function ImageStylesPathAndUrlTestCase::_testImageStyleUrlAndPath

Test image_style_url().

5 calls to ImageStylesPathAndUrlTestCase::_testImageStyleUrlAndPath()
ImageStylesPathAndUrlTestCase::testImageStyleUrlAndPathPrivate in modules/image/image.test
Test image_style_url() with a file using the "private://" scheme.
ImageStylesPathAndUrlTestCase::testImageStyleUrlAndPathPrivateUnclean in modules/image/image.test
Test image_style_url() with the "private://" schema and unclean URLs.
ImageStylesPathAndUrlTestCase::testImageStyleUrlAndPathPublic in modules/image/image.test
Test image_style_url() with a file using the "public://" scheme.
ImageStylesPathAndUrlTestCase::testImageStyleUrlExtraSlash in modules/image/image.test
Test image_style_url() with a file URL that has an extra slash in it.
ImageStylesPathAndUrlTestCase::testImageStylUrlAndPathPublicUnclean in modules/image/image.test
Test image_style_url() with the "public://" scheme and unclean URLs.

File

modules/image/image.test, line 228

Class

ImageStylesPathAndUrlTestCase
Tests the functions for generating paths and URLs for image styles.

Code

function _testImageStyleUrlAndPath($scheme, $clean_url = TRUE, $extra_slash = FALSE) {
    // Make the default scheme neither "public" nor "private" to verify the
    // functions work for other than the default scheme.
    variable_set('file_default_scheme', 'temporary');
    variable_set('clean_url', $clean_url);
    // Create the directories for the styles.
    $directory = $scheme . '://styles/' . $this->style_name;
    $status = file_prepare_directory($directory, FILE_CREATE_DIRECTORY);
    $this->assertNotIdentical(FALSE, $status, 'Created the directory for the generated images for the test style.');
    // Create a working copy of the file.
    $files = $this->drupalGetTestFiles('image');
    $file = array_shift($files);
    $image_info = image_get_info($file->uri);
    $original_uri = file_unmanaged_copy($file->uri, $scheme . '://', FILE_EXISTS_RENAME);
    // Let the image_module_test module know about this file, so it can claim
    // ownership in hook_file_download().
    variable_set('image_module_test_file_download', $original_uri);
    $this->assertNotIdentical(FALSE, $original_uri, 'Created the generated image file.');
    // Get the URL of a file that has not been generated and try to create it.
    $generated_uri = image_style_path($this->style_name, $original_uri);
    $this->assertFalse(file_exists($generated_uri), 'Generated file does not exist.');
    $generate_url = image_style_url($this->style_name, $original_uri);
    // Ensure that the tests still pass when the file is generated by accessing
    // a poorly constructed (but still valid) file URL that has an extra slash
    // in it.
    if ($extra_slash) {
        $modified_uri = str_replace('://', ':///', $original_uri);
        $this->assertNotEqual($original_uri, $modified_uri, 'An extra slash was added to the generated file URI.');
        $generate_url = image_style_url($this->style_name, $modified_uri);
    }
    if (!$clean_url) {
        $this->assertTrue(strpos($generate_url, '?q=') !== FALSE, 'When using non-clean URLS, the system path contains the query string.');
    }
    // Add some extra chars to the token.
    $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', IMAGE_DERIVATIVE_TOKEN . '=Zo', $generate_url));
    $this->assertResponse(403, 'Image was inaccessible at the URL with an invalid token.');
    // Change the parameter name so the token is missing.
    $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', 'wrongparam=', $generate_url));
    $this->assertResponse(403, 'Image was inaccessible at the URL with a missing token.');
    // Check that the generated URL is the same when we pass in a relative path
    // rather than a URI. We need to temporarily switch the default scheme to
    // match the desired scheme before testing this, then switch it back to the
    // "temporary" scheme used throughout this test afterwards.
    variable_set('file_default_scheme', $scheme);
    $relative_path = file_uri_target($original_uri);
    $generate_url_from_relative_path = image_style_url($this->style_name, $relative_path);
    $this->assertEqual($generate_url, $generate_url_from_relative_path, 'Generated URL is the same regardless of whether it came from a relative path or a file URI.');
    variable_set('file_default_scheme', 'temporary');
    // Fetch the URL that generates the file.
    $this->drupalGet($generate_url);
    $this->assertResponse(200, 'Image was generated at the URL.');
    $this->assertTrue(file_exists($generated_uri), 'Generated file does exist after we accessed it.');
    $this->assertRaw(file_get_contents($generated_uri), 'URL returns expected file.');
    $generated_image_info = image_get_info($generated_uri);
    $this->assertEqual($this->drupalGetHeader('Content-Type'), $generated_image_info['mime_type'], 'Expected Content-Type was reported.');
    $this->assertEqual($this->drupalGetHeader('Content-Length'), $generated_image_info['file_size'], 'Expected Content-Length was reported.');
    if ($scheme == 'private') {
        $this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
        $this->assertEqual($this->drupalGetHeader('Cache-Control'), 'no-cache, must-revalidate', 'Cache-Control header was set to prevent caching.');
        $this->assertEqual($this->drupalGetHeader('X-Image-Owned-By'), 'image_module_test', 'Expected custom header has been added.');
        // Make sure that a second request to the already existing derivate works
        // too.
        $this->drupalGet($generate_url);
        $this->assertResponse(200, 'Image was generated at the URL.');
        // Make sure that access is denied for existing style files if we do not
        // have access.
        variable_del('image_module_test_file_download');
