- Patch ##239676 by v1nce, pwolanin, mfb: fixed SA-CORE-2009-001: missing validation for hook_user().

merge-requests/26/head
Dries Buytaert 2009-09-05 05:45:45 +00:00
parent 01c7f79adc
commit 3005b0990e
2 changed files with 36 additions and 0 deletions

View File

@ -1950,6 +1950,7 @@ function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
'#size' => 48,
'#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions pixels and the maximum size is %size kB.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'), '%size' => variable_get('user_picture_file_size', '30'))) . ' ' . variable_get('user_picture_guidelines', ''),
);
$form['#validate'][] = 'user_profile_form_validate';
$form['#validate'][] = 'user_validate_picture';
}
$form['#uid'] = $uid;

View File

@ -1186,3 +1186,38 @@ class UserSaveTestCase extends DrupalWebTestCase {
$this->assertTrue($user_by_name, t('Loading user by name.'));
}
}
/**
* Test case to test user_save() behaviour.
*/
class UserEditTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'User edit',
'description' => 'Test user edit page.',
'group' => 'User',
);
}
/**
* Test user edit page.
*/
function testUserEdit() {
// Test user edit functionality with user pictures disabled.
variable_set('user_pictures', 0);
$user1 = $this->drupalCreateUser(array('change own username'));
$user2 = $this->drupalCreateUser(array());
$this->drupalLogin($user1);
// Test that error message appears when attempting to use a non-unique user name.
$edit['name'] = $user2->name;
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
$this->assertRaw(t('The name %name is already taken.', array('%name' => $edit['name'])));
// Repeat the test with user pictures enabled, which modifies the form.
variable_set('user_pictures', 1);
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
$this->assertRaw(t('The name %name is already taken.', array('%name' => $edit['name'])));
}
}