Issues in ConfigUITest.php (8.x-1.x) - Issues in 8.x-1.x - drupal-media/entity_browser - Measure and Improve Code Quality continuously with Scrutinizer

Issues (71)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Tests/ConfigUITest.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Drupal\entity_browser\Tests;

use Drupal\entity_browser\Plugin\EntityBrowser\Display\IFrame;
use Drupal\entity_browser\Plugin\EntityBrowser\SelectionDisplay\NoDisplay;
use Drupal\entity_browser\Plugin\EntityBrowser\WidgetSelector\Tabs;
use Drupal\simpletest\WebTestBase;

/**
 * Tests the entity browser config UI.
 *
 * @group entity_browser
 */
class ConfigUITest extends WebTestBase {

  /**
   * The test user.
   *
   * @var \Drupal\User\UserInterface
   */
  protected $adminUser;

  /**
   * Modules to enable.
   *
   * @var array
   */
  public static $modules = ['entity_browser', 'ctools', 'block', 'views', 'entity_browser_entity_form'];

  /**
   * {@inheritdoc}
   */
  protected function setUp() {
    parent::setUp();
    $this->drupalPlaceBlock('local_actions_block');
    $this->adminUser = $this->drupalCreateUser([
      'administer entity browsers',
    ]);
  }

  /**
   * Tests the entity browser config UI.
   */
  public function testConfigUI() {
    // We need token module to test upload widget settings.
    $this->container->get('module_installer')->install(['token']);

    $this->drupalGet('/admin/config/content/entity_browser');
    $this->assertResponse(403, "Anonymous user can't access entity browser listing page.");
    $this->drupalGet('/admin/config/content/entity_browser/add');
    $this->assertResponse(403, "Anonymous user can't access entity browser add form.");

    // Listing is empty.
    $this->drupalLogin($this->adminUser);
    $this->drupalGet('/admin/config/content/entity_browser');
    $this->assertResponse(200, 'Admin user is able to navigate to the entity browser listing page.');
    $this->assertText('There is no Entity browser yet.', 'Entity browsers table is empty.');

    // Add page.
    $this->clickLink('Add Entity browser');
    $this->assertUrl('/admin/config/content/entity_browser/add');
    $edit = [
      'label' => 'Test entity browser',
      'id' => 'test_entity_browser',
      'display' => 'iframe',
      'widget_selector' => 'tabs',
      'selection_display' => 'no_display',
    ];
    $this->drupalPostForm(NULL, $edit, 'Next');

    // Display configuration step.
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/display', ['query' => ['js' => 'nojs']]);
    $edit = [
      'width' => 100,
      'height' => 100,
      'link_text' => 'All animals are created equal',
      'auto_open' => TRUE,
    ];
    $this->drupalPostForm(NULL, $edit, 'Next');

    // Widget selector step.
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widget_selector', ['query' => ['js' => 'nojs']]);
    $this->assertText('This plugin has no configuration options.');
    $this->drupalPostForm(NULL, [], 'Next');

    // Selection display step.
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/selection_display', ['query' => ['js' => 'nojs']]);
    $this->assertText('This plugin has no configuration options.');
    $this->drupalPostForm(NULL, [], 'Previous');

    // Widget selector step again.
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widget_selector', ['query' => ['js' => 'nojs']]);
    $this->assertText('This plugin has no configuration options.');
    $this->drupalPostForm(NULL, [], 'Next');

    // Selection display step.
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/selection_display', ['query' => ['js' => 'nojs']]);
    $this->assertText('This plugin has no configuration options.');
    $this->drupalPostForm(NULL, [], 'Next');

    // Widgets step.
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widgets', ['query' => ['js' => 'nojs']]);
    $this->assertText('The available plugins are:');
    $this->assertText("Upload: Adds an upload field browser's widget.");
    $this->assertText("View: Uses a view to provide entity listing in a browser's widget.");
    $this->assertText("Entity form: Provides entity form widget.");
    $this->drupalPostAjaxForm(NULL, ['widget' => 'upload'], 'widget');
    $this->assertText('Label (Upload)');
    $this->assertText('You can use tokens in the upload location.');
    $this->assertLink('Browse available tokens.');

