Add filetype checking for all files located on the server
This commit is contained in:
claudiulodro
parent
989230f2b9
commit
441fe32f0b
|
|
@ -87,7 +87,19 @@ class WC_Product_Download implements ArrayAccess {
|
|||
* @return boolean
|
||||
*/
|
||||
public function is_allowed_filetype() {
|
||||
if ( 'relative' !== $this->get_type_of_file_path() ) {
|
||||
$file_url = $this->get_file();
|
||||
|
||||
// File types for URL-based files located on the server should get validated.
|
||||
$is_file_on_server = false;
|
||||
if ( false !== stripos( $file_url, network_site_url( '/', 'https' ) ) ||
|
||||
false !== stripos( $file_url, network_site_url( '/', 'https' ) ) ||
|
||||
false !== stripos( $file_url, site_url( '/', 'https' ) ) ||
|
||||
false !== stripos( $file_url, site_url( '/', 'http' ) )
|
||||
) {
|
||||
$is_file_on_server = true;
|
||||
}
|
||||
|
||||
if ( ! $is_file_on_server && 'relative' !== $this->get_type_of_file_path() ) {
|
||||
return true;
|
||||
}
|
||||
return ! $this->get_file_extension() || in_array( $this->get_file_type(), $this->get_allowed_mime_types(), true );
|
||||
|
|
|
|||
|
|
@ -0,0 +1,142 @@
|
|||
<?php
|
||||
/**
|
||||
* Unit tests for the product download class.
|
||||
*
|
||||
* @package WooCommerce\Tests\Product
|
||||
*/
|
||||
|
||||
/**
|
||||
* WC_Product_Download tests.
|
||||
*
|
||||
* @package WooCommerce\Tests\Product
|
||||
* @since 3.4.6
|
||||
*/
|
||||
class WC_Tests_Product_Download extends WC_Unit_Test_Case {
|
||||
|
||||
/**
|
||||
* Test the setters and getters.
|
||||
*
|
||||
* @since 3.4.6
|
||||
*/
|
||||
public function test_setters_getters() {
|
||||
$download = new WC_Product_Download();
|
||||
$download->set_id( 'testid' );
|
||||
$download->set_name( 'Test Name' );
|
||||
$download->set_file( 'http://example.com/file.jpg' );
|
||||
|
||||
$this->assertEquals( 'testid', $download->get_id() );
|
||||
$this->assertEquals( 'Test Name', $download->get_name() );
|
||||
$this->assertEquals( 'http://example.com/file.jpg', $download->get_file() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the get_allowed_mime_types method.
|
||||
*
|
||||
* @since 3.4.6
|
||||
*/
|
||||
public function test_get_allowed_mime_types() {
|
||||
$download = new WC_Product_Download();
|
||||
$this->assertEquals( get_allowed_mime_types(), $download->get_allowed_mime_types() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the get_type_of_file_path method.
|
||||
*
|
||||
* @since 3.4.6
|
||||
*/
|
||||
public function test_get_type_of_file_path() {
|
||||
$download = new WC_Product_Download();
|
||||
|
||||
$this->assertEquals( 'absolute', $download->get_type_of_file_path( 'http://example.com/file.jpg' ) );
|
||||
$this->assertEquals( 'absolute', $download->get_type_of_file_path( site_url( '/wp-content/uploads/test.jpg' ) ) );
|
||||
$this->assertEquals( 'relative', $download->get_type_of_file_path( trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/assets/images/help.png' ) );
|
||||
$this->assertEquals( 'shortcode', $download->get_type_of_file_path( '[s3 bucket ="" file=""]' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the get_file_type method.
|
||||
*
|
||||
* @since 3.4.6
|
||||
*/
|
||||
public function test_get_file_type() {
|
||||
$download = new WC_Product_Download();
|
||||
|
||||
$download->set_file( 'http://example.com/file.jpg' );
|
||||
$this->assertEquals( 'image/jpeg', $download->get_file_type() );
|
||||
|
||||
$download->set_file( 'http://example.com/file.php' );
|
||||
$this->assertEquals( '', $download->get_file_type() );
|
||||
|
||||
$download->set_file( 'http://example.com/file.php?ext=jpg' );
|
||||
$this->assertEquals( '', $download->get_file_type() );
|
||||
|
||||
$download->set_file( site_url( '/wp-content/plugins/woocommerce/assets/images/help.png' ) );
|
||||
$this->assertEquals( 'image/png', $download->get_file_type() );
|
||||
|
||||
$download->set_file( site_url( '/wp-content/plugins/woocommerce/woocommerce.php' ) );
|
||||
$this->assertEquals( '', $download->get_file_type() );
|
||||
|
||||
$download->set_file( trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/assets/images/help.png' );
|
||||
$this->assertEquals( 'image/png', $download->get_file_type() );
|
||||
|
||||
$download->set_file( trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/woocommerce.php' );
|
||||
$this->assertEquals( false, $download->get_file_type() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the get_file_extension method.
|
||||
*
|
||||
* @since 3.4.6
|
||||
*/
|
||||
public function test_get_file_extension() {
|
||||
$download = new WC_Product_Download();
|
||||
|
||||
$download->set_file( 'http://example.com/file.jpg' );
|
||||
$this->assertEquals( 'jpg', $download->get_file_extension() );
|
||||
|
||||
$download->set_file( 'http://example.com/file.php' );
|
||||
$this->assertEquals( 'php', $download->get_file_extension() );
|
||||
|
||||
$download->set_file( 'http://example.com/file.php?ext=jpg' );
|
||||
$this->assertEquals( 'php', $download->get_file_extension() );
|
||||
|
||||
$download->set_file( site_url( '/wp-content/plugins/woocommerce/assets/images/help.png' ) );
|
||||
$this->assertEquals( 'png', $download->get_file_extension() );
|
||||
|
||||
$download->set_file( site_url( '/wp-content/plugins/woocommerce/woocommerce.php' ) );
|
||||
$this->assertEquals( 'php', $download->get_file_extension() );
|
||||
|
||||
$download->set_file( trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/assets/images/help.png' );
|
||||
$this->assertEquals( 'png', $download->get_file_extension() );
|
||||
|
||||
$download->set_file( trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/woocommerce.php' );
|
||||
$this->assertEquals( 'php', $download->get_file_extension() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the is_allowed_filetype method.
|
||||
*
|
||||
* @since 3.4.6
|
||||
*/
|
||||
public function test_is_allowed_filetype() {
|
||||
$download = new WC_Product_Download();
|
||||
|
||||
$download->set_file( 'http://example.com/file.jpg' );
|
||||
$this->assertEquals( true, $download->is_allowed_filetype() );
|
||||
|
||||
$download->set_file( 'http://example.com/file.php' );
|
||||
$this->assertEquals( true, $download->is_allowed_filetype() );
|
||||
|
||||
$download->set_file( site_url( '/wp-content/plugins/woocommerce/assets/images/help.png' ) );
|
||||
$this->assertEquals( true, $download->is_allowed_filetype() );
|
||||
|
||||
$download->set_file( site_url( '/wp-content/plugins/woocommerce/woocommerce.php' ) );
|
||||
$this->assertEquals( false, $download->is_allowed_filetype() );
|
||||
|
||||
$download->set_file( trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/assets/images/help.png' );
|
||||
$this->assertEquals( true, $download->is_allowed_filetype() );
|
||||
|
||||
$download->set_file( trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/woocommerce.php' );
|
||||
$this->assertEquals( false, $download->is_allowed_filetype() );
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue