| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  | namespace Tests\Uploads; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-13 18:27:55 +08:00
										 |  |  | use BookStack\Entities\Repos\PageRepo; | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  | use BookStack\Uploads\Image; | 
					
						
							|  |  |  | use BookStack\Uploads\ImageService; | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  | use Illuminate\Support\Str; | 
					
						
							| 
									
										
										
										
											2018-12-23 23:34:38 +08:00
										 |  |  | use Tests\TestCase; | 
					
						
							| 
									
										
										
										
											2018-01-28 21:18:28 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | class ImageTest extends TestCase | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  | { | 
					
						
							|  |  |  |     public function test_image_upload() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2018-01-28 21:27:41 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $page); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $relPath = $imgDetails['path']; | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: ' . public_path($relPath)); | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2016-09-18 01:22:04 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-28 21:18:28 +08:00
										 |  |  |         $this->assertDatabaseHas('images', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'url'         => $this->baseUrl . $relPath, | 
					
						
							|  |  |  |             'type'        => 'gallery', | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  |             'uploaded_to' => $page->id, | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'path'        => $relPath, | 
					
						
							|  |  |  |             'created_by'  => $admin->id, | 
					
						
							|  |  |  |             'updated_by'  => $admin->id, | 
					
						
							|  |  |  |             'name'        => $imgDetails['name'], | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-12-22 20:44:49 +08:00
										 |  |  |     public function test_image_display_thumbnail_generation_does_not_increase_image_size() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2019-12-22 20:44:49 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $originalFile = $this->files->testFilePath('compressed.png'); | 
					
						
							| 
									
										
										
										
											2019-12-22 20:44:49 +08:00
										 |  |  |         $originalFileSize = filesize($originalFile); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $page, 'compressed.png'); | 
					
						
							| 
									
										
										
										
											2019-12-22 20:44:49 +08:00
										 |  |  |         $relPath = $imgDetails['path']; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: ' . public_path($relPath)); | 
					
						
							| 
									
										
										
										
											2019-12-22 20:44:49 +08:00
										 |  |  |         $displayImage = $imgDetails['response']->thumbs->display; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $displayImageRelPath = implode('/', array_slice(explode('/', $displayImage), 3)); | 
					
						
							|  |  |  |         $displayImagePath = public_path($displayImageRelPath); | 
					
						
							|  |  |  |         $displayFileSize = filesize($displayImagePath); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($displayImageRelPath); | 
					
						
							| 
									
										
										
										
											2019-12-22 20:44:49 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertEquals($originalFileSize, $displayFileSize, 'Display thumbnail generation should not increase image size'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-04 21:10:35 +08:00
										 |  |  |     public function test_image_display_thumbnail_generation_for_apng_images_uses_original_file() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2022-01-04 21:10:35 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $page, 'animated.png'); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($imgDetails['path']); | 
					
						
							| 
									
										
										
										
											2022-01-04 21:10:35 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertStringContainsString('thumbs-', $imgDetails['response']->thumbs->gallery); | 
					
						
							|  |  |  |         $this->assertStringNotContainsString('thumbs-', $imgDetails['response']->thumbs->display); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |     public function test_image_edit() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $editor = $this->users->editor(); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $this->actingAs($editor); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $this->entities->page()); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $image = Image::query()->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $newName = Str::random(); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $update = $this->put('/images/' . $image->id, ['name' => $newName]); | 
					
						
							|  |  |  |         $update->assertSuccessful(); | 
					
						
							| 
									
										
										
										
											2020-07-25 07:20:58 +08:00
										 |  |  |         $update->assertSee($newName); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($imgDetails['path']); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertDatabaseHas('images', [ | 
					
						
							|  |  |  |             'type' => 'gallery', | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'name' => $newName, | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-09-18 01:22:04 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-29 00:32:22 +08:00
										 |  |  |     public function test_image_file_update() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $page = $this->entities->page(); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $page); | 
					
						
							|  |  |  |         $relPath = $imgDetails['path']; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $newUpload = $this->files->uploadedImage('updated-image.png', 'compressed.png'); | 
					
						
							|  |  |  |         $this->assertFileEquals($this->files->testFilePath('test-image.png'), public_path($relPath)); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $imageId = $imgDetails['response']->id; | 
					
						
							| 
									
										
										
