function SaveUploadTest::testSecurityRenameLogging

Tests that security renames are logged to watchdog.

File

core/modules/file/tests/src/Functional/SaveUploadTest.php, line 385

Class

SaveUploadTest
Tests the file_save_upload() function.

Namespace

Drupal\Tests\file\Functional

Code

public function testSecurityRenameLogging() : void {
  // Clear the watchdog log to ensure we only see entries from this test.
  Database::getConnection()->delete('watchdog')
    ->execute();
  // Upload a dangerous file that will be renamed for security reasons.
  $edit = [
    'file_test_replace' => FileExists::Replace->name,
    'files[file_test_upload]' => \Drupal::service('file_system')->realpath($this->phpFile->uri),
    'is_image_file' => FALSE,
    'extensions' => 'php txt',
  ];
  $this->drupalGet('file-test/upload');
  $this->submitForm($edit, 'Submit');
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->assertSession()
    ->pageTextContains("You WIN!");
  // Verify that the security rename was logged.
  $query = Database::getConnection()->select('watchdog', 'w')
    ->fields('w', [
    'message',
    'variables',
  ])
    ->condition('type', 'file')
    ->condition('message', '%security reasons%', 'LIKE')
    ->execute();
  $log_entry = $query->fetchObject();
  $this->assertNotNull($log_entry, 'A security rename log entry was created.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.