- $nid = $matches[1];
- $node = node_load($nid, NULL, TRUE);
- $this->assertTrue(empty($node->{$field_name}[LANGUAGE_NONE][0]['fid']), 'Node was successfully saved without any files.');
- }
- }
- /**
- * Tests a file field with a "Private files" upload destination setting.
- */
- function testPrivateFileSetting() {
- // Use 'page' instead of 'article', so that the 'article' image field does
- // not conflict with this test. If in the future the 'page' type gets its
- // own default file or image field, this test can be made more robust by
- // using a custom node type.
- $type_name = 'page';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name);
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $test_file = $this->getTestFile('text');
- // Change the field setting to make its files private, and upload a file.
- $edit = array('field[settings][uri_scheme]' => 'private');
- $this->drupalPost("admin/structure/types/manage/$type_name/fields/$field_name", $edit, t('Save settings'));
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, 'New file saved to disk on node creation.');
- // Ensure the private file is available to the user who uploaded it.
- $this->drupalGet(file_create_url($node_file->uri));
- $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
- // Ensure we can't change 'uri_scheme' field settings while there are some
- // entities with uploaded files.
- $this->drupalGet("admin/structure/types/manage/$type_name/fields/$field_name");
- $this->assertFieldByXpath('//input[@id="edit-field-settings-uri-scheme-public" and @disabled="disabled"]', 'public', 'Upload destination setting disabled.');
- // Delete node and confirm that setting could be changed.
- node_delete($nid);
- $this->drupalGet("admin/structure/types/manage/$type_name/fields/$field_name");
- $this->assertFieldByXpath('//input[@id="edit-field-settings-uri-scheme-public" and not(@disabled)]', 'public', 'Upload destination setting enabled.');
- }
- /**
- * Tests that download restrictions on private files work on comments.
- */
- function testPrivateFileComment() {
- $user = $this->drupalCreateUser(array('access comments'));
- // Remove access comments permission from anon user.
- $edit = array(
- DRUPAL_ANONYMOUS_RID . '[access comments]' => FALSE,
- );
- $this->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
- // Create a new field.
- $edit = array(
- 'fields[_add_new_field][label]' => $label = $this->randomName(),
- 'fields[_add_new_field][field_name]' => $name = strtolower($this->randomName()),
- 'fields[_add_new_field][type]' => 'file',
- 'fields[_add_new_field][widget_type]' => 'file_generic',
- );
- $this->drupalPost('admin/structure/types/manage/article/comment/fields', $edit, t('Save'));
- $edit = array('field[settings][uri_scheme]' => 'private');
- $this->drupalPost(NULL, $edit, t('Save field settings'));
- $this->drupalPost(NULL, array(), t('Save settings'));
- // Create node.
- $text_file = $this->getTestFile('text');
- $edit = array(
- 'title' => $this->randomName(),
- );
- $this->drupalPost('node/add/article', $edit, t('Save'));
- $node = $this->drupalGetNodeByTitle($edit['title']);
- // Add a comment with a file.
- $text_file = $this->getTestFile('text');
- $edit = array(
- 'files[field_' . $name . '_' . LANGUAGE_NONE . '_' . 0 . ']' => drupal_realpath($text_file->uri),
- 'comment_body[' . LANGUAGE_NONE . '][0][value]' => $comment_body = $this->randomName(),
- );
- $this->drupalPost(NULL, $edit, t('Save'));
- // Get the comment ID.
- preg_match('/comment-([0-9]+)/', $this->getUrl(), $matches);
- $cid = $matches[1];
- // Log in as normal user.
- $this->drupalLogin($user);
- $comment = comment_load($cid);
- $comment_file = (object) $comment->{'field_' . $name}[LANGUAGE_NONE][0];
- $this->assertFileExists($comment_file, 'New file saved to disk on node creation.');
- // Test authenticated file download.
- $url = file_create_url($comment_file->uri);
- $this->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
- $this->drupalGet(file_create_url($comment_file->uri));
- $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
- // Test anonymous file download.
- $this->drupalLogout();
- $this->drupalGet(file_create_url($comment_file->uri));
- $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
- // Unpublishes node.
- $this->drupalLogin($this->admin_user);
- $edit = array(
- 'status' => FALSE,
- );
- $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
- // Ensures normal user can no longer download the file.
- $this->drupalLogin($user);
- $this->drupalGet(file_create_url($comment_file->uri));
- $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
- }
- }
- /**
- * Tests file handling with node revisions.
- */
- class FileFieldRevisionTestCase extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'File field revision test',
- 'description' => 'Test creating and deleting revisions with files attached.',
- 'group' => 'File',
- );
- }
- /**
- * Tests creating multiple revisions of a node and managing attached files.
- *
- * Expected behaviors:
- * - Adding a new revision will make another entry in the field table, but
- * the original file will not be duplicated.
- * - Deleting a revision should not delete the original file if the file
- * is in use by another revision.
- * - When the last revision that uses a file is deleted, the original file
- * should be deleted also.
- */
- function testRevisions() {
- $type_name = 'article';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name);
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- // Attach the same fields to users.