        $this->drupalGet($generate_url);
        $this->assertResponse(403, 'Confirmed that access is denied for the private image style.');
        // Repeat this with a different file that we do not have access to and
        // make sure that access is denied.
        $file_noaccess = array_shift($files);
        $original_uri_noaccess = file_unmanaged_copy($file_noaccess->uri, $scheme . '://', FILE_EXISTS_RENAME);
        $generated_uri_noaccess = $scheme . '://styles/' . $this->style_name . '/' . $scheme . '/' . drupal_basename($original_uri_noaccess);
        $this->assertFalse(file_exists($generated_uri_noaccess), 'Generated file does not exist.');
        $generate_url_noaccess = image_style_url($this->style_name, $original_uri_noaccess);
        $this->drupalGet($generate_url_noaccess);
        $this->assertResponse(403, 'Confirmed that access is denied for the private image style.');
        // Verify that images are not appended to the response. Currently this test only uses PNG images.
        if (strpos($generate_url, '.png') === FALSE) {
            $this->fail('Confirming that private image styles are not appended require PNG file.');
        }
        else {
            // Check for PNG-Signature (cf. http://www.libpng.org/pub/png/book/chapter08.html#png.ch08.div.2) in the
            // response body.
            $this->assertNoRaw(chr(137) . chr(80) . chr(78) . chr(71) . chr(13) . chr(10) . chr(26) . chr(10), 'No PNG signature found in the response body.');
        }
    }
    elseif ($clean_url) {
        // Add some extra chars to the token.
        $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', IMAGE_DERIVATIVE_TOKEN . '=Zo', $generate_url));
        $this->assertResponse(200, 'Existing image was accessible at the URL with an invalid token.');
    }
    // Allow insecure image derivatives to be created for the remainder of this
    // test.
    variable_set('image_allow_insecure_derivatives', TRUE);
    // Create another working copy of the file.
    $files = $this->drupalGetTestFiles('image');
    $file = array_shift($files);
    $image_info = image_get_info($file->uri);
    $original_uri = file_unmanaged_copy($file->uri, $scheme . '://', FILE_EXISTS_RENAME);
    // Let the image_module_test module know about this file, so it can claim
    // ownership in hook_file_download().
    variable_set('image_module_test_file_download', $original_uri);
    // Get the URL of a file that has not been generated and try to create it.
    $generated_uri = image_style_path($this->style_name, $original_uri);
    $this->assertFalse(file_exists($generated_uri), 'Generated file does not exist.');
    $generate_url = image_style_url($this->style_name, $original_uri);
    // Check that the image is accessible even without the security token.
    $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', 'wrongparam=', $generate_url));
    $this->assertResponse(200, 'Image was accessible at the URL with a missing token.');
    // Check that a security token is still required when generating a second
    // image derivative using the first one as a source.
    $nested_uri = image_style_path($this->style_name, $generated_uri);
    $nested_url = image_style_url($this->style_name, $generated_uri);
    $nested_url_with_wrong_token = str_replace(IMAGE_DERIVATIVE_TOKEN . '=', 'wrongparam=', $nested_url);
    $this->drupalGet($nested_url_with_wrong_token);
    $this->assertResponse(403, 'Image generated from an earlier derivative was inaccessible at the URL with a missing token.');
    // Check that this restriction cannot be bypassed by adding extra slashes
    // to the URL.
    $this->drupalGet(substr_replace($nested_url_with_wrong_token, '//styles/', strrpos($nested_url_with_wrong_token, '/styles/'), strlen('/styles/')));
    $this->assertResponse(403, 'Image generated from an earlier derivative was inaccessible at the URL with a missing token, even with an extra forward slash in the URL.');
    $this->drupalGet(substr_replace($nested_url_with_wrong_token, '/\\styles/', strrpos($nested_url_with_wrong_token, '/styles/'), strlen('/styles/')));
    $this->assertResponse(403, 'Image generated from an earlier derivative was inaccessible at the URL with a missing token, even with an extra backslash in the URL.');
    // Make sure the image can still be generated if a correct token is used.
    $this->drupalGet($nested_url);
    $this->assertResponse(200, 'Image was accessible when a correct token was provided in the URL.');
    // Suppress the security token in the URL, then get the URL of a file. Check
    // that the security token is not present in the URL but that the image is
    // still accessible.
    variable_set('image_suppress_itok_output', TRUE);
    $generate_url = image_style_url($this->style_name, $original_uri);
    $this->assertIdentical(strpos($generate_url, IMAGE_DERIVATIVE_TOKEN . '='), FALSE, 'The security token does not appear in the image style URL.');
    $this->drupalGet($generate_url);
    $this->assertResponse(200, 'Image was accessible at the URL with a missing token.');
    // Check that requesting a nonexistent image does not create any new
    // directories in the file system.
    $directory = $scheme . '://styles/' . $this->style_name . '/' . $scheme . '/' . $this->randomName();
    $this->drupalGet(file_create_url($directory . '/' . $this->randomName()));
    $this->assertFalse(file_exists($directory), 'New directory was not created in the filesystem when requesting an unauthorized image.');
    // Check that requesting a partial image style path returns access denied.
    $partial_url = $scheme . '://styles/' . $this->style_name . '/';
    $this->drupalGet(file_create_url($partial_url) . '/');
    $this->assertResponse(403, 'Access was denied to a partial image style path.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.