    // Make sure that removing of widgets works.
    $this->drupalPostAjaxForm(NULL, ['widget' => 'view'], 'widget');
    $this->assertText('Label (View)');
    $this->assertText('View : View display', 'View selection dropdown label found.');
    $this->assertRaw('- Select a view -', 'Empty option appears in the view selection dropdown.');
    $this->assertText('Submit button text', 'Widget submit button text element found.');
    $this->assertFieldByXPath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-submit-text")]', 'Select entities', 'Widget submit button text element found.');
    $delete_buttons = $this->xpath("//input[@value='Delete']");
    $delete_button_name = (string) $delete_buttons[1]->attributes()['name'];
    $this->drupalPostAjaxForm(NULL, [], [$delete_button_name => 'Delete']);
    $this->assertNoText('View : View display', 'View widget was removed.');
    $this->assertNoRaw('- Select a view -', 'View widget was removed.');
    $this->assertEqual(count($this->xpath("//input[@value='Delete']")), 1, 'Only one delete button appears on the page.');

    // Make sure the "Entity form" widget has all available config elements.
    $this->drupalPostAjaxForm(NULL, ['widget' => 'entity_form'], 'widget');
    $this->assertText('Label (Entity form)');
    $this->assertText('Entity type', 'Entity type select found on IEF widget.');
    $this->assertText('Bundle', 'Bundle select found on IEF widget.');
    $this->assertText('Form mode', 'Form mode select found on IEF widget.');
    $this->assertFieldByXPath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-submit-text")]', 'Save entity', 'Widget submit button text element found.');
    $entity_type_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-entity-type")]');
    $entity_type_name = (string) $entity_type_element[0]['name'];
    $edit = [
      $entity_type_name => 'user',
    ];
    $commands = $this->drupalPostAjaxForm(NULL, $edit, $entity_type_name);
    // WebTestBase::drupalProcessAjaxResponse() won't correctly execute our ajax
    // commands so we have to do it manually. Code below is based on the logic
    // in that function.
    $content = $this->content;
    $dom = new \DOMDocument();
    @$dom->loadHTML($content);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
    $xpath = new \DOMXPath($dom);
    foreach ($commands as $command) {
      if ($command['command'] == 'insert' && $command['method'] == 'replaceWith') {
        $wrapperNode = $xpath->query('//*[@id="' . ltrim($command['selector'], '#') . '"]')->item(0);
        $newDom = new \DOMDocument();
        @$newDom->loadHTML('<div>' . $command['data'] . '</div>');
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
        $newNode = @$dom->importNode($newDom->documentElement->firstChild->firstChild, TRUE);
        $wrapperNode->parentNode->replaceChild($newNode, $wrapperNode);
        $content = $dom->saveHTML();
        $this->setRawContent($content);
      }
    }
    $this->verbose($content);
    // Assure the form_mode "Register" is one of the available options.
    $form_mode_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-form-mode-form-select")]');
    $form_mode_id = (string) $form_mode_element[0]['id'];
    $form_mode_name = (string) $form_mode_element[0]['name'];
    $this->assertOption($form_mode_id, 'register', 'A non-default form mode is correctly available to be chosen.');
    $bundle_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-bundle-select")]');
    $bundle_name = (string) $bundle_element[0]['name'];
    $submit_text_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-submit-text")]');
    $submit_text_name = (string) $submit_text_element[1]['name'];
    $edit = [
      $entity_type_name => 'user',
      $bundle_name => 'user',
      $form_mode_name => 'register',
      $submit_text_name => 'But some are more equal than others',
    ];
    $this->drupalPostForm(NULL, $edit, 'Finish');