- $this->attachFileField($field_name, 'user', 'user');
- $test_file = $this->getTestFile('text');
- // Create a new node with the uploaded file.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- // Check that the file exists on disk and in the database.
- $node = node_load($nid, NULL, TRUE);
- $node_file_r1 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $node_vid_r1 = $node->vid;
- $this->assertFileExists($node_file_r1, 'New file saved to disk on node creation.');
- $this->assertFileEntryExists($node_file_r1, 'File entry exists in database on node creation.');
- $this->assertFileIsPermanent($node_file_r1, 'File is permanent.');
- // Upload another file to the same node in a new revision.
- $this->replaceNodeFile($test_file, $field_name, $nid);
- $node = node_load($nid, NULL, TRUE);
- $node_file_r2 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $node_vid_r2 = $node->vid;
- $this->assertFileExists($node_file_r2, 'Replacement file exists on disk after creating new revision.');
- $this->assertFileEntryExists($node_file_r2, 'Replacement file entry exists in database after creating new revision.');
- $this->assertFileIsPermanent($node_file_r2, 'Replacement file is permanent.');
- // Check that the original file is still in place on the first revision.
- $node = node_load($nid, $node_vid_r1, TRUE);
- $this->assertEqual($node_file_r1, (object) $node->{$field_name}[LANGUAGE_NONE][0], 'Original file still in place after replacing file in new revision.');
- $this->assertFileExists($node_file_r1, 'Original file still in place after replacing file in new revision.');
- $this->assertFileEntryExists($node_file_r1, 'Original file entry still in place after replacing file in new revision');
- $this->assertFileIsPermanent($node_file_r1, 'Original file is still permanent.');
- // Save a new version of the node without any changes.
- // Check that the file is still the same as the previous revision.
- $this->drupalPost('node/' . $nid . '/edit', array('revision' => '1'), t('Save'));
- $node = node_load($nid, NULL, TRUE);
- $node_file_r3 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $node_vid_r3 = $node->vid;
- $this->assertEqual($node_file_r2, $node_file_r3, 'Previous revision file still in place after creating a new revision without a new file.');
- $this->assertFileIsPermanent($node_file_r3, 'New revision file is permanent.');
- // Revert to the first revision and check that the original file is active.
- $this->drupalPost('node/' . $nid . '/revisions/' . $node_vid_r1 . '/revert', array(), t('Revert'));
- $node = node_load($nid, NULL, TRUE);
- $node_file_r4 = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $node_vid_r4 = $node->vid;
- $this->assertEqual($node_file_r1, $node_file_r4, 'Original revision file still in place after reverting to the original revision.');
- $this->assertFileIsPermanent($node_file_r4, 'Original revision file still permanent after reverting to the original revision.');
- // Delete the second revision and check that the file is kept (since it is
- // still being used by the third revision).
- $this->drupalPost('node/' . $nid . '/revisions/' . $node_vid_r2 . '/delete', array(), t('Delete'));
- $this->assertFileExists($node_file_r3, 'Second file is still available after deleting second revision, since it is being used by the third revision.');
- $this->assertFileEntryExists($node_file_r3, 'Second file entry is still available after deleting second revision, since it is being used by the third revision.');
- $this->assertFileIsPermanent($node_file_r3, 'Second file entry is still permanent after deleting second revision, since it is being used by the third revision.');
- // Attach the second file to a user.
- $user = $this->drupalCreateUser();
- $edit = (array) $user;
- $edit[$field_name][LANGUAGE_NONE][0] = (array) $node_file_r3;
- user_save($user, $edit);
- $this->drupalGet('user/' . $user->uid . '/edit');
- // Delete the third revision and check that the file is not deleted yet.
- $this->drupalPost('node/' . $nid . '/revisions/' . $node_vid_r3 . '/delete', array(), t('Delete'));
- $this->assertFileExists($node_file_r3, 'Second file is still available after deleting third revision, since it is being used by the user.');
- $this->assertFileEntryExists($node_file_r3, 'Second file entry is still available after deleting third revision, since it is being used by the user.');
- $this->assertFileIsPermanent($node_file_r3, 'Second file entry is still permanent after deleting third revision, since it is being used by the user.');
- // Delete the user and check that the file is also deleted.
- user_delete($user->uid);
- // TODO: This seems like a bug in File API. Clearing the stat cache should
- // not be necessary here. The file really is deleted, but stream wrappers
- // doesn't seem to think so unless we clear the PHP file stat() cache.
- clearstatcache();
- $this->assertFileNotExists($node_file_r3, 'Second file is now deleted after deleting third revision, since it is no longer being used by any other nodes.');
- $this->assertFileEntryNotExists($node_file_r3, 'Second file entry is now deleted after deleting third revision, since it is no longer being used by any other nodes.');
- // Delete the entire node and check that the original file is deleted.
- $this->drupalPost('node/' . $nid . '/delete', array(), t('Delete'));
- $this->assertFileNotExists($node_file_r1, 'Original file is deleted after deleting the entire node with two revisions remaining.');
- $this->assertFileEntryNotExists($node_file_r1, 'Original file entry is deleted after deleting the entire node with two revisions remaining.');
- }
- }
- /**
- * Tests that formatters are working properly.
- */
- class FileFieldDisplayTestCase extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'File field display tests',
- 'description' => 'Test the display of file fields in node and views.',
- 'group' => 'File',
- );
- }
- /**
- * Tests normal formatter display on node display.
- */
- function testNodeDisplay() {
- $field_name = strtolower($this->randomName());
- $type_name = 'article';
- $field_settings = array(
- 'display_field' => '1',
- 'display_default' => '1',
- 'cardinality' => FIELD_CARDINALITY_UNLIMITED,
- );
- $instance_settings = array(
- 'description_field' => '1',
- );
- $widget_settings = array();
- $this->createFileField($field_name, $type_name, $field_settings, $instance_settings, $widget_settings);
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- // Create a new node *without* the file field set, and check that the field
- // is not shown for each node display.
- $node = $this->drupalCreateNode(array('type' => $type_name));
- $file_formatters = array('file_default', 'file_table', 'file_url_plain', 'hidden');
- foreach ($file_formatters as $formatter) {
- $edit = array(
- "fields[$field_name][type]" => $formatter,
- );
- $this->drupalPost("admin/structure/types/manage/$type_name/display", $edit, t('Save'));
- $this->drupalGet('node/' . $node->nid);
- $this->assertNoText($field_name, format_string('Field label is hidden when no file attached for formatter %formatter', array('%formatter' => $formatter)));
- }
- $test_file = $this->getTestFile('text');
- // Create a new node with the uploaded file.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $this->drupalGet('node/' . $nid . '/edit');
- // Check that the default formatter is displaying with the file name.
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $default_output = theme('file_link', array('file' => $node_file));
- $this->assertRaw($default_output, 'Default formatter displaying correctly on full node view.');
- // Turn the "display" option off and check that the file is no longer displayed.
- $edit = array($field_name . '[' . LANGUAGE_NONE . '][0][display]' => FALSE);
- $this->drupalPost('node/' . $nid . '/edit', $edit, t('Save'));
- $this->assertNoRaw($default_output, 'Field is hidden when "display" option is unchecked.');
- // Test that fields appear as expected during the preview.
- // Add a second file.
- $name = 'files[' . $field_name . '_' . LANGUAGE_NONE . '_1]';
- $edit[$name] = drupal_realpath($test_file->uri);
- // Uncheck the display checkboxes and go to the preview.
- $edit[$field_name . '[' . LANGUAGE_NONE . '][0][display]'] = FALSE;
- $edit[$field_name . '[' . LANGUAGE_NONE . '][1][display]'] = FALSE;
- $this->drupalPost('node/' . $nid . '/edit', $edit, t('Preview'));
- $this->assertRaw($field_name . '[' . LANGUAGE_NONE . '][0][display]', 'First file appears as expected.');
- $this->assertRaw($field_name . '[' . LANGUAGE_NONE . '][1][display]', 'Second file appears as expected.');
- }
- /**
- * Tests default display of File Field.
- */
- function testDefaultFileFieldDisplay() {
- $field_name = strtolower($this->randomName());
- $type_name = 'article';
- $field_settings = array(
- 'display_field' => '1',
- 'display_default' => '0',
- );
- $instance_settings = array(
- 'description_field' => '1',
- );
- $widget_settings = array();
- $this->createFileField($field_name, $type_name, $field_settings, $instance_settings, $widget_settings);
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $test_file = $this->getTestFile('text');
- // Create a new node with the uploaded file.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $this->drupalGet('node/' . $nid . '/edit');
- $this->assertFieldByXPath('//input[@type="checkbox" and @name="' . $field_name . '[und][0][display]"]', NULL, 'Default file display checkbox field exists.');
- $this->assertFieldByXPath('//input[@type="checkbox" and @name="' . $field_name . '[und][0][display]" and not(@checked)]', NULL, 'Default file display is off.');
- }
- }
- /**
- * Tests various validations.
- */
- class FileFieldValidateTestCase extends FileFieldTestCase {
- protected $field;
- protected $node_type;
- public static function getInfo() {
- return array(
- 'name' => 'File field validation tests',
- 'description' => 'Tests validation functions such as file type, max file size, max size per node, and required.',
- 'group' => 'File',
- );
- }
- /**
- * Tests the required property on file fields.
- */
- function testRequired() {
- $type_name = 'article';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name, array(), array('required' => '1'));
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $test_file = $this->getTestFile('text');
- // Try to post a new node without uploading a file.
- $langcode = LANGUAGE_NONE;
- $edit = array("title" => $this->randomName());
- $this->drupalPost('node/add/' . $type_name, $edit, t('Save'));
- $this->assertRaw(t('!title field is required.', array('!title' => $instance['label'])), 'Node save failed when required file field was empty.');
- // Create a new node with the uploaded file.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $this->assertTrue($nid !== FALSE, format_string('uploadNodeFile(@test_file, @field_name, @type_name) succeeded', array('@test_file' => $test_file->uri, '@field_name' => $field_name, '@type_name' => $type_name)));
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, 'File exists after uploading to the required field.');
- $this->assertFileEntryExists($node_file, 'File entry exists after uploading to the required field.');
- // Try again with a multiple value field.
