diff --git a/lib/internal/Magento/Framework/File/Test/Unit/UploaderTest.php b/lib/internal/Magento/Framework/File/Test/Unit/UploaderTest.php index de79d2b6d7080..ffbc51782f903 100644 --- a/lib/internal/Magento/Framework/File/Test/Unit/UploaderTest.php +++ b/lib/internal/Magento/Framework/File/Test/Unit/UploaderTest.php @@ -15,6 +15,13 @@ */ class UploaderTest extends TestCase { + /** + * Uploader model + * + * @var \Magento\Framework\File\Uploader + */ + protected $_model; + /** * @param string $fileName * @param string|bool $expectedCorrectedFileName @@ -67,4 +74,69 @@ public function getCorrectFileNameProvider() ] ]; } + + /** + * + */ + public function testFileSingleUpload() + { + $sysTmpFolder = sys_get_temp_dir(); + $fileId = "testimagepngfile"; + $uploaded_filename = $sysTmpFolder . "/" . $fileId; + $imagestring = "data:image/webp;base64,UklGRoYEAABXRUJQVlA4IHoEAACQKgCdASoAAQABPkkkjUUioiETPpSQKASEsrdwtyDMUgcmO4Pxb8o9zG63+Of5R5L/YfzA+QP6/9vHzs/zP+A9of/A9QD9KOln5gP13/ZD3hv9V1AH9G6kL+n+oB+wHlAfD5+437Ae0BqwPV0DE1vv5JOEs6L1cvSRuOfknd3d3dL1tpwlnResJQR+NHPyTu7u6XrbThLOi9YSgj7idUK6lLlFRs5REdk5bl1Cj4V10Dc6/VbAeI5hP2Mz7Ad8NflHEg1OcMNThZsibQMuI5i+BBgcNgDZAGRilVaV97A63fEnhUsHAh+34kOZ7o4X/NqLPuk87UBQeB22PMUG5SyELop/1fp/OOReuY8ErnnlvVt5sy2FbAeIwhYjFZokINgg1aQVjlogGfSINxAUU6ZAyHOcWKUnm561l1ixXd3d3d3dL1tpwlnResJQR+NHPyTu7u6XrbThLOi9YSWAAP13AdVi8Xqe4VLs+URR2fUf81LdBdC0wcP/sRaAAKcF6uXyM88AoR/IygHdNUBL/8aQC7jOX6aXAOyBc1K2VQ+CPyDp09nbHKYJkoS95ltNPTkGdZFlnr+0URtVLKWlmoBjRoJBnLkxgPBan+q/7v0sFaAgqUTPVARxi0KeBvyE2fYvtN0wXfsYpll2ZyTFaWv74g+NvwOIorfxppmtw1Aoe44JrkNfy92+kxmHl09JB5IWndyUZRPg0ENUORNjjrfwR53QUrAv0Pbw3+KzCsmRClX/6j5qHi+MfbVkmbixgheNw1TRP+3vwHXXuzEZM9TBO9XANE2AzPm878LDSXDOwItzSeQesOJ62rm1UQvWaVDgH2Kn7M+8xwg+T/+OjC+iY095CFjS9okvc+qsvdTPVwAlO7LtBI0EIPzRzF5Gp/c/CFXvKUexvfh0wdgpZaH/mhYsOOYQ1+soKHvHXb8NNEASvkpeRQQ4cgkQeZ/n+265EAlN9vhsykU8uXhZMStw7o1Idw9eCuibOJ1q9fsUHxPsvdcdyKs6wWk+nD/AQNd6QoTqJzEJdsktuk7OmIPUMoHaVM8kQapQgGTe7ZzbSoFUgTNBpbI/v54p/QDvwLZtdANku5UFSccarNnogJ7N+vS0JAcldFM4Xktoll84uqcC+2xZIBAGyrliTzRiLwm2CMjXgif2ln3Kjoyhg7+VIHP5u6jkHupENMNqzDQCwxlAIZ/mZp6PTaakjeTLsEPPPQlP+HapL566KF1CLCjgDgyWkOPLlDPmi8UrpWJM4p9ujO2RAd5UT9KuIOrTRPTaFnL/Z3OmIwwnw9UKaRMXJyeGQL01KGd2+xR8WYSiFsv70JlpBI3+srAMzPIUll3LDCN7HfKyg9b34wav8xZWi8KcRgfRmRUtZ1y9JCMD+sTeve2bR0WxgWADnPLeEHRzPVh2b/invd69EQjklxr6vYcUllQuKf2NXXbpTXnPgBlUX+mCJFcAhtrgHCTQggsxeQT14ylsCgRtMvJHskl979QMxjLIwAF44RAQMYccBwblWgDiDoAAAAA="; + $data = file_put_contents($uploaded_filename, base64_decode($imagestring)); + + $_FILES = [ $fileId => [ + "name"=>"testimage.png", + "type"=> "image/png", + "tmp_name"=>$uploaded_filename, + "error"=>0, + "size"=>1166 + ]]; + + $this->_model = new Uploader($fileId); + + $this->assertEquals( + file_exists($uploaded_filename), + true + ); + + } + + /** + * + */ + public function testFileMultipleUpload() + { + $sysTmpFolder = sys_get_temp_dir(); + $fileId = "testimagepngfile"; + $uploaded_filename = $sysTmpFolder . "/" . $fileId; + $imagestring = "data:image/webp;base64,UklGRoYEAABXRUJQVlA4IHoEAACQKgCdASoAAQABPkkkjUUioiETPpSQKASEsrdwtyDMUgcmO4Pxb8o9zG63+Of5R5L/YfzA+QP6/9vHzs/zP+A9of/A9QD9KOln5gP13/ZD3hv9V1AH9G6kL+n+oB+wHlAfD5+437Ae0BqwPV0DE1vv5JOEs6L1cvSRuOfknd3d3dL1tpwlnResJQR+NHPyTu7u6XrbThLOi9YSgj7idUK6lLlFRs5REdk5bl1Cj4V10Dc6/VbAeI5hP2Mz7Ad8NflHEg1OcMNThZsibQMuI5i+BBgcNgDZAGRilVaV97A63fEnhUsHAh+34kOZ7o4X/NqLPuk87UBQeB22PMUG5SyELop/1fp/OOReuY8ErnnlvVt5sy2FbAeIwhYjFZokINgg1aQVjlogGfSINxAUU6ZAyHOcWKUnm561l1ixXd3d3d3dL1tpwlnResJQR+NHPyTu7u6XrbThLOi9YSWAAP13AdVi8Xqe4VLs+URR2fUf81LdBdC0wcP/sRaAAKcF6uXyM88AoR/IygHdNUBL/8aQC7jOX6aXAOyBc1K2VQ+CPyDp09nbHKYJkoS95ltNPTkGdZFlnr+0URtVLKWlmoBjRoJBnLkxgPBan+q/7v0sFaAgqUTPVARxi0KeBvyE2fYvtN0wXfsYpll2ZyTFaWv74g+NvwOIorfxppmtw1Aoe44JrkNfy92+kxmHl09JB5IWndyUZRPg0ENUORNjjrfwR53QUrAv0Pbw3+KzCsmRClX/6j5qHi+MfbVkmbixgheNw1TRP+3vwHXXuzEZM9TBO9XANE2AzPm878LDSXDOwItzSeQesOJ62rm1UQvWaVDgH2Kn7M+8xwg+T/+OjC+iY095CFjS9okvc+qsvdTPVwAlO7LtBI0EIPzRzF5Gp/c/CFXvKUexvfh0wdgpZaH/mhYsOOYQ1+soKHvHXb8NNEASvkpeRQQ4cgkQeZ/n+265EAlN9vhsykU8uXhZMStw7o1Idw9eCuibOJ1q9fsUHxPsvdcdyKs6wWk+nD/AQNd6QoTqJzEJdsktuk7OmIPUMoHaVM8kQapQgGTe7ZzbSoFUgTNBpbI/v54p/QDvwLZtdANku5UFSccarNnogJ7N+vS0JAcldFM4Xktoll84uqcC+2xZIBAGyrliTzRiLwm2CMjXgif2ln3Kjoyhg7+VIHP5u6jkHupENMNqzDQCwxlAIZ/mZp6PTaakjeTLsEPPPQlP+HapL566KF1CLCjgDgyWkOPLlDPmi8UrpWJM4p9ujO2RAd5UT9KuIOrTRPTaFnL/Z3OmIwwnw9UKaRMXJyeGQL01KGd2+xR8WYSiFsv70JlpBI3+srAMzPIUll3LDCN7HfKyg9b34wav8xZWi8KcRgfRmRUtZ1y9JCMD+sTeve2bR0WxgWADnPLeEHRzPVh2b/invd69EQjklxr6vYcUllQuKf2NXXbpTXnPgBlUX+mCJFcAhtrgHCTQggsxeQT14ylsCgRtMvJHskl979QMxjLIwAF44RAQMYccBwblWgDiDoAAAAA="; + $data = file_put_contents($uploaded_filename, base64_decode($imagestring)); + + $_FILES = + [$fileId=>[ + "name"=>["testimage.png",""], + "type"=>["image/png",""], + "tmp_name"=>[$uploaded_filename,""], + "error"=>[0,4], + "size"=>[1166,0] + ]]; + + $fileId=[ + "name"=>"testimage.png", + "type"=> "image/png", + "tmp_name"=>$uploaded_filename, + "error"=>0, + "size"=>1166 + ]; + + $this->_model = new Uploader($fileId); + + $this->assertEquals( + file_exists($uploaded_filename), + true + ); + + } } diff --git a/lib/internal/Magento/Framework/File/Uploader.php b/lib/internal/Magento/Framework/File/Uploader.php index f707ec6dd5461..3b3e0b97c34c7 100644 --- a/lib/internal/Magento/Framework/File/Uploader.php +++ b/lib/internal/Magento/Framework/File/Uploader.php @@ -628,8 +628,12 @@ private function validateFileId(array $fileId): void $tmpName = trim($fileId['tmp_name']); if (preg_match('/\.\.(\\\|\/)/', $tmpName) !== 1) { + $sysTmpFolder = sys_get_temp_dir(); + $sysTmpFolderRealPath = realpath($sysTmpFolder); + $allowedFolders = [ - sys_get_temp_dir(), + $sysTmpFolder, + $sysTmpFolderRealPath, $this->directoryList->getPath(DirectoryList::MEDIA), $this->directoryList->getPath(DirectoryList::VAR_DIR), $this->directoryList->getPath(DirectoryList::TMP),