    // Back on listing page.
    $this->assertUrl('/admin/config/content/entity_browser');
    $this->assertText('Test entity browser', 'Entity browser label found on the listing page');
    $this->assertText('test_entity_browser', 'Entity browser ID found on the listing page.');

    // Check structure of entity browser object.
    /** @var \Drupal\entity_browser\EntityBrowserInterface $loaded_entity_browser */
    $loaded_entity_browser = $this->container->get('entity_type.manager')
      ->getStorage('entity_browser')
      ->load('test_entity_browser');
    $this->assertEqual('test_entity_browser', $loaded_entity_browser->id(), 'Entity browser ID was correctly saved.');
    $this->assertEqual('Test entity browser', $loaded_entity_browser->label(), 'Entity browser label was correctly saved.');
    $this->assertTrue($loaded_entity_browser->getDisplay() instanceof IFrame, 'Entity browser display was correctly saved.');
    $expected = [
      'width' => '100',
      'height' => '100',
      'link_text' => 'All animals are created equal',
      'auto_open' => TRUE,
    ];
    $this->assertEqual($expected, $loaded_entity_browser->getDisplay()->getConfiguration(), 'Entity browser display configuration was correctly saved.');
    $this->assertTrue($loaded_entity_browser->getSelectionDisplay() instanceof NoDisplay, 'Entity browser selection display was correctly saved.');
    $this->assertEqual([], $loaded_entity_browser->getSelectionDisplay()->getConfiguration(), 'Entity browser selection display configuration was correctly saved.');
    $this->assertEqual($loaded_entity_browser->getWidgetSelector() instanceof Tabs, 'Entity browser widget selector was correctly saved.');
    $this->assertEqual([], $loaded_entity_browser->getWidgetSelector()->getConfiguration(), 'Entity browser widget selector configuration was correctly saved.');

    $widgets = $loaded_entity_browser->getWidgets();
    $instance_ids = $widgets->getInstanceIds();
    $first_uuid = current($instance_ids);
    $second_uuid = next($instance_ids);
    /** @var \Drupal\entity_browser\WidgetInterface $widget */
    $widget = $widgets->get($first_uuid);
    $this->assertEqual('upload', $widget->id(), 'Entity browser widget was correctly saved.');
    $this->assertEqual($first_uuid, $widget->uuid(), 'Entity browser widget uuid was correctly saved.');
    $configuration = $widget->getConfiguration()['settings'];
    $this->assertEqual([
      'upload_location' => 'public://',
      'multiple' => TRUE,
      'submit_text' => 'Select files',
      'extensions' => 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp',
    ], $configuration, 'Entity browser widget configuration was correctly saved.');
    $this->assertEqual(1, $widget->getWeight(), 'Entity browser widget weight was correctly saved.');
    $widget = $widgets->get($second_uuid);
    $this->assertEqual('entity_form', $widget->id(), 'Entity browser widget was correctly saved.');
    $this->assertEqual($second_uuid, $widget->uuid(), 'Entity browser widget uuid was correctly saved.');
    $configuration = $widget->getConfiguration()['settings'];
    $this->assertEqual([
      'entity_type' => 'user',
      'bundle' => 'user',
      'form_mode' => 'register',
      'submit_text' => 'But some are more equal than others',
    ], $configuration, 'Entity browser widget configuration was correctly saved.');
    $this->assertEqual(2, $widget->getWeight(), 'Entity browser widget weight was correctly saved.');

    // Navigate to edit.
    $this->clickLink('Edit');
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser');
    $this->assertFieldById('edit-label', 'Test entity browser', 'Correct label found.');
    $this->assertText('test_entity_browser', 'Correct id found.');
    $this->assertOptionSelected('edit-display', 'iframe', 'Correct display selected.');
    $this->assertOptionSelected('edit-widget-selector', 'tabs', 'Correct widget selector selected.');
    $this->assertOptionSelected('edit-selection-display', 'no_display', 'Correct selection display selected.');

    $this->drupalPostForm(NULL, [], 'Next');
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/display', ['query' => ['js' => 'nojs']]);
    $this->assertFieldById('edit-width', '100', 'Correct value for width found.');
    $this->assertFieldById('edit-height', '100', 'Correct value for height found.');
    $this->assertFieldById('edit-link-text', 'All animals are created equal', 'Correct value for link text found.');
    $this->assertFieldChecked('edit-auto-open', 'Auto open is enabled.');

    $this->drupalPostForm(NULL, [], 'Next');
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widget_selector', ['query' => ['js' => 'nojs']]);

    $this->drupalPostForm(NULL, [], 'Next');
    $this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/selection_display', ['query' => ['js' => 'nojs']]);

    $this->drupalPostForm(NULL, [], 'Next');
    $this->assertFieldById('edit-table-' . $first_uuid . '-label', 'upload', 'Correct value for widget label found.');
    $this->assertFieldChecked('edit-table-' . $first_uuid . '-form-multiple', 'Accept multiple files option is enabled by default.');
    $this->assertText('Multiple uploads will only be accepted if the source field allows more than one value.');
    $this->assertFieldById('edit-table-' . $first_uuid . '-form-upload-location', 'public://', 'Correct value for upload location found.');
    $this->assertFieldByXPath("//input[@data-drupal-selector='edit-table-" . $first_uuid . "-form-submit-text']", 'Select files', 'Correct value for submit text found.');
    $this->assertFieldById('edit-table-' . $second_uuid . '-label', 'entity_form', 'Correct value for widget label found.');
    $this->assertOptionSelectedWithDrupalSelector('edit-table-' . $second_uuid . '-form-entity-type', 'user', 'Correct value for entity type found.');
    $this->assertOptionSelectedWithDrupalSelector('edit-table-' . $second_uuid . '-form-bundle-select', 'user', 'Correct value for bundle found.');
    $this->assertOptionSelectedWithDrupalSelector('edit-table-' . $second_uuid . '-form-form-mode-form-select', 'register', 'Correct value for form modes found.');
    $this->assertFieldByXPath("//input[@data-drupal-selector='edit-table-" . $second_uuid . "-form-submit-text']", 'But some are more equal than others', 'Correct value for submit text found.');

    $this->drupalPostForm(NULL, ['table[' . $first_uuid . '][form][multiple]' => FALSE], 'Finish');
    $this->drupalGet('/admin/config/content/entity_browser/test_entity_browser/widgets');
    $this->assertNoFieldChecked('edit-table-' . $first_uuid . '-form-multiple', 'Accept multiple files option is disabled.');

    $this->drupalLogout();
    $this->drupalGet('/admin/config/content/entity_browser/test_entity_browser');
    $this->assertResponse(403, "Anonymous user can't access entity browser edit form.");

    $this->drupalLogin($this->adminUser);
    $this->drupalGet('/admin/config/content/entity_browser');
    $this->clickLink('Delete');
    $this->assertText('This action cannot be undone.', 'Delete question found.');
    $this->drupalPostForm(NULL, [], 'Delete Entity Browser');

    $this->assertText('Entity browser Test entity browser was deleted.', 'Confirmation message found.');
    $this->assertText('There is no Entity browser yet.', 'Entity browsers table is empty.');
    $this->drupalLogout();
  }