										
											2023-07-05 18:28:03 +08:00
										 |  |  |         $image = Image::findOrFail($imageId); | 
					
						
							|  |  |  |         $image->updated_at = now()->subMonth(); | 
					
						
							|  |  |  |         $image->save(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-29 00:32:22 +08:00
										 |  |  |         $this->call('PUT', "/images/{$imageId}/file", [], [], ['file' => $newUpload]) | 
					
						
							|  |  |  |             ->assertOk(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertFileEquals($this->files->testFilePath('compressed.png'), public_path($relPath)); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-07-05 18:28:03 +08:00
										 |  |  |         $image->refresh(); | 
					
						
							|  |  |  |         $this->assertTrue($image->updated_at->gt(now()->subMinute())); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-29 00:32:22 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_image_file_update_does_not_allow_change_in_image_extension() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $page = $this->entities->page(); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $page); | 
					
						
							|  |  |  |         $relPath = $imgDetails['path']; | 
					
						
							|  |  |  |         $newUpload = $this->files->uploadedImage('updated-image.jpg', 'compressed.png'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $imageId = $imgDetails['response']->id; | 
					
						
							|  |  |  |         $this->call('PUT', "/images/{$imageId}/file", [], [], ['file' => $newUpload]) | 
					
						
							|  |  |  |             ->assertJson([ | 
					
						
							|  |  |  |                 "message" => "Image file replacements must be of the same type", | 
					
						
							|  |  |  |                 "status" => "error", | 
					
						
							|  |  |  |             ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |     public function test_gallery_get_list_format() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $this->entities->page()); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $image = Image::query()->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $pageId = $imgDetails['page']->id; | 
					
						
							|  |  |  |         $firstPageRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}"); | 
					
						
							| 
									
										
										
										
											2022-07-23 22:10:18 +08:00
										 |  |  |         $firstPageRequest->assertSuccessful(); | 
					
						
							|  |  |  |         $this->withHtml($firstPageRequest)->assertElementExists('div'); | 
					
						
							| 
									
										
										
										
											2020-07-25 07:20:58 +08:00
										 |  |  |         $firstPageRequest->assertSuccessful()->assertSeeText($image->name); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $secondPageRequest = $this->get("/images/gallery?page=2&uploaded_to={$pageId}"); | 
					
						
							| 
									
										
										
										
											2022-07-23 22:10:18 +08:00
										 |  |  |         $secondPageRequest->assertSuccessful(); | 
					
						
							|  |  |  |         $this->withHtml($secondPageRequest)->assertElementNotExists('div'); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $namePartial = substr($imgDetails['name'], 0, 3); | 
					
						
							|  |  |  |         $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); | 
					
						
							| 
									
										
										
										
											2020-07-25 07:20:58 +08:00
										 |  |  |         $searchHitRequest->assertSuccessful()->assertSee($imgDetails['name']); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $namePartial = Str::random(16); | 
					
						
							| 
									
										
										
										
											2020-07-25 07:20:58 +08:00
										 |  |  |         $searchFailRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); | 
					
						
							|  |  |  |         $searchFailRequest->assertSuccessful()->assertDontSee($imgDetails['name']); | 
					
						
							| 
									
										
										
