- Patch ##239676 by v1nce, pwolanin, mfb: fixed SA-CORE-2009-001: missing validation for hook_user().
parent
01c7f79adc
commit
3005b0990e
|
@ -1950,6 +1950,7 @@ function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
|
|||
'#size' => 48,
|
||||
'#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions pixels and the maximum size is %size kB.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'), '%size' => variable_get('user_picture_file_size', '30'))) . ' ' . variable_get('user_picture_guidelines', ''),
|
||||
);
|
||||
$form['#validate'][] = 'user_profile_form_validate';
|
||||
$form['#validate'][] = 'user_validate_picture';
|
||||
}
|
||||
$form['#uid'] = $uid;
|
||||
|
|
|
@ -1186,3 +1186,38 @@ class UserSaveTestCase extends DrupalWebTestCase {
|
|||
$this->assertTrue($user_by_name, t('Loading user by name.'));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test case to test user_save() behaviour.
|
||||
*/
|
||||
class UserEditTestCase extends DrupalWebTestCase {
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'User edit',
|
||||
'description' => 'Test user edit page.',
|
||||
'group' => 'User',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test user edit page.
|
||||
*/
|
||||
function testUserEdit() {
|
||||
// Test user edit functionality with user pictures disabled.
|
||||
variable_set('user_pictures', 0);
|
||||
$user1 = $this->drupalCreateUser(array('change own username'));
|
||||
$user2 = $this->drupalCreateUser(array());
|
||||
$this->drupalLogin($user1);
|
||||
|
||||
// Test that error message appears when attempting to use a non-unique user name.
|
||||
$edit['name'] = $user2->name;
|
||||
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
|
||||
$this->assertRaw(t('The name %name is already taken.', array('%name' => $edit['name'])));
|
||||
|
||||
// Repeat the test with user pictures enabled, which modifies the form.
|
||||
variable_set('user_pictures', 1);
|
||||
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
|
||||
$this->assertRaw(t('The name %name is already taken.', array('%name' => $edit['name'])));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue