Merge remote-tracking branch 'Fyorl/ticket/10941' into develop

* Fyorl/ticket/10941: (30 commits)
  [ticket/10941] Removed superfluous array
  [ticket/10941] File 'txt' now too big so changed tests to reflect that
  [ticket/10941] Added a comment to ensure tags stay uppercase
  [ticket/10941] Modified tearDown to use DirectoryIterator instead of glob
  [ticket/10941] Added tests/upload/fixture/copies to tracking
  [ticket/10941] Fixed form test test_too_large
  [ticket/10941] Replaced use of English with language system
  [ticket/10941] Renamed classes and filenames so that tests run
  [ticket/10941] Moved comment into markTestIncomplete parameter
  [ticket/10941] Removed manual includes of mock classes
  [ticket/10941] Added subdirectory for file operations
  [ticket/10941] Added some comments for clarification
  [ticket/10941] Fixed a failing test
  [ticket/10941] Rearranged tests into their own classes or methods
  [ticket/10941] Removed the incomplete mark as is_image is fixed
  [ticket/10941] Refactored tearDown to stop iterating over the directory.
  [ticket/10941] Refactored init_filespec to return new object.
  [ticket/10941] Minor typo fixes
  [ticket/10941] Changed assertTrue to assertEquals
  [ticket/10941] Now actually checks for the value of errors.
  ...

tests/functional/fileupload_form_test.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2012 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+/**
+ * @group functional
+ */
+class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
+{
+	private $path;
+
+	public function setUp()
+	{
+		parent::setUp();
+		$this->path = __DIR__ . '/fixtures/files/';
+		$this->add_lang('posting');
+		$this->login();
+	}
+
+	public function test_empty_file()
+	{
+		$crawler = $this->request('GET', 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid);
+		$form = $crawler->selectButton('add_file')->form();
+		$form['fileupload']->upload($this->path . 'empty.png');
+		$crawler = $this->client->submit($form);
+		$this->assertEquals($this->lang('ATTACHED_IMAGE_NOT_IMAGE'), $crawler->filter('div#message p')->text());
+	}
+
+	public function test_invalid_extension()
+	{
+		$crawler = $this->request('GET', 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid);
+		$form = $crawler->selectButton('add_file')->form();
+		$form['fileupload']->upload($this->path . 'illegal-extension.bif');
+		$crawler = $this->client->submit($form);
+		$this->assertEquals($this->lang('DISALLOWED_EXTENSION', 'bif'), $crawler->filter('p.error')->text());
+	}
+
+	public function test_too_large()
+	{
+		$this->markTestIncomplete('Functional tests use an admin account which ignores maximum upload size.');
+		$crawler = $this->request('GET', 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid);
+		$form = $crawler->selectButton('add_file')->form();
+		$form['fileupload']->upload($this->path . 'too-large.png');
+		$crawler = $this->client->submit($form);
+		$this->assertEquals($this->lang('WRONG_FILESIZE', '256', 'KiB'), $crawler->filter('p.error')->text());
+	}
+
+	public function test_valid_file()
+	{
+		$crawler = $this->request('GET', 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid);
+		$form = $crawler->selectButton('add_file')->form();
+		$form['fileupload']->upload($this->path . 'valid.jpg');
+		$crawler = $this->client->submit($form);
+		$this->assertEquals(0, $crawler->filter('p.error')->count());
+		$this->assertContains($this->lang('POSTED_ATTACHMENTS'), $crawler->filter('#postform h3')->eq(1)->text());
+	}
+}