										
											2022-07-23 22:10:18 +08:00
										 |  |  |         $searchFailRequest->assertSuccessful(); | 
					
						
							|  |  |  |         $this->withHtml($searchFailRequest)->assertElementNotExists('div'); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-17 01:57:34 +08:00
										 |  |  |     public function test_image_gallery_lists_for_draft_page() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->actingAs($this->users->editor()); | 
					
						
							|  |  |  |         $draft = $this->entities->newDraftPage(); | 
					
						
							|  |  |  |         $this->files->uploadGalleryImageToPage($this, $draft); | 
					
						
							|  |  |  |         $image = Image::query()->where('uploaded_to', '=', $draft->id)->firstOrFail(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get("/images/gallery?page=1&uploaded_to={$draft->id}"); | 
					
						
							|  |  |  |         $resp->assertSee($image->getThumb(150, 150)); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |     public function test_image_usage() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $editor = $this->users->editor(); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $this->actingAs($editor); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $imgDetails = $this->files->uploadGalleryImageToPage($this, $page); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $image = Image::query()->first(); | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $page->html = '<img src="' . $image->url . '">'; | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $page->save(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-25 07:20:58 +08:00
										 |  |  |         $usage = $this->get('/images/edit/' . $image->id . '?delete=true'); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $usage->assertSuccessful(); | 
					
						
							| 
									
										
										
										
											2020-07-25 07:20:58 +08:00
										 |  |  |         $usage->assertSeeText($page->name); | 
					
						
							|  |  |  |         $usage->assertSee($page->getUrl()); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($imgDetails['path']); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-21 07:59:55 +08:00
										 |  |  |     public function test_php_files_cannot_be_uploaded() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2019-03-21 07:59:55 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $fileName = 'bad.php'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('gallery', $fileName); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2019-03-21 07:59:55 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $file = $this->files->imageFromBase64File('bad-php.base64', $fileName); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); | 
					
						
							| 
									
										
										
										
											2023-04-27 20:31:03 +08:00
										 |  |  |         $upload->assertStatus(500); | 
					
						
							|  |  |  |         $this->assertStringContainsString('The file must have a valid & supported image extension', $upload->json('message')); | 
					
						
							| 
									
										
										
										
											2019-03-21 07:59:55 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertDatabaseMissing('images', [ | 
					
						
							|  |  |  |             'type' => 'gallery', | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'name' => $fileName, | 
					
						
							| 
									
										
										
										
											2019-03-21 07:59:55 +08:00
										 |  |  |         ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-22 03:43:15 +08:00
										 |  |  |     public function test_php_like_files_cannot_be_uploaded() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2019-03-22 03:43:15 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $fileName = 'bad.phtml'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('gallery', $fileName); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2019-03-22 03:43:15 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $file = $this->files->imageFromBase64File('bad-phtml.base64', $fileName); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); | 
					
						
							| 
									
										
										
										
											2023-04-27 20:31:03 +08:00
										 |  |  |         $upload->assertStatus(500); | 
					
						
							|  |  |  |         $this->assertStringContainsString('The file must have a valid & supported image extension', $upload->json('message')); | 
					
						
							| 
									
										
										
										
											2019-03-22 03:43:15 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped'); | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2019-03-22 03:43:15 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-05 04:45:56 +08:00
										 |  |  |     public function test_files_with_double_extensions_will_get_sanitized() | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $fileName = 'bad.phtml.png'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('gallery', $fileName); | 
					
						
							| 
									
										
										
										
											2021-03-15 07:20:21 +08:00
										 |  |  |         $expectedRelPath = dirname($relPath) . '/bad-phtml.png'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($expectedRelPath); | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $file = $this->files->imageFromBase64File('bad-phtml-png.base64', $fileName); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); | 
					
						
							| 
									
										
										
										
											2021-03-05 04:45:56 +08:00
										 |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $lastImage = Image::query()->latest('id')->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-15 07:20:21 +08:00
										 |  |  |         $this->assertEquals('bad.phtml.png', $lastImage->name); | 
					
						
							|  |  |  |         $this->assertEquals('bad-phtml.png', basename($lastImage->path)); | 
					
						
							| 
									
										
										
										
											2021-03-20 23:35:39 +08:00
										 |  |  |         $this->assertFileDoesNotExist(public_path($relPath), 'Uploaded image file name was not stripped of dots'); | 
					
						
							| 
									
										
										