}


1			<?php
2
3			namespace Drupal\entity_browser\Tests;
4
5			use Drupal\entity_browser\Plugin\EntityBrowser\Display\IFrame;
6			use Drupal\entity_browser\Plugin\EntityBrowser\SelectionDisplay\NoDisplay;
7			use Drupal\entity_browser\Plugin\EntityBrowser\WidgetSelector\Tabs;
8			use Drupal\simpletest\WebTestBase;
9
10			/**
11			* Tests the entity browser config UI.
12			*
13			* @group entity_browser
14			*/
15			class ConfigUITest extends WebTestBase {
16
17			/**
18			* The test user.
19			*
20			* @var \Drupal\User\UserInterface
21			*/
22			protected $adminUser;
23
24			/**
25			* Modules to enable.
26			*
27			* @var array
28			*/
29			public static $modules = ['entity_browser', 'ctools', 'block', 'views', 'entity_browser_entity_form'];
30
31			/**
32			* {@inheritdoc}
33			*/
34			protected function setUp() {
35			parent::setUp();
36			$this->drupalPlaceBlock('local_actions_block');
37			$this->adminUser = $this->drupalCreateUser([
38			'administer entity browsers',
39			]);
40			}
41
42			/**
43			* Tests the entity browser config UI.
44			*/
45			public function testConfigUI() {
46			// We need token module to test upload widget settings.
47			$this->container->get('module_installer')->install(['token']);
48
49			$this->drupalGet('/admin/config/content/entity_browser');
50			$this->assertResponse(403, "Anonymous user can't access entity browser listing page.");
51			$this->drupalGet('/admin/config/content/entity_browser/add');
52			$this->assertResponse(403, "Anonymous user can't access entity browser add form.");
53
54			// Listing is empty.
55			$this->drupalLogin($this->adminUser);
56			$this->drupalGet('/admin/config/content/entity_browser');
57			$this->assertResponse(200, 'Admin user is able to navigate to the entity browser listing page.');
58			$this->assertText('There is no Entity browser yet.', 'Entity browsers table is empty.');
59
60			// Add page.
61			$this->clickLink('Add Entity browser');
62			$this->assertUrl('/admin/config/content/entity_browser/add');
63			$edit = [
64			'label' => 'Test entity browser',
65			'id' => 'test_entity_browser',
66			'display' => 'iframe',
67			'widget_selector' => 'tabs',
68			'selection_display' => 'no_display',
69			];
70			$this->drupalPostForm(NULL, $edit, 'Next');
71
72			// Display configuration step.
73			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/display', ['query' => ['js' => 'nojs']]);
74			$edit = [
75			'width' => 100,
76			'height' => 100,
77			'link_text' => 'All animals are created equal',
78			'auto_open' => TRUE,
79			];
80			$this->drupalPostForm(NULL, $edit, 'Next');
81
82			// Widget selector step.
83			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widget_selector', ['query' => ['js' => 'nojs']]);
84			$this->assertText('This plugin has no configuration options.');
85			$this->drupalPostForm(NULL, [], 'Next');
86
87			// Selection display step.
88			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/selection_display', ['query' => ['js' => 'nojs']]);
89			$this->assertText('This plugin has no configuration options.');
90			$this->drupalPostForm(NULL, [], 'Previous');
91
92			// Widget selector step again.
93			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widget_selector', ['query' => ['js' => 'nojs']]);
94			$this->assertText('This plugin has no configuration options.');
95			$this->drupalPostForm(NULL, [], 'Next');
96
97			// Selection display step.
98			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/selection_display', ['query' => ['js' => 'nojs']]);
99			$this->assertText('This plugin has no configuration options.');
100			$this->drupalPostForm(NULL, [], 'Next');
101
102			// Widgets step.
103			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widgets', ['query' => ['js' => 'nojs']]);
104			$this->assertText('The available plugins are:');
105			$this->assertText("Upload: Adds an upload field browser's widget.");
106			$this->assertText("View: Uses a view to provide entity listing in a browser's widget.");
107			$this->assertText("Entity form: Provides entity form widget.");
