diff options
| author | Vincent Petry <vincent@nextcloud.com> | 2023-01-11 16:16:44 +0100 |
|---|---|---|
| committer | Vincent Petry <vincent@nextcloud.com> | 2023-01-11 16:16:44 +0100 |
| commit | 6e75931412c26439ebec2e73a72ec170ec7b3ec1 (patch) | |
| tree | c935c7d67f8421cb80fd8fc36f663f71f126f36d /apps/theming/tests | |
| parent | 8393ae27777777ff2ddcba10a9e124e36c30d634 (diff) | |
| download | nextcloud-server-6e75931412c26439ebec2e73a72ec170ec7b3ec1.tar.gz nextcloud-server-6e75931412c26439ebec2e73a72ec170ec7b3ec1.zip | |
Limit key names when uploading theme images
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'apps/theming/tests')
| -rw-r--r-- | apps/theming/tests/Controller/ThemingControllerTest.php | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/apps/theming/tests/Controller/ThemingControllerTest.php b/apps/theming/tests/Controller/ThemingControllerTest.php index 9042a338fb7..4931a148b78 100644 --- a/apps/theming/tests/Controller/ThemingControllerTest.php +++ b/apps/theming/tests/Controller/ThemingControllerTest.php @@ -238,6 +238,36 @@ class ThemingControllerTest extends TestCase { $this->assertEquals($expected, $this->themingController->uploadImage()); } + public function testUploadInvalidUploadKey() { + $this->request + ->expects($this->once()) + ->method('getParam') + ->with('key') + ->willReturn('invalid'); + $this->request + ->expects($this->never()) + ->method('getUploadedFile'); + $this->l10n + ->expects($this->any()) + ->method('t') + ->willReturnCallback(function ($str) { + return $str; + }); + + $expected = new DataResponse( + [ + 'data' => + [ + 'message' => 'Invalid key', + ], + 'status' => 'failure', + ], + Http::STATUS_BAD_REQUEST + ); + + $this->assertEquals($expected, $this->themingController->uploadImage()); + } + /** * Checks that trying to upload an SVG favicon without imagemagick * results in an unsupported media type response. |