- field_delete_field($field_name);
- $this->createFileField($field_name, $type_name, array('cardinality' => FIELD_CARDINALITY_UNLIMITED), array('required' => '1'));
- // Try to post a new node without uploading a file in the multivalue field.
- $edit = array('title' => $this->randomName());
- $this->drupalPost('node/add/' . $type_name, $edit, t('Save'));
- $this->assertRaw(t('!title field is required.', array('!title' => $instance['label'])), 'Node save failed when required multiple value file field was empty.');
- // Create a new node with the uploaded file into the multivalue field.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, 'File exists after uploading to the required multiple value field.');
- $this->assertFileEntryExists($node_file, 'File entry exists after uploading to the required multipel value field.');
- // Remove our file field.
- field_delete_field($field_name);
- }
- /**
- * Tests the max file size validator.
- */
- function testFileMaxSize() {
- $type_name = 'article';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name, array(), array('required' => '1'));
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $small_file = $this->getTestFile('text', 131072); // 128KB.
- $large_file = $this->getTestFile('text', 1310720); // 1.2MB
- // Test uploading both a large and small file with different increments.
- $sizes = array(
- '1M' => 1048576,
- '1024K' => 1048576,
- '1048576' => 1048576,
- );
- foreach ($sizes as $max_filesize => $file_limit) {
- // Set the max file upload size.
- $this->updateFileField($field_name, $type_name, array('max_filesize' => $max_filesize));
- $instance = field_info_instance('node', $field_name, $type_name);
- // Create a new node with the small file, which should pass.
- $nid = $this->uploadNodeFile($small_file, $field_name, $type_name);
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, format_string('File exists after uploading a file (%filesize) under the max limit (%maxsize).', array('%filesize' => format_size($small_file->filesize), '%maxsize' => $max_filesize)));
- $this->assertFileEntryExists($node_file, format_string('File entry exists after uploading a file (%filesize) under the max limit (%maxsize).', array('%filesize' => format_size($small_file->filesize), '%maxsize' => $max_filesize)));
- // Check that uploading the large file fails (1M limit).
- $nid = $this->uploadNodeFile($large_file, $field_name, $type_name);
- $error_message = t('The file is %filesize exceeding the maximum file size of %maxsize.', array('%filesize' => format_size($large_file->filesize), '%maxsize' => format_size($file_limit)));
- $this->assertRaw($error_message, format_string('Node save failed when file (%filesize) exceeded the max upload size (%maxsize).', array('%filesize' => format_size($large_file->filesize), '%maxsize' => $max_filesize)));
- }
- // Turn off the max filesize.
- $this->updateFileField($field_name, $type_name, array('max_filesize' => ''));
- // Upload the big file successfully.
- $nid = $this->uploadNodeFile($large_file, $field_name, $type_name);
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, format_string('File exists after uploading a file (%filesize) with no max limit.', array('%filesize' => format_size($large_file->filesize))));
- $this->assertFileEntryExists($node_file, format_string('File entry exists after uploading a file (%filesize) with no max limit.', array('%filesize' => format_size($large_file->filesize))));
- // Remove our file field.
- field_delete_field($field_name);
- }
- /**
- * Tests file extension checking.
- */
- function testFileExtension() {
- $type_name = 'article';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name);
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $test_file = $this->getTestFile('image');
- list(, $test_file_extension) = explode('.', $test_file->filename);
- // Disable extension checking.
- $this->updateFileField($field_name, $type_name, array('file_extensions' => ''));
- // Check that the file can be uploaded with no extension checking.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, 'File exists after uploading a file with no extension checking.');
- $this->assertFileEntryExists($node_file, 'File entry exists after uploading a file with no extension checking.');
- // Enable extension checking for text files.
- $this->updateFileField($field_name, $type_name, array('file_extensions' => 'txt'));
- // Check that the file with the wrong extension cannot be uploaded.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $error_message = t('Only files with the following extensions are allowed: %files-allowed.', array('%files-allowed' => 'txt'));
- $this->assertRaw($error_message, 'Node save failed when file uploaded with the wrong extension.');
- // Enable extension checking for text and image files.
- $this->updateFileField($field_name, $type_name, array('file_extensions' => "txt $test_file_extension"));
- // Check that the file can be uploaded with extension checking.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertFileExists($node_file, 'File exists after uploading a file with extension checking.');
- $this->assertFileEntryExists($node_file, 'File entry exists after uploading a file with extension checking.');
- // Remove our file field.
- field_delete_field($field_name);
- }
- }
- /**
- * Tests that files are uploaded to proper locations.
- */
- class FileFieldPathTestCase extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'File field file path tests',
- 'description' => 'Test that files are uploaded to the proper location with token support.',
- 'group' => 'File',
- );
- }
- /**
- * Tests the normal formatter display on node display.
- */
- function testUploadPath() {
- $field_name = strtolower($this->randomName());
- $type_name = 'article';
- $field = $this->createFileField($field_name, $type_name);
- $test_file = $this->getTestFile('text');
- // Create a new node.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- // Check that the file was uploaded to the file root.
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertPathMatch('public://' . $test_file->filename, $node_file->uri, format_string('The file %file was uploaded to the correct path.', array('%file' => $node_file->uri)));
- // Change the path to contain multiple subdirectories.
- $field = $this->updateFileField($field_name, $type_name, array('file_directory' => 'foo/bar/baz'));
- // Upload a new file into the subdirectories.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- // Check that the file was uploaded into the subdirectory.
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- $this->assertPathMatch('public://foo/bar/baz/' . $test_file->filename, $node_file->uri, format_string('The file %file was uploaded to the correct path.', array('%file' => $node_file->uri)));
- // Check the path when used with tokens.
- // Change the path to contain multiple token directories.
- $field = $this->updateFileField($field_name, $type_name, array('file_directory' => '[current-user:uid]/[current-user:name]'));
- // Upload a new file into the token subdirectories.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- // Check that the file was uploaded into the subdirectory.
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- // Do token replacement using the same user which uploaded the file, not
- // the user running the test case.
- $data = array('user' => $this->admin_user);
- $subdirectory = token_replace('[user:uid]/[user:name]', $data);
- $this->assertPathMatch('public://' . $subdirectory . '/' . $test_file->filename, $node_file->uri, format_string('The file %file was uploaded to the correct path with token replacements.', array('%file' => $node_file->uri)));
- }
- /**
- * Asserts that a file is uploaded to the right location.
- *
- * @param $expected_path
- * The location where the file is expected to be uploaded. Duplicate file
- * names to not need to be taken into account.
- * @param $actual_path
- * Where the file was actually uploaded.
- * @param $message
- * The message to display with this assertion.
- */
- function assertPathMatch($expected_path, $actual_path, $message) {
- // Strip off the extension of the expected path to allow for _0, _1, etc.
- // suffixes when the file hits a duplicate name.
- $pos = strrpos($expected_path, '.');
- $base_path = substr($expected_path, 0, $pos);
- $extension = substr($expected_path, $pos + 1);
- $result = preg_match('/' . preg_quote($base_path, '/') . '(_[0-9]+)?\.' . preg_quote($extension, '/') . '/', $actual_path);
- $this->assertTrue($result, $message);
- }
- }
- /**
- * Tests the file token replacement in strings.
- */
- class FileTokenReplaceTestCase extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'File token replacement',
- 'description' => 'Generates text using placeholders for dummy content to check file token replacement.',
- 'group' => 'File',
- );
- }
- /**
- * Creates a file, then tests the tokens generated from it.
- */
- function testFileTokenReplacement() {
- global $language;
- $url_options = array(
- 'absolute' => TRUE,
- 'language' => $language,
- );
- // Create file field.
- $type_name = 'article';
- $field_name = 'field_' . strtolower($this->randomName());
- $this->createFileField($field_name, $type_name);
- $field = field_info_field($field_name);
- $instance = field_info_instance('node', $field_name, $type_name);
- $test_file = $this->getTestFile('text');
- // Coping a file to test uploads with non-latin filenames.
- $filename = drupal_dirname($test_file->uri) . '/текстовый файл.txt';
- $test_file = file_copy($test_file, $filename);
- // Create a new node with the uploaded file.
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
- // Load the node and the file.
- $node = node_load($nid, NULL, TRUE);
- $file = file_load($node->{$field_name}[LANGUAGE_NONE][0]['fid']);
- // Generate and test sanitized tokens.
- $tests = array();
- $tests['[file:fid]'] = $file->fid;
- $tests['[file:name]'] = check_plain($file->filename);
- $tests['[file:path]'] = check_plain($file->uri);
- $tests['[file:mime]'] = check_plain($file->filemime);
- $tests['[file:size]'] = format_size($file->filesize);
- $tests['[file:url]'] = check_plain(file_create_url($file->uri));
- $tests['[file:timestamp]'] = format_date($file->timestamp, 'medium', '', NULL, $language->language);
- $tests['[file:timestamp:short]'] = format_date($file->timestamp, 'short', '', NULL, $language->language);
- $tests['[file:owner]'] = check_plain(format_username($this->admin_user));
- $tests['[file:owner:uid]'] = $file->uid;
- // Test to make sure that we generated something for each token.
- $this->assertFalse(in_array(0, array_map('strlen', $tests)), 'No empty tokens generated.');
- foreach ($tests as $input => $expected) {
- $output = token_replace($input, array('file' => $file), array('language' => $language));
- $this->assertEqual($output, $expected, format_string('Sanitized file token %token replaced.', array('%token' => $input)));
- }
- // Generate and test unsanitized tokens.
- $tests['[file:name]'] = $file->filename;
- $tests['[file:path]'] = $file->uri;
- $tests['[file:mime]'] = $file->filemime;
- $tests['[file:size]'] = format_size($file->filesize);
- foreach ($tests as $input => $expected) {
- $output = token_replace($input, array('file' => $file), array('language' => $language, 'sanitize' => FALSE));
- $this->assertEqual($output, $expected, format_string('Unsanitized file token %token replaced.', array('%token' => $input)));
- }
- }
- }
- /**
- * Tests file access on private nodes.