										
											2021-03-15 07:20:21 +08:00
										 |  |  |         $this->assertFileExists(public_path($expectedRelPath)); | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($lastImage->path); | 
					
						
							| 
									
										
										
										
											2019-03-22 03:43:15 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-25 18:18:40 +08:00
										 |  |  |     public function test_url_entities_removed_from_filenames() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  |         $badNames = [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'bad-char-#-image.png', | 
					
						
							|  |  |  |             'bad-char-?-image.png', | 
					
						
							|  |  |  |             '?#.png', | 
					
						
							|  |  |  |             '?.png', | 
					
						
							|  |  |  |             '#.png', | 
					
						
							| 
									
										
										
										
											2020-07-25 18:18:40 +08:00
										 |  |  |         ]; | 
					
						
							|  |  |  |         foreach ($badNames as $name) { | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |             $galleryFile = $this->files->uploadedImage($name); | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |             $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |             $badPath = $this->files->expectedImagePath('gallery', $name); | 
					
						
							|  |  |  |             $this->files->deleteAtRelativePath($badPath); | 
					
						
							| 
									
										
										
										
											2020-07-25 18:18:40 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |             $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); | 
					
						
							|  |  |  |             $upload->assertStatus(200); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $lastImage = Image::query()->latest('id')->first(); | 
					
						
							|  |  |  |             $newFileName = explode('.', basename($lastImage->path))[0]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $this->assertEquals($lastImage->name, $name); | 
					
						
							|  |  |  |             $this->assertFalse(strpos($lastImage->path, $name), 'Path contains original image name'); | 
					
						
							|  |  |  |             $this->assertFalse(file_exists(public_path($badPath)), 'Uploaded image file name was not stripped of url entities'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |             $this->files->deleteAtRelativePath($lastImage->path); | 
					
						
							| 
									
										
										
										
											2020-07-25 18:18:40 +08:00
										 |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  |     public function test_secure_images_uploads_to_correct_place() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-06-23 23:01:15 +08:00
										 |  |  |         config()->set('filesystems.images', 'local_secure'); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  |         $this->asEditor(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $galleryFile = $this->files->uploadedImage('my-secure-test-upload.png'); | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-test-upload.png'); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         if (file_exists($expectedPath)) { | 
					
						
							|  |  |  |             unlink($expectedPath); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-01 07:53:17 +08:00
										 |  |  |     public function test_secure_image_paths_traversal_causes_500() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         config()->set('filesystems.images', 'local_secure'); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get('/uploads/images/../../logs/laravel.log'); | 
					
						
							|  |  |  |         $resp->assertStatus(500); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_secure_image_paths_traversal_on_non_secure_images_causes_404() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         config()->set('filesystems.images', 'local'); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get('/uploads/images/../../logs/laravel.log'); | 
					
						
							|  |  |  |         $resp->assertStatus(404); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_secure_image_paths_dont_serve_non_images() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         config()->set('filesystems.images', 'local_secure'); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $testFilePath = storage_path('/uploads/images/testing.txt'); | 
					
						
							|  |  |  |         file_put_contents($testFilePath, 'hello from test_secure_image_paths_dont_serve_non_images'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get('/uploads/images/testing.txt'); | 
					
						
							|  |  |  |         $resp->assertStatus(404); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-22 19:23:43 +08:00
										 |  |  |     public function test_secure_images_included_in_exports() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-06-23 23:01:15 +08:00
										 |  |  |         config()->set('filesystems.images', 'local_secure'); | 
					
						
							| 
									
										
										
										
											2018-04-22 19:23:43 +08:00
										 |  |  |         $this->asEditor(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $galleryFile = $this->files->uploadedImage('my-secure-test-upload.png'); | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-test-upload.png'); | 
					
						
							| 
									
										
										
										
											2018-04-22 19:23:43 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); | 
					
						
							| 
									
										
										
