webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-09 10:22:51 +03:00
Code Activity

Prevent dbl exts. on img upload, Randomized attachment upload names

Browse Source
This commit is contained in:
Dan Brown
2019-03-24 19:07:18 +00:00
parent f5fe524e6c
commit 193e2ffebe
6 changed files with 48 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/Uploads/ImageTest.php
View File

@@ -76,11 +76,23 @@ class ImageTest extends TestCase
$upload->assertStatus(302);
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped');
}
$this->assertDatabaseMissing('images', [
'type' => 'gallery',
'name' => $fileName
]);
public function test_files_with_double_extensions_cannot_be_uploaded()
{
$page = Page::first();
$admin = $this->getAdmin();
$this->actingAs($admin);
$fileName = 'bad.phtml.png';
$relPath = $this->getTestImagePath('gallery', $fileName);
$this->deleteImage($relPath);
$file = $this->getTestImage($fileName);
$upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $file], []);
$upload->assertStatus(302);
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped');
}
public function test_secure_images_uploads_to_correct_place()