tests/functional/fileupload_remote_test.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2012 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+/**
+ * @group functional
+ */
+class phpbb_functional_fileupload_remote_test extends phpbb_functional_test_case
+{
+	public function setUp()
+	{
+		parent::setUp();
+		// Only doing this within the functional framework because we need a
+		// URL
+
+		// Global $config required by unique_id
+		// Global $user required by fileupload::remote_upload
+		global $config, $user;
+
+		if (!is_array($config))
+		{
+			$config = array();
+		}
+
+		$config['rand_seed'] = '';
+		$config['rand_seed_last_update'] = time() + 600;
+
+		$user = new phpbb_mock_user();
+		$user->lang = new phpbb_mock_lang();
+	}
+
+	public function tearDown()
+	{
+		global $config, $user;
+		$user = null;
+		$config = array();
+	}
+
+	public function test_invalid_extension()
+	{
+		$upload = new fileupload('', array('jpg'), 100);
+		$file = $upload->remote_upload('http://example.com/image.gif');
+		$this->assertEquals('URL_INVALID', $file->error[0]);
+	}
+
+	public function test_non_existant()
+	{
+		$upload = new fileupload('', array('jpg'), 100);
+		$file = $upload->remote_upload('http://example.com/image.jpg');
+		$this->assertEquals('EMPTY_REMOTE_DATA', $file->error[0]);
+	}
+
+	public function test_successful_upload()
+	{
+		$upload = new fileupload('', array('gif'), 1000);
+		$file = $upload->remote_upload($this->root_url . 'styles/prosilver/theme/images/forum_read.gif');
+		$this->assertEquals(0, sizeof($file->error));
+		$this->assertTrue(file_exists($file->filename));
+	}
+
+	public function test_too_large()
+	{
+		$upload = new fileupload('', array('gif'), 100);
+		$file = $upload->remote_upload($this->root_url . 'styles/prosilver/theme/images/forum_read.gif');
+		$this->assertEquals('WRONG_FILESIZE', $file->error[0]);
+	}
+}

tests/mock/filespec.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2012 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+/**
+ * Mock filespec class with some basic values to help with testing the
+ * fileupload class
+ */
+class phpbb_mock_filespec
+{
+	public $filesize;
+	public $realname;
+	public $extension;
+	public $width;
+	public $height;
+	public $error = array();
+
+	public function check_content($disallowed_content)
+	{
+		return true;
+	}
+
+	public function get($property)
+	{
+		return $this->$property;
+	}
+}

tests/mock/fileupload.php

@@ -0,0 +1,52 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2012 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+/**
+ * Mock fileupload class with some basic values to help with testing the
+ * filespec class
+ */
+class phpbb_mock_fileupload
+{
+	public $max_filesize = 100;
+	public $error_prefix = '';
+
+	public function valid_dimensions($filespec)
+	{
+		return true;
+	}
+
+	/**
+	 * Copied verbatim from phpBB/includes/functions_upload.php's fileupload
+	 * class to ensure the correct behaviour of filespec::move_file.
+	 *
+	 * Maps file extensions to the constant in second index of the array
+	 * returned by getimagesize()
+	 */
+	public function image_types()
+	{
+		return array(
+			IMAGETYPE_GIF		=> array('gif'),
+			IMAGETYPE_JPEG		=> array('jpg', 'jpeg'),
+			IMAGETYPE_PNG		=> array('png'),
+			IMAGETYPE_SWF		=> array('swf'),
+			IMAGETYPE_PSD		=> array('psd'),
+			IMAGETYPE_BMP		=> array('bmp'),
+			IMAGETYPE_TIFF_II	=> array('tif', 'tiff'),
+			IMAGETYPE_TIFF_MM	=> array('tif', 'tiff'),
+			IMAGETYPE_JPC		=> array('jpg', 'jpeg'),
+			IMAGETYPE_JP2		=> array('jpg', 'jpeg'),
+			IMAGETYPE_JPX		=> array('jpg', 'jpeg'),
+			IMAGETYPE_JB2		=> array('jpg', 'jpeg'),
+			IMAGETYPE_SWC		=> array('swc'),
+			IMAGETYPE_IFF		=> array('iff'),
+			IMAGETYPE_WBMP		=> array('wbmp'),
+			IMAGETYPE_XBM		=> array('xbm'),
+		);
+	}
+}