108			$this->drupalPostAjaxForm(NULL, ['widget' => 'upload'], 'widget');
109			$this->assertText('Label (Upload)');
110			$this->assertText('You can use tokens in the upload location.');
111			$this->assertLink('Browse available tokens.');
112
113			// Make sure that removing of widgets works.
114			$this->drupalPostAjaxForm(NULL, ['widget' => 'view'], 'widget');
115			$this->assertText('Label (View)');
116			$this->assertText('View : View display', 'View selection dropdown label found.');
117			$this->assertRaw('- Select a view -', 'Empty option appears in the view selection dropdown.');
118			$this->assertText('Submit button text', 'Widget submit button text element found.');
119			$this->assertFieldByXPath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-submit-text")]', 'Select entities', 'Widget submit button text element found.');
120			$delete_buttons = $this->xpath("//input[@value='Delete']");
121			$delete_button_name = (string) $delete_buttons[1]->attributes()['name'];
122			$this->drupalPostAjaxForm(NULL, [], [$delete_button_name => 'Delete']);
123			$this->assertNoText('View : View display', 'View widget was removed.');
124			$this->assertNoRaw('- Select a view -', 'View widget was removed.');
125			$this->assertEqual(count($this->xpath("//input[@value='Delete']")), 1, 'Only one delete button appears on the page.');
126
127			// Make sure the "Entity form" widget has all available config elements.
128			$this->drupalPostAjaxForm(NULL, ['widget' => 'entity_form'], 'widget');
129			$this->assertText('Label (Entity form)');
130			$this->assertText('Entity type', 'Entity type select found on IEF widget.');
131			$this->assertText('Bundle', 'Bundle select found on IEF widget.');
132			$this->assertText('Form mode', 'Form mode select found on IEF widget.');
133			$this->assertFieldByXPath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-submit-text")]', 'Save entity', 'Widget submit button text element found.');
134			$entity_type_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-entity-type")]');
135			$entity_type_name = (string) $entity_type_element[0]['name'];
136			$edit = [
137			$entity_type_name => 'user',
138			];
139			$commands = $this->drupalPostAjaxForm(NULL, $edit, $entity_type_name);
140			// WebTestBase::drupalProcessAjaxResponse() won't correctly execute our ajax
141			// commands so we have to do it manually. Code below is based on the logic
142			// in that function.
143			$content = $this->content;
144			$dom = new \DOMDocument();
145			@$dom->loadHTML($content);
			0 ignored issues – show Security Best Practice introduced 2016-07-14 15:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
146			$xpath = new \DOMXPath($dom);
147			foreach ($commands as $command) {
148			if ($command['command'] == 'insert' && $command['method'] == 'replaceWith') {
149			$wrapperNode = $xpath->query('//*[@id="' . ltrim($command['selector'], '#') . '"]')->item(0);
150			$newDom = new \DOMDocument();
151			@$newDom->loadHTML('<div>' . $command['data'] . '</div>');
			0 ignored issues – show Security Best Practice introduced 2016-07-14 15:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
152			$newNode = @$dom->importNode($newDom->documentElement->firstChild->firstChild, TRUE);
153			$wrapperNode->parentNode->replaceChild($newNode, $wrapperNode);
154			$content = $dom->saveHTML();
155			$this->setRawContent($content);
156			}
157			}
158			$this->verbose($content);
159			// Assure the form_mode "Register" is one of the available options.
160			$form_mode_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-form-mode-form-select")]');
161			$form_mode_id = (string) $form_mode_element[0]['id'];
162			$form_mode_name = (string) $form_mode_element[0]['name'];
163			$this->assertOption($form_mode_id, 'register', 'A non-default form mode is correctly available to be chosen.');
164			$bundle_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-bundle-select")]');
165			$bundle_name = (string) $bundle_element[0]['name'];
166			$submit_text_element = $this->xpath('//*[starts-with(@data-drupal-selector, "edit-table-") and contains(@data-drupal-selector, "-form-submit-text")]');