										
											2018-04-22 19:23:43 +08:00
										 |  |  |         $imageUrl = json_decode($upload->getContent(), true)['url']; | 
					
						
							|  |  |  |         $page->html .= "<img src=\"{$imageUrl}\">"; | 
					
						
							|  |  |  |         $page->save(); | 
					
						
							|  |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $encodedImageContent = base64_encode(file_get_contents($expectedPath)); | 
					
						
							|  |  |  |         $export = $this->get($page->getUrl('/export/html')); | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $this->assertTrue(strpos($export->getContent(), $encodedImageContent) !== false, 'Uploaded image in export content'); | 
					
						
							| 
									
										
										
										
											2018-04-22 19:23:43 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         if (file_exists($expectedPath)) { | 
					
						
							|  |  |  |             unlink($expectedPath); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-11-10 22:15:59 +08:00
										 |  |  |     public function test_system_images_remain_public_with_local_secure() | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-06-23 23:01:15 +08:00
										 |  |  |         config()->set('filesystems.images', 'local_secure'); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $galleryFile = $this->files->uploadedImage('my-system-test-upload.png'); | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $expectedPath = public_path('uploads/images/system/' . date('Y-m') . '/my-system-test-upload.png'); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-03-28 18:09:55 +08:00
										 |  |  |         $upload = $this->call('POST', '/settings/customization', [], [], ['app_logo' => $galleryFile], []); | 
					
						
							|  |  |  |         $upload->assertRedirect('/settings/customization'); | 
					
						
							| 
									
										
										
										
											2022-11-10 22:15:59 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (file_exists($expectedPath)) { | 
					
						
							|  |  |  |             unlink($expectedPath); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_system_images_remain_public_with_local_secure_restricted() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         config()->set('filesystems.images', 'local_secure_restricted'); | 
					
						
							|  |  |  |         $this->asAdmin(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $galleryFile = $this->files->uploadedImage('my-system-test-restricted-upload.png'); | 
					
						
							| 
									
										
										
										
											2022-11-10 22:15:59 +08:00
										 |  |  |         $expectedPath = public_path('uploads/images/system/' . date('Y-m') . '/my-system-test-restricted-upload.png'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $upload = $this->call('POST', '/settings/customization', [], [], ['app_logo' => $galleryFile], []); | 
					
						
							|  |  |  |         $upload->assertRedirect('/settings/customization'); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath); | 
					
						
							| 
									
										
										
										
											2018-03-25 19:41:52 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         if (file_exists($expectedPath)) { | 
					
						
							|  |  |  |             unlink($expectedPath); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-02 21:03:23 +08:00
										 |  |  |     public function test_secure_restricted_images_inaccessible_without_relation_permission() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         config()->set('filesystems.images', 'local_secure_restricted'); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $galleryFile = $this->files->uploadedImage('my-secure-restricted-test-upload.png'); | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2022-09-02 21:03:23 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); | 
					
						
							|  |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  |         $expectedUrl = url('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-test-upload.png'); | 
					
						
							|  |  |  |         $expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-test-upload.png'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->get($expectedUrl)->assertOk(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $this->permissions->setEntityPermissions($page, [], []); | 
					
						
							| 
									
										
										
										
											2022-09-02 21:03:23 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get($expectedUrl); | 
					
						
							|  |  |  |         $resp->assertNotFound(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (file_exists($expectedPath)) { | 
					
						
							|  |  |  |             unlink($expectedPath); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_thumbnail_path_handled_by_secure_restricted_images() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         config()->set('filesystems.images', 'local_secure_restricted'); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $galleryFile = $this->files->uploadedImage('my-secure-restricted-thumb-test-test.png'); | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2022-09-02 21:03:23 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); | 
					
						
							|  |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  |         $expectedUrl = url('uploads/images/gallery/' . date('Y-m') . '/thumbs-150-150/my-secure-restricted-thumb-test-test.png'); | 
					
						
							|  |  |  |         $expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-thumb-test-test.png'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->get($expectedUrl)->assertOk(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $this->permissions->setEntityPermissions($page, [], []); | 
					
						
							| 
									
										
										
