webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-06 12:02:45 +03:00
Code Activity

Added test and handling for local_secure_restricted in exports

Browse Source
This commit is contained in:
Dan Brown
2022-09-02 14:21:43 +01:00
parent f88330202b
commit 092b6d6378
3 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
tests/Uploads/ImageTest.php
View File

@@ -377,6 +377,39 @@ class ImageTest extends TestCase
}
}
public function test_secure_restricted_image_access_controlled_in_exports()
{
config()->set('filesystems.images', 'local_secure_restricted');
$this->asEditor();
$galleryFile = $this->getTestImage('my-secure-restricted-export-test.png');
/** @var Page $pageA */
/** @var Page $pageB */
$pageA = Page::query()->first();
$pageB = Page::query()->where('id', '!=', $pageA->id)->first();
$expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-export-test.png');
$upload = $this->asEditor()->call('POST', '/images/gallery', ['uploaded_to' => $pageA->id], [], ['file' => $galleryFile], []);
$upload->assertOk();
$imageUrl = json_decode($upload->getContent(), true)['url'];
$pageB->html .= "<img src=\"{$imageUrl}\">";
$pageB->save();
$encodedImageContent = base64_encode(file_get_contents($expectedPath));
$export = $this->get($pageB->getUrl('/export/html'));
$this->assertStringContainsString($encodedImageContent, $export->getContent());
$this->setEntityRestrictions($pageA, [], []);
$export = $this->get($pageB->getUrl('/export/html'));
$this->assertStringNotContainsString($encodedImageContent, $export->getContent());
if (file_exists($expectedPath)) {
unlink($expectedPath);
}
}
public function test_image_delete()
{
$page = Page::query()->first();