- */
- class FilePrivateTestCase extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'Private file test',
- 'description' => 'Uploads a test to a private node and checks access.',
- 'group' => 'File',
- );
- }
- function setUp() {
- parent::setUp(array('node_access_test', 'field_test'));
- node_access_rebuild();
- variable_set('node_access_test_private', TRUE);
- }
- /**
- * Tests file access for file uploaded to a private node.
- */
- function testPrivateFile() {
- // Use 'page' instead of 'article', so that the 'article' image field does
- // not conflict with this test. If in the future the 'page' type gets its
- // own default file or image field, this test can be made more robust by
- // using a custom node type.
- $type_name = 'page';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name, array('uri_scheme' => 'private'));
- // Create a field with no view access - see field_test_field_access().
- $no_access_field_name = 'field_no_view_access';
- $this->createFileField($no_access_field_name, $type_name, array('uri_scheme' => 'private'));
- $test_file = $this->getTestFile('text');
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => TRUE));
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
- // Ensure the file can be downloaded.
- $this->drupalGet(file_create_url($node_file->uri));
- $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
- $this->drupalLogOut();
- $this->drupalGet(file_create_url($node_file->uri));
- $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
- // Test with the field that should deny access through field access.
- $this->drupalLogin($this->admin_user);
- $nid = $this->uploadNodeFile($test_file, $no_access_field_name, $type_name, TRUE, array('private' => TRUE));
- $node = node_load($nid, NULL, TRUE);
- $node_file = (object) $node->{$no_access_field_name}[LANGUAGE_NONE][0];
- // Ensure the file cannot be downloaded.
- $this->drupalGet(file_create_url($node_file->uri));
- $this->assertResponse(403, 'Confirmed that access is denied for the file without view field access permission.');
- // Attempt to reuse the existing file when creating a new node, and confirm
- // that access is still denied.
- $edit = array();
- $edit['title'] = $this->randomName(8);
- $edit[$field_name . '[' . LANGUAGE_NONE . '][0][fid]'] = $node_file->fid;
- $this->drupalPost('node/add/page', $edit, t('Save'));
- $new_node = $this->drupalGetNodeByTitle($edit['title']);
- $this->assertTrue(!empty($new_node), 'Node was created.');
- $this->assertUrl('node/' . $new_node->nid);
- $this->assertNoRaw($node_file->filename, 'File without view field access permission does not appear after attempting to attach it to a new node.');
- $this->drupalGet(file_create_url($node_file->uri));
- $this->assertResponse(403, 'Confirmed that access is denied for the file without view field access permission after attempting to attach it to a new node.');
- // As an anonymous user, create a temporary file with no references and
- // confirm that only the session that uploaded it may view it.
- $this->drupalLogout();
- user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array(
- "create $type_name content",
- 'access content',
- ));
- $test_file = $this->getTestFile('text');
- $this->drupalGet('node/add/' . $type_name);
- $edit = array('files[' . $field_name . '_' . LANGUAGE_NONE . '_0]' => drupal_realpath($test_file->uri));
- $this->drupalPost(NULL, $edit, t('Upload'));
- $files = file_load_multiple(array(), array('uid' => 0));
- $this->assertEqual(1, count($files), 'Loaded one anonymous file.');
- $file = end($files);
- $this->assertNotEqual($file->status, FILE_STATUS_PERMANENT, 'File is temporary.');
- $usage = file_usage_list($file);
- $this->assertFalse($usage, 'No file usage found.');
- $file_url = file_create_url($file->uri);
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Confirmed that the anonymous uploader has access to the temporary file.');
- // Close the prior connection and remove the session cookie.
- $this->curlClose();
- $this->cookies = array();
- $this->drupalGet($file_url);
- $this->assertResponse(403, 'Confirmed that another anonymous user cannot access the temporary file.');
- // As an anonymous user, create a permanent file that is referenced by a
- // published node and confirm that all anonymous users may view it.
- $test_file = $this->getTestFile('text');
- $this->drupalGet('node/add/' . $type_name);
- $edit = array();
- $edit['title'] = $this->randomName();
- $edit['files[' . $field_name . '_' . LANGUAGE_NONE . '_0]'] = drupal_realpath($test_file->uri);
- $this->drupalPost(NULL, $edit, t('Save'));
- $new_node = $this->drupalGetNodeByTitle($edit['title']);
- $file = file_load($new_node->{$field_name}[LANGUAGE_NONE][0]['fid']);
- $this->assertEqual($file->status, FILE_STATUS_PERMANENT, 'File is permanent.');
- $usage = file_usage_list($file);
- $this->assertTrue($usage, 'File usage found.');
- $file_url = file_create_url($file->uri);
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Confirmed that the anonymous uploader has access to the permanent file that is referenced by a published node.');
- // Close the prior connection and remove the session cookie.
- $this->curlClose();
- $this->cookies = array();
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Confirmed that another anonymous user also has access to the permanent file that is referenced by a published node.');
- // As an anonymous user, create a permanent file that is referenced by an
- // unpublished node and confirm that no anonymous users may view it (even
- // the session that uploaded the file) because they cannot view the
- // unpublished node.
- $test_file = $this->getTestFile('text');
- $this->drupalGet('node/add/' . $type_name);
- $edit = array();
- $edit['title'] = $this->randomName();
- $edit['files[' . $field_name . '_' . LANGUAGE_NONE . '_0]'] = drupal_realpath($test_file->uri);
- $this->drupalPost(NULL, $edit, t('Save'));
- $new_node = $this->drupalGetNodeByTitle($edit['title']);
- $new_node->status = NODE_NOT_PUBLISHED;
- node_save($new_node);
- $file = file_load($new_node->{$field_name}[LANGUAGE_NONE][0]['fid']);
- $this->assertEqual($file->status, FILE_STATUS_PERMANENT, 'File is permanent.');
- $usage = file_usage_list($file);
- $this->assertTrue($usage, 'File usage found.');
- $file_url = file_create_url($file->uri);
- $this->drupalGet($file_url);
- $this->assertResponse(403, 'Confirmed that the anonymous uploader cannot access the permanent file when it is referenced by an unpublished node.');
- // Close the prior connection and remove the session cookie.
- $this->curlClose();
- $this->cookies = array();
- $this->drupalGet($file_url);
- $this->assertResponse(403, 'Confirmed that another anonymous user cannot access the permanent file when it is referenced by an unpublished node.');
- }
- /**
- * Tests file access for private nodes when file download access is granted.
- */
- function testPrivateFileDownloadAccessGranted() {
- // Tell file_module_test to attempt to grant access to all private files,
- // and ensure that it is doing so correctly.
- $test_file = $this->getTestFile('text');
- $uri = file_unmanaged_move($test_file->uri, 'private://');
- $file_url = file_create_url($uri);
- $this->drupalGet($file_url);
- $this->assertResponse(403, 'Access is not granted to an arbitrary private file by default.');
- variable_set('file_module_test_grant_download_access', TRUE);
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Access is granted to an arbitrary private file after a module grants access to all private files in hook_file_download().');
- // Create a public node with a file attached.
- $type_name = 'page';
- $field_name = strtolower($this->randomName());
- $this->createFileField($field_name, $type_name, array('uri_scheme' => 'private'));
- $test_file = $this->getTestFile('text');
- $nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => FALSE));
- $node = node_load($nid, NULL, TRUE);
- $file_url = file_create_url($node->{$field_name}[LANGUAGE_NONE][0]['uri']);
- // Unpublish the node and ensure that only administrators (not anonymous
- // users) can access the node and download the file; the expectation is
- // that the File module's hook_file_download() implementation will deny
- // access and thereby override the file_module_test module's access grant.
- $node->status = NODE_NOT_PUBLISHED;
- node_save($node);
- $this->drupalLogin($this->admin_user);
- $this->drupalGet("node/$nid");
- $this->assertResponse(200, 'Administrator can access the unpublished node.');
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Administrator can download the file attached to the unpublished node.');
- $this->drupalLogOut();
- $this->drupalGet("node/$nid");
- $this->assertResponse(403, 'Anonymous user cannot access the unpublished node.');
- $this->drupalGet($file_url);
- $this->assertResponse(403, 'Anonymous user cannot download the file attached to the unpublished node.');
- // Re-publish the node and ensure that the node and file can be accessed by
- // everyone.
- $node->status = NODE_PUBLISHED;
- node_save($node);
- $this->drupalLogin($this->admin_user);
- $this->drupalGet("node/$nid");
- $this->assertResponse(200, 'Administrator can access the published node.');
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Administrator can download the file attached to the published node.');
- $this->drupalLogOut();
- $this->drupalGet("node/$nid");
- $this->assertResponse(200, 'Anonymous user can access the published node.');
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Anonymous user can download the file attached to the published node.');
- // Make the node private via the node access system and test that only
- // administrators (not anonymous users) can access the node and download
- // the file.
- $node->private = TRUE;
- node_save($node);
- $this->drupalLogin($this->admin_user);
- $this->drupalGet("node/$nid");
- $this->assertResponse(200, 'Administrator can access the private node.');
- $this->drupalGet($file_url);
- $this->assertResponse(200, 'Administrator can download the file attached to the private node.');
- $this->drupalLogOut();
- $this->drupalGet("node/$nid");
- $this->assertResponse(403, 'Anonymous user cannot access the private node.');
- $this->drupalGet($file_url);
- $this->assertResponse(403, 'Anonymous user cannot download the file attached to the private node.');
- }
- }
- /**
- * Confirm that file field submissions work correctly for anonymous visitors.
- */
- class FileFieldAnonymousSubmission extends FileFieldTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'File form anonymous submission',
- 'description' => 'Test anonymous form submission.',
- 'group' => 'File',
- );
- }
- function setUp() {
- parent::setUp();
- // Allow node submissions by anonymous users.
- user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array(
- 'create article content',
- 'access content',
- ));
- }
- /**
- * Tests the basic node submission for an anonymous visitor.
- */
- function testAnonymousNode() {
- $bundle_label = 'Article';
- $node_title = 'Test page';
- // Load the node form.