										
											2022-09-02 21:03:23 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get($expectedUrl); | 
					
						
							|  |  |  |         $resp->assertNotFound(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (file_exists($expectedPath)) { | 
					
						
							|  |  |  |             unlink($expectedPath); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-02 21:21:43 +08:00
										 |  |  |     public function test_secure_restricted_image_access_controlled_in_exports() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         config()->set('filesystems.images', 'local_secure_restricted'); | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $galleryFile = $this->files->uploadedImage('my-secure-restricted-export-test.png'); | 
					
						
							| 
									
										
										
										
											2022-09-02 21:21:43 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $pageA = $this->entities->page(); | 
					
						
							|  |  |  |         $pageB = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2022-09-02 21:21:43 +08:00
										 |  |  |         $expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-export-test.png'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $upload = $this->asEditor()->call('POST', '/images/gallery', ['uploaded_to' => $pageA->id], [], ['file' => $galleryFile], []); | 
					
						
							|  |  |  |         $upload->assertOk(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $imageUrl = json_decode($upload->getContent(), true)['url']; | 
					
						
							|  |  |  |         $pageB->html .= "<img src=\"{$imageUrl}\">"; | 
					
						
							|  |  |  |         $pageB->save(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $encodedImageContent = base64_encode(file_get_contents($expectedPath)); | 
					
						
							|  |  |  |         $export = $this->get($pageB->getUrl('/export/html')); | 
					
						
							|  |  |  |         $this->assertStringContainsString($encodedImageContent, $export->getContent()); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $this->permissions->setEntityPermissions($pageA, [], []); | 
					
						
							| 
									
										
										
										
											2022-09-02 21:21:43 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $export = $this->get($pageB->getUrl('/export/html')); | 
					
						
							|  |  |  |         $this->assertStringNotContainsString($encodedImageContent, $export->getContent()); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (file_exists($expectedPath)) { | 
					
						
							|  |  |  |             unlink($expectedPath); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  |     public function test_image_delete() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							| 
									
										
										
										
											2018-01-28 21:18:28 +08:00
										 |  |  |         $imageName = 'first-image.png'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('gallery', $imageName); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->uploadGalleryImage($this, $imageName, $page->id); | 
					
						
							| 
									
										
										
										
											2018-01-28 21:18:28 +08:00
										 |  |  |         $image = Image::first(); | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $delete = $this->delete('/images/' . $image->id); | 
					
						
							| 
									
										
										
										
											2018-01-28 21:18:28 +08:00
										 |  |  |         $delete->assertStatus(200); | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-28 21:18:28 +08:00
										 |  |  |         $this->assertDatabaseMissing('images', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'url'  => $this->baseUrl . $relPath, | 
					
						
							|  |  |  |             'type' => 'gallery', | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-02 19:07:27 +08:00
										 |  |  |         $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); | 
					
						
							| 
									
										
										
										
											2016-07-02 03:11:49 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-25 06:41:59 +08:00
										 |  |  |     public function test_image_delete_does_not_delete_similar_images() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2020-07-25 06:41:59 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  |         $imageName = 'first-image.png'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('gallery', $imageName); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2020-07-25 06:41:59 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->uploadGalleryImage($this, $imageName, $page->id); | 
					
						
							|  |  |  |         $this->files->uploadGalleryImage($this, $imageName, $page->id); | 
					
						
							|  |  |  |         $this->files->uploadGalleryImage($this, $imageName, $page->id); | 
					
						
							| 
									
										
										
										
											2020-07-25 06:41:59 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $image = Image::first(); | 
					
						
							|  |  |  |         $folder = public_path(dirname($relPath)); | 
					
						
							|  |  |  |         $imageCount = count(glob($folder . '/*')); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $delete = $this->delete('/images/' . $image->id); | 
					
						
							| 
									
										
										
										
											2020-07-25 06:41:59 +08:00
										 |  |  |         $delete->assertStatus(200); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $newCount = count(glob($folder . '/*')); | 
					
						
							|  |  |  |         $this->assertEquals($imageCount - 1, $newCount, 'More files than expected have been deleted'); | 
					
						
							|  |  |  |         $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  |     public function test_image_manager_delete_button_only_shows_with_permission() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  |         $imageName = 'first-image.png'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('gallery', $imageName); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $viewer = $this->users->viewer(); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->uploadGalleryImage($this, $imageName, $page->id); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  |         $image = Image::first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get("/images/edit/{$image->id}"); | 
					
						
							| 
									
										
										
										
											2023-05-29 22:16:16 +08:00
										 |  |  |         $this->withHtml($resp)->assertElementExists('button#image-manager-delete'); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}"); | 
					
						
							| 
									
										
										
										
											2023-05-29 22:16:16 +08:00
										 |  |  |         $this->withHtml($resp)->assertElementNotExists('button#image-manager-delete'); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $this->permissions->grantUserRolePermissions($viewer, ['image-delete-all']); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}"); | 
					
						
							| 
									
										
										
										
											2023-05-29 22:16:16 +08:00
										 |  |  |         $this->withHtml($resp)->assertElementExists('button#image-manager-delete'); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2022-09-05 22:52:12 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-30 19:29:49 +08:00
										 |  |  |     public function test_image_manager_regen_thumbnails() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->asEditor(); | 
					
						
							|  |  |  |         $imageName = 'first-image.png'; | 
					
						
							|  |  |  |         $relPath = $this->files->expectedImagePath('gallery', $imageName); | 
					
						
							| 
									
										
										
										
											2023-10-01 03:00:48 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2023-09-30 19:29:49 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->files->uploadGalleryImage($this, $imageName, $this->entities->page()->id); | 
					
						
							|  |  |  |         $image = Image::first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get("/images/edit/{$image->id}"); | 
					
						
							|  |  |  |         $this->withHtml($resp)->assertElementExists('button#image-manager-rebuild-thumbs'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $expectedThumbPath = dirname($relPath) . '/scaled-1680-/' . basename($relPath); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($expectedThumbPath); | 
					
						
							|  |  |  |         $this->assertFileDoesNotExist($this->files->relativeToFullPath($expectedThumbPath)); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->put("/images/{$image->id}/rebuild-thumbnails"); | 
					
						
							|  |  |  |         $resp->assertOk(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertFileExists($this->files->relativeToFullPath($expectedThumbPath)); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |     protected function getTestProfileImage() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $imageName = 'profile.png'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('user', $imageName); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         return $this->files->uploadedImage($imageName); | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_user_image_upload() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $editor = $this->users->editor(); | 
					
						
							|  |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $file = $this->getTestProfileImage(); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []); | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertDatabaseHas('images', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'type'        => 'user', | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |             'uploaded_to' => $editor->id, | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'created_by'  => $admin->id, | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |         ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_user_images_deleted_on_user_deletion() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $editor = $this->users->editor(); | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |         $this->actingAs($editor); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $file = $this->getTestProfileImage(); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  |         $this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []); | 
					
						
							| 
									
										
										
										
											2018-01-28 22:08:14 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $profileImages = Image::where('type', '=', 'user')->where('created_by', '=', $editor->id)->get(); | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |         $this->assertTrue($profileImages->count() === 1, 'Found profile images does not match upload count'); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $imagePath = public_path($profileImages->first()->path); | 
					
						
							|  |  |  |         $this->assertTrue(file_exists($imagePath)); | 
					
						
							| 
									
										
										
										
											2018-01-28 22:08:14 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $userDelete = $this->asAdmin()->delete("/settings/users/{$editor->id}"); | 
					
						
							|  |  |  |         $userDelete->assertStatus(302); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-28 22:08:14 +08:00
										 |  |  |         $this->assertDatabaseMissing('images', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'type'       => 'user', | 
					
						
							|  |  |  |             'created_by' => $editor->id, | 
					
						
							| 
									
										
										