tests/upload/filespec_test.php

@@ -0,0 +1,275 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2012 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+require_once __DIR__ . '/../../phpBB/includes/functions.php';
+require_once __DIR__ . '/../../phpBB/includes/utf/utf_tools.php';
+require_once __DIR__ . '/../../phpBB/includes/functions_upload.php';
+
+class phpbb_filespec_test extends phpbb_test_case
+{
+	const TEST_COUNT = 100;
+	const PREFIX = 'phpbb_';
+	const MAX_STR_LEN = 50;
+	const UPLOAD_MAX_FILESIZE = 1000;
+
+	private $config;
+	public $path;
+
+	protected function setUp()
+	{
+		// Global $config required by unique_id
+		// Global $user required by filespec::additional_checks and
+		// filespec::move_file
+		global $config, $user;
+
+		if (!is_array($config))
+		{
+			$config = array();
+		}
+
+		$config['rand_seed'] = '';
+		$config['rand_seed_last_update'] = time() + 600;
+		// This config value is normally pulled from the database which is set
+		// to this value at install time.
+		// See: phpBB/install/schemas/schema_data.sql
+		$config['mime_triggers'] = 'body|head|html|img|plaintext|a href|pre|script|table|title';
+
+		$user = new phpbb_mock_user();
+		$user->lang = new phpbb_mock_lang();
+
+		$this->config = &$config;
+		$this->path = __DIR__ . '/fixture/';
+
+		// Create copies of the files for use in testing move_file
+		$iterator = new DirectoryIterator($this->path);
+		foreach ($iterator as $fileinfo)
+		{
+			if ($fileinfo->isDot() || $fileinfo->isDir())
+			{
+				continue;
+			}
+
+			copy($fileinfo->getPathname(), $this->path . 'copies/' . $fileinfo->getFilename() . '_copy');
+			if ($fileinfo->getFilename() === 'txt')
+			{
+				copy($fileinfo->getPathname(), $this->path . 'copies/' . $fileinfo->getFilename() . '_copy_2');
+			}
+		}
+	}
+
+	private function get_filespec($override = array())
+	{
+		// Initialise a blank filespec object for use with trivial methods
+		$upload_ary = array(
+			'name' => '',
+			'type' => '',
+			'size' => '',
+			'tmp_name' => '',
+			'error' => '',
+		);
+
+		return new filespec(array_merge($upload_ary, $override), null);
+	}
+
+	protected function tearDown()
+	{
+		global $user;
+		$this->config = array();
+		$user = null;
+
+		$iterator = new DirectoryIterator($this->path . 'copies');
+		foreach ($iterator as $fileinfo)
+		{
+			$name = $fileinfo->getFilename();
+			if ($name[0] !== '.')
+			{
+				unlink($fileinfo->getPathname());
+			}
+		}
+	}
+
+	public function additional_checks_variables()
+	{
+		// False here just indicates the file is too large and fails the
+		// filespec::additional_checks method because of it. All other code
+		// paths in that method are covered elsewhere.
+		return array(
+			array('gif', true),
+			array('jpg', false),
+			array('png', true),
+			array('tif', false),
+			array('txt', false),
+		);
+	}
+
+	/**
+	 * @dataProvider additional_checks_variables
+	 */
+	public function test_additional_checks($filename, $expected)
+	{
+		$upload = new phpbb_mock_fileupload();
+		$filespec = $this->get_filespec();
+		$filespec->upload = $upload;
+		$filespec->file_moved = true;
+		$filespec->filesize = $filespec->get_filesize($this->path . $filename);
+
+		$this->assertEquals($expected, $filespec->additional_checks());
+	}
+
+	public function check_content_variables()
+	{
+		// False here indicates that a file is non-binary and contains
+		// disallowed content that makes IE report the mimetype incorrectly.
+		return array(
+			array('gif', true),
+			array('jpg', true),
+			array('png', true),
+			array('tif', true),
+			array('txt', false),
+		);
+	}
+
+	/**
+	 * @dataProvider check_content_variables
+	 */
+	public function test_check_content($filename, $expected)
+	{
+		$disallowed_content = explode('|', $this->config['mime_triggers']);
+		$filespec = $this->get_filespec(array('tmp_name' => $this->path . $filename));