167			$submit_text_name = (string) $submit_text_element[1]['name'];
168			$edit = [
169			$entity_type_name => 'user',
170			$bundle_name => 'user',
171			$form_mode_name => 'register',
172			$submit_text_name => 'But some are more equal than others',
173			];
174			$this->drupalPostForm(NULL, $edit, 'Finish');
175
176			// Back on listing page.
177			$this->assertUrl('/admin/config/content/entity_browser');
178			$this->assertText('Test entity browser', 'Entity browser label found on the listing page');
179			$this->assertText('test_entity_browser', 'Entity browser ID found on the listing page.');
180
181			// Check structure of entity browser object.
182			/** @var \Drupal\entity_browser\EntityBrowserInterface $loaded_entity_browser */
183			$loaded_entity_browser = $this->container->get('entity_type.manager')
184			->getStorage('entity_browser')
185			->load('test_entity_browser');
186			$this->assertEqual('test_entity_browser', $loaded_entity_browser->id(), 'Entity browser ID was correctly saved.');
187			$this->assertEqual('Test entity browser', $loaded_entity_browser->label(), 'Entity browser label was correctly saved.');
188			$this->assertTrue($loaded_entity_browser->getDisplay() instanceof IFrame, 'Entity browser display was correctly saved.');
189			$expected = [
190			'width' => '100',
191			'height' => '100',
192			'link_text' => 'All animals are created equal',
193			'auto_open' => TRUE,
194			];
195			$this->assertEqual($expected, $loaded_entity_browser->getDisplay()->getConfiguration(), 'Entity browser display configuration was correctly saved.');
196			$this->assertTrue($loaded_entity_browser->getSelectionDisplay() instanceof NoDisplay, 'Entity browser selection display was correctly saved.');
197			$this->assertEqual([], $loaded_entity_browser->getSelectionDisplay()->getConfiguration(), 'Entity browser selection display configuration was correctly saved.');
198			$this->assertEqual($loaded_entity_browser->getWidgetSelector() instanceof Tabs, 'Entity browser widget selector was correctly saved.');
199			$this->assertEqual([], $loaded_entity_browser->getWidgetSelector()->getConfiguration(), 'Entity browser widget selector configuration was correctly saved.');
200
201			$widgets = $loaded_entity_browser->getWidgets();
202			$instance_ids = $widgets->getInstanceIds();
203			$first_uuid = current($instance_ids);
204			$second_uuid = next($instance_ids);
205			/** @var \Drupal\entity_browser\WidgetInterface $widget */
206			$widget = $widgets->get($first_uuid);
207			$this->assertEqual('upload', $widget->id(), 'Entity browser widget was correctly saved.');
208			$this->assertEqual($first_uuid, $widget->uuid(), 'Entity browser widget uuid was correctly saved.');
209			$configuration = $widget->getConfiguration()['settings'];
210			$this->assertEqual([
211			'upload_location' => 'public://',
212			'multiple' => TRUE,
213			'submit_text' => 'Select files',
214			'extensions' => 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp',
215			], $configuration, 'Entity browser widget configuration was correctly saved.');
216			$this->assertEqual(1, $widget->getWeight(), 'Entity browser widget weight was correctly saved.');
217			$widget = $widgets->get($second_uuid);
218			$this->assertEqual('entity_form', $widget->id(), 'Entity browser widget was correctly saved.');
219			$this->assertEqual($second_uuid, $widget->uuid(), 'Entity browser widget uuid was correctly saved.');
220			$configuration = $widget->getConfiguration()['settings'];
221			$this->assertEqual([
222			'entity_type' => 'user',
223			'bundle' => 'user',
224			'form_mode' => 'register',
225			'submit_text' => 'But some are more equal than others',
226			], $configuration, 'Entity browser widget configuration was correctly saved.');
227			$this->assertEqual(2, $widget->getWeight(), 'Entity browser widget weight was correctly saved.');
228
229			// Navigate to edit.
230			$this->clickLink('Edit');
231			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser');
232			$this->assertFieldById('edit-label', 'Test entity browser', 'Correct label found.');
233			$this->assertText('test_entity_browser', 'Correct id found.');
234			$this->assertOptionSelected('edit-display', 'iframe', 'Correct display selected.');
235			$this->assertOptionSelected('edit-widget-selector', 'tabs', 'Correct widget selector selected.');
236			$this->assertOptionSelected('edit-selection-display', 'no_display', 'Correct selection display selected.');
237
238			$this->drupalPostForm(NULL, [], 'Next');
239			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/display', ['query' => ['js' => 'nojs']]);
240			$this->assertFieldById('edit-width', '100', 'Correct value for width found.');
241			$this->assertFieldById('edit-height', '100', 'Correct value for height found.');
242			$this->assertFieldById('edit-link-text', 'All animals are created equal', 'Correct value for link text found.');
243			$this->assertFieldChecked('edit-auto-open', 'Auto open is enabled.');
244
245			$this->drupalPostForm(NULL, [], 'Next');
246			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/widget_selector', ['query' => ['js' => 'nojs']]);
247
248			$this->drupalPostForm(NULL, [], 'Next');
249			$this->assertUrl('/admin/config/content/entity_browser/test_entity_browser/selection_display', ['query' => ['js' => 'nojs']]);
250
251			$this->drupalPostForm(NULL, [], 'Next');
252			$this->assertFieldById('edit-table-' . $first_uuid . '-label', 'upload', 'Correct value for widget label found.');
253			$this->assertFieldChecked('edit-table-' . $first_uuid . '-form-multiple', 'Accept multiple files option is enabled by default.');
254			$this->assertText('Multiple uploads will only be accepted if the source field allows more than one value.');
255			$this->assertFieldById('edit-table-' . $first_uuid . '-form-upload-location', 'public://', 'Correct value for upload location found.');
256			$this->assertFieldByXPath("//input[@data-drupal-selector='edit-table-" . $first_uuid . "-form-submit-text']", 'Select files', 'Correct value for submit text found.');
257			$this->assertFieldById('edit-table-' . $second_uuid . '-label', 'entity_form', 'Correct value for widget label found.');
258			$this->assertOptionSelectedWithDrupalSelector('edit-table-' . $second_uuid . '-form-entity-type', 'user', 'Correct value for entity type found.');
259			$this->assertOptionSelectedWithDrupalSelector('edit-table-' . $second_uuid . '-form-bundle-select', 'user', 'Correct value for bundle found.');
260			$this->assertOptionSelectedWithDrupalSelector('edit-table-' . $second_uuid . '-form-form-mode-form-select', 'register', 'Correct value for form modes found.');
261			$this->assertFieldByXPath("//input[@data-drupal-selector='edit-table-" . $second_uuid . "-form-submit-text']", 'But some are more equal than others', 'Correct value for submit text found.');
262
263			$this->drupalPostForm(NULL, ['table[' . $first_uuid . '][form][multiple]' => FALSE], 'Finish');
264			$this->drupalGet('/admin/config/content/entity_browser/test_entity_browser/widgets');
265			$this->assertNoFieldChecked('edit-table-' . $first_uuid . '-form-multiple', 'Accept multiple files option is disabled.');
266
267			$this->drupalLogout();
268			$this->drupalGet('/admin/config/content/entity_browser/test_entity_browser');
269			$this->assertResponse(403, "Anonymous user can't access entity browser edit form.");
270
271			$this->drupalLogin($this->adminUser);
272			$this->drupalGet('/admin/config/content/entity_browser');
273			$this->clickLink('Delete');
274			$this->assertText('This action cannot be undone.', 'Delete question found.');
275			$this->drupalPostForm(NULL, [], 'Delete Entity Browser');
276
277			$this->assertText('Entity browser Test entity browser was deleted.', 'Confirmation message found.');
278			$this->assertText('There is no Entity browser yet.', 'Entity browsers table is empty.');
279			$this->drupalLogout();
280			}
281
282			}
283

drupal-media / entity_browser

Issues (71)

Security Analysis no request data

src/Tests/ConfigUITest.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like