										
											2018-01-28 22:08:14 +08:00
										 |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |         $this->assertDatabaseMissing('images', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'type'        => 'user', | 
					
						
							|  |  |  |             'uploaded_to' => $editor->id, | 
					
						
							| 
									
										
										
										
											2019-04-21 22:52:29 +08:00
										 |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2019-05-05 01:11:00 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertFalse(file_exists($imagePath)); | 
					
						
							| 
									
										
										
										
											2018-01-28 22:08:14 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-28 02:40:07 +08:00
										 |  |  |     public function test_deleted_unused_images() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 00:31:38 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $admin = $this->users->admin(); | 
					
						
							| 
									
										
										
										
											2018-05-28 02:40:07 +08:00
										 |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $imageName = 'unused-image.png'; | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $relPath = $this->files->expectedImagePath('gallery', $imageName); | 
					
						
							|  |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2018-05-28 02:40:07 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $upload = $this->files->uploadGalleryImage($this, $imageName, $page->id); | 
					
						
							| 
									
										
										
										
											2018-05-28 02:40:07 +08:00
										 |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  |         $image = Image::where('type', '=', 'gallery')->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-13 18:27:55 +08:00
										 |  |  |         $pageRepo = app(PageRepo::class); | 
					
						
							| 
									
										
										
										
											2019-10-05 19:55:01 +08:00
										 |  |  |         $pageRepo->update($page, [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'name'    => $page->name, | 
					
						
							|  |  |  |             'html'    => $page->html . "<img src=\"{$image->url}\">", | 
					
						
							|  |  |  |             'summary' => '', | 
					
						
							| 
									
										
										
										
											2018-05-28 02:40:07 +08:00
										 |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Ensure no images are reported as deletable
 | 
					
						
							|  |  |  |         $imageService = app(ImageService::class); | 
					
						
							|  |  |  |         $toDelete = $imageService->deleteUnusedImages(true, true); | 
					
						
							|  |  |  |         $this->assertCount(0, $toDelete); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Save a revision of our page without the image;
 | 
					
						
							| 
									
										
										
										
											2019-10-05 19:55:01 +08:00
										 |  |  |         $pageRepo->update($page, [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'name'    => $page->name, | 
					
						
							|  |  |  |             'html'    => '<p>Hello</p>', | 
					
						
							|  |  |  |             'summary' => '', | 
					
						
							| 
									
										
										
										
											2018-05-28 02:40:07 +08:00
										 |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Ensure revision images are picked up okay
 | 
					
						
							|  |  |  |         $imageService = app(ImageService::class); | 
					
						
							|  |  |  |         $toDelete = $imageService->deleteUnusedImages(true, true); | 
					
						
							|  |  |  |         $this->assertCount(0, $toDelete); | 
					
						
							|  |  |  |         $toDelete = $imageService->deleteUnusedImages(false, true); | 
					
						
							|  |  |  |         $this->assertCount(1, $toDelete); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Check image is found when revisions are destroyed
 | 
					
						
							|  |  |  |         $page->revisions()->delete(); | 
					
						
							|  |  |  |         $toDelete = $imageService->deleteUnusedImages(true, true); | 
					
						
							|  |  |  |         $this->assertCount(1, $toDelete); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Check the image is deleted
 | 
					
						
							|  |  |  |         $absPath = public_path($relPath); | 
					
						
							|  |  |  |         $this->assertTrue(file_exists($absPath), "Existing uploaded file at path {$absPath} exists"); | 
					
						
							|  |  |  |         $toDelete = $imageService->deleteUnusedImages(true, false); | 
					
						
							|  |  |  |         $this->assertCount(1, $toDelete); | 
					
						
							|  |  |  |         $this->assertFalse(file_exists($absPath)); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 22:39:13 +08:00
										 |  |  |         $this->files->deleteAtRelativePath($relPath); | 
					
						
							| 
									
										
										
										
											2018-05-28 02:40:07 +08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-03-05 04:45:56 +08:00
										 |  |  | } |