- $this->drupalGet('node/add/article');
- $this->assertResponse(200, 'Loaded the article node form.');
- $this->assertText(strip_tags(t('Create @name', array('@name' => $bundle_label))));
- $edit = array(
- 'title' => $node_title,
- 'body[und][0][value]' => 'Test article',
- 'body[und][0][format]' => 'filtered_html',
- );
- $this->drupalPost(NULL, $edit, t('Save'));
- $this->assertResponse(200);
- $t_args = array('@type' => $bundle_label, '%title' => $node_title);
- $this->assertText(strip_tags(t('@type %title has been created.', $t_args)), 'The node was created.');
- $matches = array();
- if (preg_match('@node/(\d+)$@', $this->getUrl(), $matches)) {
- $nid = end($matches);
- $this->assertNotEqual($nid, 0, 'The node ID was extracted from the URL.');
- $node = node_load($nid);
- $this->assertNotEqual($node, NULL, 'The node was loaded successfully.');
- }
- }
- /**
- * Tests file submission for an anonymous visitor.
- */
- function testAnonymousNodeWithFile() {
- $bundle_label = 'Article';
- $node_title = 'Test page';
- // Load the node form.
- $this->drupalGet('node/add/article');
- $this->assertResponse(200, 'Loaded the article node form.');
- $this->assertText(strip_tags(t('Create @name', array('@name' => $bundle_label))));
- // Generate an image file.
- $image = $this->getTestImage();
- // Submit the form.
- $edit = array(
- 'title' => $node_title,
- 'body[und][0][value]' => 'Test article',
- 'body[und][0][format]' => 'filtered_html',
- 'files[field_image_und_0]' => drupal_realpath($image->uri),
- );
- $this->drupalPost(NULL, $edit, t('Save'));
- $this->assertResponse(200);
- $t_args = array('@type' => $bundle_label, '%title' => $node_title);
- $this->assertText(strip_tags(t('@type %title has been created.', $t_args)), 'The node was created.');
- $matches = array();
- if (preg_match('@node/(\d+)$@', $this->getUrl(), $matches)) {
- $nid = end($matches);
- $this->assertNotEqual($nid, 0, 'The node ID was extracted from the URL.');
- $node = node_load($nid);
- $this->assertNotEqual($node, NULL, 'The node was loaded successfully.');
- $this->assertEqual($node->field_image[LANGUAGE_NONE][0]['filename'], $image->filename, 'The image was uploaded successfully.');
- }
- }
- /**
- * Tests file submission for an anonymous visitor with a missing node title.
- */
- function testAnonymousNodeWithFileWithoutTitle() {
- $this->drupalLogout();
- $this->_testNodeWithFileWithoutTitle();
- }
- /**
- * Tests file submission for an authenticated user with a missing node title.
- */
- function testAuthenticatedNodeWithFileWithoutTitle() {
- $admin_user = $this->drupalCreateUser(array(
- 'bypass node access',
- 'access content overview',
- 'administer nodes',
- ));
- $this->drupalLogin($admin_user);
- $this->_testNodeWithFileWithoutTitle();
- }
- /**
- * Helper method to test file submissions with missing node titles.
- */
- protected function _testNodeWithFileWithoutTitle() {
- $bundle_label = 'Article';
- $node_title = 'Test page';
- // Load the node form.
- $this->drupalGet('node/add/article');
- $this->assertResponse(200, 'Loaded the article node form.');
- $this->assertText(strip_tags(t('Create @name', array('@name' => $bundle_label))));
- // Generate an image file.
- $image = $this->getTestImage();
- // Submit the form but exclude the title field.
- $edit = array(
- 'body[und][0][value]' => 'Test article',
- 'body[und][0][format]' => 'filtered_html',
- 'files[field_image_und_0]' => drupal_realpath($image->uri),
- );
- $this->drupalPost(NULL, $edit, t('Save'));
- $this->assertResponse(200);
- $t_args = array('@type' => $bundle_label, '%title' => $node_title);
- $this->assertNoText(strip_tags(t('@type %title has been created.', $t_args)), 'The node was created.');
- $this->assertText(t('!name field is required.', array('!name' => t('Title'))));
- // Submit the form again but this time with the missing title field. This
- // should still work.
- $edit = array(
- 'title' => $node_title,
- );
- $this->drupalPost(NULL, $edit, t('Save'));
- // Confirm the final submission actually worked.
- $t_args = array('@type' => $bundle_label, '%title' => $node_title);
- $this->assertText(strip_tags(t('@type %title has been created.', $t_args)), 'The node was created.');
- $matches = array();
- if (preg_match('@node/(\d+)$@', $this->getUrl(), $matches)) {
- $nid = end($matches);
- $this->assertNotEqual($nid, 0, 'The node ID was extracted from the URL.');
- $node = node_load($nid);
- $this->assertNotEqual($node, NULL, 'The node was loaded successfully.');
- $this->assertEqual($node->field_image[LANGUAGE_NONE][0]['filename'], $image->filename, 'The image was uploaded successfully.');
- }
- }
- /**
- * Generates a test image.
- *
- * @return stdClass
- * A file object.
- */
- function getTestImage() {
- // Get a file to upload.
- $file = current($this->drupalGetTestFiles('image'));
- // Add a filesize property to files as would be read by file_load().
- $file->filesize = filesize($file->uri);
- return $file;
- }
- }
|