Skip to content
Snippets Groups Projects
Unverified Commit b27e6a8c authored by Lee Rowlands's avatar Lee Rowlands
Browse files

Issue #2834958 by huzooka, Chris Burge, alfaguru, Wim Leers, Lendude:... 

Issue #2834958 by huzooka, Chris Burge, alfaguru, Wim Leers, Lendude: file_validate_extensions() incorrectly assumes $file->filename contains the file's extension
parent cffb02aa
Branches
Tags
17 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!1896Issue #2940605: Can only intentionally re-render an entity with references 20 times,!1101Issue #2412669 by claudiu.cristea, Julfabre, sidharrell, catch, daffie,...,!1039Issue #2556069 by claudiu.cristea, bnjmnm, lauriii, pfrenssen, Tim Bozeman,...,!10223132456: Fix issue where views instances are emptied before an ajax request is complete,!1012Issue #3226887: Hreflang on non-canonical content pages,!872Draft: Issue #3221319: Race condition when creating menu links and editing content deletes menu links,!594Put each entity type table into a details element on admin/config/regional/content-language,!579Issue #2230909: Simple decimals fail to pass validation,!560Move callback classRemove outside of the loop,!555Issue #3202493,!512Issue #3207771: Menu UI node type form documentation points to non-existent function,!485Sets the autocomplete attribute for username/password input field on login form.,!449Issue #2784233: Allow multiple vocabularies in the taxonomy filter,!231Issue #2671162: summary text wysiwyg patch working fine on 9.2.0-dev,!43Resolve #3173180: Add UI for 'loading' html attribute to images,!30Issue #3182188: Updates composer usage to point at ./vendor/bin/composer
Hide whitespace changes
Inline Side-by-side
core/modules/file/file.module
+ 8
1
View file @ b27e6a8c
......@@ -339,7 +339,14 @@ function file_validate_extensions(FileInterface $file, $extensions) {
$errors = [];
$regex = '/\.(' . preg_replace('/ +/', '|', preg_quote($extensions)) . ')$/i';
if (!preg_match($regex, $file->getFilename())) {
// Filename may differ from the basename, for instance in case files migrated
// from D7 file entities. Because of that new files are saved temporarily with
// a generated file name, without the original extension, we will use the
// generated filename property for extension validation only in case of
// temporary files; and use the file system file name in case of permanent
// files.
$subject = $file->isTemporary() ? $file->getFilename() : $file->getFileUri();
if (!preg_match($regex, $subject)) {
$errors[] = t('Only files with the following extensions are allowed: %files-allowed.', ['%files-allowed' => $extensions]);
}
return $errors;
......
core/modules/file/tests/src/Kernel/ValidatorTest.php
+ 83
0
View file @ b27e6a8c
......@@ -52,6 +52,89 @@ public function testFileValidateExtensions() {
$this->assertCount(1, $errors, 'Invalid extension blocked.');
}
/**
* Tests the file_validate_extensions() function.
*
* @param array $file_properties
* The properties of the file being validated.
* @param string[] $extensions
* An array of the allowed file extensions.
* @param string[] $expected_errors
* The expected error messages as string.
*
* @dataProvider providerTestFileValidateExtensionsOnUri
*/
public function testFileValidateExtensionsOnUri(array $file_properties, array $extensions, array $expected_errors) {
$file = File::create($file_properties);
$actual_errors = file_validate_extensions($file, implode(' ', $extensions));
$actual_errors_as_string = array_map(function ($error_message) {
return (string) $error_message;
}, $actual_errors);
$this->assertEquals($expected_errors, $actual_errors_as_string);
}
/**
* Data provider for ::testFileValidateExtensionsOnUri.
*
* @return array[][]
* The test cases.
*/
public function providerTestFileValidateExtensionsOnUri(): array {
$temporary_txt_file_properties = [
'filename' => 'asdf.txt',
'uri' => 'temporary://asdf',
'status' => 0,
];
$permanent_txt_file_properties = [
'filename' => 'asdf.txt',
'uri' => 'public://asdf_0.txt',
'status' => 1,
];
$permanent_png_file_properties = [
'filename' => 'The Druplicon',
'uri' => 'public://druplicon.png',
'status' => 1,
];
return [
'Temporary txt validated with "asdf", "txt", "pork"' => [
'File properties' => $temporary_txt_file_properties,
'Allowed_extensions' => ['asdf', 'txt', 'pork'],
'Expected errors' => [],
],
'Temporary txt validated with "exe" and "png"' => [
'File properties' => $temporary_txt_file_properties,
'Allowed_extensions' => ['exe', 'png'],
'Expected errors' => [
'Only files with the following extensions are allowed: <em class="placeholder">exe png</em>.',
],
],
'Permanent txt validated with "asdf", "txt", "pork"' => [
'File properties' => $permanent_txt_file_properties,
'Allowed_extensions' => ['asdf', 'txt', 'pork'],
'Expected errors' => [],
],
'Permanent txt validated with "exe" and "png"' => [
'File properties' => $permanent_txt_file_properties,
'Allowed_extensions' => ['exe', 'png'],
'Expected errors' => [
'Only files with the following extensions are allowed: <em class="placeholder">exe png</em>.',
],
],
'Permanent png validated with "png", "gif", "jpg", "jpeg"' => [
'File properties' => $permanent_png_file_properties,
'Allowed_extensions' => ['png', 'gif', 'jpg', 'jpeg'],
'Expected errors' => [],
],
'Permanent png validated with "exe" and "txt"' => [
'File properties' => $permanent_png_file_properties,
'Allowed_extensions' => ['exe', 'txt'],
'Expected errors' => [
'Only files with the following extensions are allowed: <em class="placeholder">exe txt</em>.',
],
],
];
}
/**
* This ensures a specific file is actually an image.
*/
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment