1<?php 2// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 3// 4// All Rights Reserved. See copyright.txt for details and a complete list of authors. 5// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 6// $Id$ 7 8class FilegalsTest extends TikiTestCase 9{ 10 function testPNGIsNotSVG() 11 { 12 $fgallib = TikiLib::lib('filegal'); 13 $path = __DIR__ . '/../filegals/testdata.png'; 14 $data = file_get_contents($path); 15 $this->assertFalse($fgallib->fileContentIsSVG($data)); 16 } 17 18 function testSVGDetect() 19 { 20 $fgallib = TikiLib::lib('filegal'); 21 $path = __DIR__ . '/../filegals/testdata.svg'; 22 $data = file_get_contents($path); 23 $this->assertTrue($fgallib->fileContentIsSVG($data)); 24 } 25 26 function testCompressedPNGIsNotSVG() 27 { 28 $fgallib = TikiLib::lib('filegal'); 29 $path = __DIR__ . '/../filegals/testdata.png.gz'; 30 $data = file_get_contents($path); 31 $this->assertFalse($fgallib->fileContentIsSVG($data)); 32 } 33 34 function testSVGDetectGzipped() 35 { 36 $fgallib = TikiLib::lib('filegal'); 37 $path = __DIR__ . '/../filegals/testdata.svgz'; 38 $data = file_get_contents($path); 39 $this->assertTrue($fgallib->fileContentIsSVG($data)); 40 } 41 42 function testSVGWithPNGExtensionIsNotSafe() 43 { 44 global $prefs; 45 $prefs['fgal_allow_svg'] = 'n'; 46 $fgallib = TikiLib::lib('filegal'); 47 $path = __DIR__ . '/../filegals/svg_content.png'; 48 $data = file_get_contents($path); 49 $filename = 'svg_content.png'; 50 $caught = false; 51 try { 52 $fgallib->assertUploadedContentIsSafe($data, $filename); 53 } catch (FileIsNotSafeException $e) { 54 $caught = true; 55 } 56 $this->assertTrue($caught); 57 try { 58 $fgallib->assertUploadedFileIsSafe($path); 59 } catch (FileIsNotSafeException $e) { 60 $caught = true; 61 } 62 $this->assertTrue($caught); 63 } 64 65 function testHTMLFileWithSVGExtensionIsNotSafe() 66 { 67 global $prefs; 68 $prefs['fgal_allow_svg'] = 'n'; 69 $fgallib = TikiLib::lib('filegal'); 70 $path = __DIR__ . '/../filegals/4.svg'; 71 $data = file_get_contents($path); 72 $filename = '4.svg'; 73 $caught = false; 74 try { 75 $fgallib->assertUploadedContentIsSafe($data, $filename); 76 } catch (FileIsNotSafeException $e) { 77 $caught = true; 78 } 79 $this->assertTrue($caught); 80 try { 81 $fgallib->assertUploadedFileIsSafe($path); 82 } catch (FileIsNotSafeException $e) { 83 $caught = true; 84 } 85 $this->assertTrue($caught); 86 } 87} 88