+		$this->assertEquals($expected, $filespec->check_content($disallowed_content));
+	}
+
+	public function clean_filename_variables()
+	{
+		$chunks = str_split('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\'\\" /:*?<>|[];(){},#+=-_`', 8);
+		return array(
+			array($chunks[0] . $chunks[7]),
+			array($chunks[1] . $chunks[8]),
+			array($chunks[2] . $chunks[9]),
+			array($chunks[3] . $chunks[4]),
+			array($chunks[5] . $chunks[6]),
+		);
+	}
+
+	/**
+	 * @dataProvider clean_filename_variables
+	 */
+	public function test_clean_filename_real($filename)
+	{
+		$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
+		$filespec = $this->get_filespec(array('name' => $filename));
+		$filespec->clean_filename('real', self::PREFIX);
+		$name = $filespec->realname;
+
+		$this->assertEquals(0, preg_match('/%(\w{2})/', $name));
+		foreach ($bad_chars as $char)
+		{
+			$this->assertFalse(strpos($name, $char));
+		}
+	}
+
+	public function test_clean_filename_unique()
+	{
+		$filenames = array();
+		for ($tests = 0; $tests < self::TEST_COUNT; $tests++)
+		{
+			$filespec = $this->get_filespec();
+			$filespec->clean_filename('unique', self::PREFIX);
+			$name = $filespec->realname;
+			
+			$this->assertEquals(strlen($name), 32 + strlen(self::PREFIX));
+			$this->assertRegExp('#^[A-Za-z0-9]+$#', substr($name, strlen(self::PREFIX)));
+			$this->assertFalse(isset($filenames[$name]));
+			$filenames[$name] = true;
+		}
+	}
+
+	public function get_extension_variables()
+	{
+		return array(
+			array('file.png', 'png'),
+			array('file.phpbb.gif', 'gif'),
+			array('file..', ''),
+			array('.file..jpg.webp', 'webp'),
+		);
+	}
+
+	/**
+	 * @dataProvider get_extension_variables
+	 */
+	public function test_get_extension($filename, $expected)
+	{
+		$filespec = $this->get_filespec();
+		$this->assertEquals($expected, $filespec->get_extension($filename));
+	}
+
+	public function is_image_variables()
+	{
+		return array(
+			array('gif', 'image/gif', true),
+			array('jpg', 'image/jpg', true),
+			array('png', 'image/png', true),
+			array('tif', 'image/tif', true),
+			array('txt', 'text/plain', false),
+		);
+	}
+
+	/**
+	 * @dataProvider is_image_variables
+	 */
+	public function test_is_image($filename, $mimetype, $expected)
+	{
+		$filespec = $this->get_filespec(array('tmp_name' => $this->path . $filename, 'type' => $mimetype));
+		$this->assertEquals($expected, $filespec->is_image());
+	}
+
+	public function move_file_variables()
+	{
+		return array(
+			array('gif_copy', 'gif_moved', 'image/gif', 'gif', false, true),
+			array('non_existant', 'still_non_existant', 'text/plain', 'txt', 'GENERAL_UPLOAD_ERROR', false),
+			array('txt_copy', 'txt_as_img', 'image/jpg', 'txt', false, true),
+			array('txt_copy_2', 'txt_moved', 'text/plain', 'txt', false, true),
+			array('jpg_copy', 'jpg_moved', 'image/png', 'jpg', false, true),
+			array('png_copy', 'png_moved', 'image/png', 'jpg', 'IMAGE_FILETYPE_MISMATCH', true),
+		);
+	}
+
+	/**
+	 * @dataProvider move_file_variables
+	 */
+	public function test_move_file($tmp_name, $realname, $mime_type, $extension, $error, $expected)
+	{
+		// Global $phpbb_root_path and $phpEx are required by phpbb_chmod
+		global $phpbb_root_path, $phpEx;
+		$phpbb_root_path = '';
+		$phpEx = 'php';
+
+		$upload = new phpbb_mock_fileupload();
+		$upload->max_filesize = self::UPLOAD_MAX_FILESIZE;
+
+		$filespec = $this->get_filespec(array(
+			'tmp_name' => $this->path . 'copies/' . $tmp_name,
+			'name' => $realname,
+			'type' => $mime_type,
+		));
+		$filespec->extension = $extension;
+		$filespec->upload = $upload;
+		$filespec->local = true;
+
+		$this->assertEquals($expected, $filespec->move_file($this->path . 'copies'));
+		$this->assertEquals($filespec->file_moved, file_exists($this->path . 'copies/' . $realname));
+		if ($error)
+		{
+			$this->assertEquals($error, $filespec->error[0]);
+		}
+
+		$phpEx = '';
+	}
+}

tests/upload/fileupload_test.php

@@ -0,0 +1,115 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2012 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+require_once __DIR__ . '/../../phpBB/includes/functions.php';
+require_once __DIR__ . '/../../phpBB/includes/utf/utf_tools.php';
+require_once __DIR__ . '/../../phpBB/includes/functions_upload.php';
+
+class phpbb_fileupload_test extends phpbb_test_case
+{
+	private $path;
+
+	protected function setUp()
+	{
+		// Global $config required by unique_id
+		// Global $user required by several functions dealing with translations
+		global $config, $user;
+
+		if (!is_array($config))
+		{
+			$config = array();
+		}
+
+		$config['rand_seed'] = '';
+		$config['rand_seed_last_update'] = time() + 600;
+
+		$user = new phpbb_mock_user();
+		$user->lang = new phpbb_mock_lang();
+		$this->path = __DIR__ . '/fixture/';
+	}
+
+	private function gen_valid_filespec()
+	{
+		$filespec = new phpbb_mock_filespec();
+		$filespec->filesize = 1;
+		$filespec->extension = 'jpg';
+		$filespec->realname = 'valid';
+		$filespec->width = 2;
+		$filespec->height = 2;
+
+		return $filespec;
+	}
+
+	protected function tearDown()
+	{
+		// Clear globals
+		global $config, $user;
+		$config = array();
+		$user = null;
+	}
+
+	public function test_common_checks_invalid_extension()
+	{
+		$upload = new fileupload('', array('png'), 100);
+		$file = $this->gen_valid_filespec();
+		$upload->common_checks($file);
+		$this->assertEquals('DISALLOWED_EXTENSION', $file->error[0]);
+	}
+
+	public function test_common_checks_invalid_filename()
+	{
+		$upload = new fileupload('', array('jpg'), 100);
+		$file = $this->gen_valid_filespec();
+		$file->realname = 'invalid?';
+		$upload->common_checks($file);
+		$this->assertEquals('INVALID_FILENAME', $file->error[0]);
+	}
+
+	public function test_common_checks_too_large()
+	{
+		$upload = new fileupload('', array('jpg'), 100);
+		$file = $this->gen_valid_filespec();
+		$file->filesize = 1000;
+		$upload->common_checks($file);
+		$this->assertEquals('WRONG_FILESIZE', $file->error[0]);
+	}
+
+	public function test_common_checks_valid_file()
+	{
+		$upload = new fileupload('', array('jpg'), 1000);
+		$file = $this->gen_valid_filespec();
+		$upload->common_checks($file);
+		$this->assertEquals(0, sizeof($file->error));
+	}
+
+	public function test_local_upload()
+	{
+		$upload = new fileupload('', array('jpg'), 1000);
+
+		copy($this->path . 'jpg', $this->path . 'jpg.jpg');
+		$file = $upload->local_upload($this->path . 'jpg.jpg');
+		$this->assertEquals(0, sizeof($file->error));
+		unlink($this->path . 'jpg.jpg');
+	}
+
+	public function test_valid_dimensions()
+	{
+		$upload = new fileupload('', false, false, 1, 1, 100, 100);
+
+		$file1 = $this->gen_valid_filespec();
+		$file2 = $this->gen_valid_filespec();
+		$file2->height = 101;
+		$file3 = $this->gen_valid_filespec();
+		$file3->width = 0;
+
+		$this->assertTrue($upload->valid_dimensions($file1));
+		$this->assertFalse($upload->valid_dimensions($file2));
+		$this->assertFalse($upload->valid_dimensions($file3));
+	}
+}

tests/upload/fixture/txt

@@ -0,0 +1,2 @@
+<HTML>mime trigger</HTML>
+The HTML tags should remain uppercase so that case-insensitivity can be checked.