diff options
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Photo.pm | 8 | ||||
| -rw-r--r-- | t/app/controller/report_new.t | 67 |
2 files changed, 72 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Photo.pm b/perllib/FixMyStreet/App/Controller/Photo.pm index a070d71db..a84c538cc 100644 --- a/perllib/FixMyStreet/App/Controller/Photo.pm +++ b/perllib/FixMyStreet/App/Controller/Photo.pm @@ -163,8 +163,9 @@ sub process_photo_upload : Private { # check that the photo is a jpeg my $ct = $upload->type; - $ct =~ s/x-citrix-//; - unless ( $ct eq 'image/jpeg' || $ct eq 'image/pjpeg' ) { + $ct =~ s/x-citrix-//; # Thanks, Citrix + # Had a report of a JPEG from an Android 2.1 coming through as a byte stream + unless ( $ct eq 'image/jpeg' || $ct eq 'image/pjpeg' || $ct eq 'application/octet-stream' ) { $c->stash->{photo_error} = _('Please upload a JPEG image only'); return; } @@ -172,7 +173,8 @@ sub process_photo_upload : Private { # get the photo into a variable my $photo_blob = eval { my $filename = $upload->tempname; - my $out = `jhead -se -autorot $filename`; + my $out = `jhead -se -autorot $filename 2>&1`; + die _("Please upload a JPEG image only"."\n") if $out =~ /Not JPEG:/; my $photo = $upload->slurp; return $photo; }; diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t index 625c7531f..c16befd37 100644 --- a/t/app/controller/report_new.t +++ b/t/app/controller/report_new.t @@ -6,10 +6,14 @@ use utf8; use FixMyStreet::TestMech; use Web::Scraper; +use Path::Class; my $mech = FixMyStreet::TestMech->new; $mech->get_ok('/report/new'); +my $sample_file = file(__FILE__)->parent->file("sample.jpg")->stringify; +ok -e $sample_file, "sample file $sample_file exists"; + subtest "test that bare requests to /report/new get redirected" => sub { $mech->get_ok('/report/new'); @@ -282,6 +286,69 @@ foreach my $test ( }, errors => [ 'Please enter a subject', 'Please enter some details', ], }, + { + msg => 'non-photo upload gives error', + pc => 'SW1A 1AA', + fields => { + title => 'Title', + detail => 'Detail', + photo => [ [ undef, 'bad.txt', Content => 'This is not a JPEG', Content_Type => 'text/plain' ], 1 ], + name => 'Bob Jones', + may_show_name => '1', + email => 'bob@example.com', + phone => '', + category => 'Street lighting', + password_sign_in => '', + password_register => '', + remember_me => undef, + }, + changes => { + photo => '', + }, + errors => [ "Please upload a JPEG image only" ], + }, + { + msg => 'bad photo upload gives error', + pc => 'SW1A 1AA', + fields => { + title => 'Title', + detail => 'Detail', + photo => [ [ undef, 'fake.jpeg', Content => 'This is not a JPEG', Content_Type => 'image/jpeg' ], 1 ], + name => 'Bob Jones', + may_show_name => '1', + email => 'bob@example.com', + phone => '', + category => 'Street lighting', + password_sign_in => '', + password_register => '', + remember_me => undef, + }, + changes => { + photo => '', + }, + errors => [ "That image doesn't appear to have uploaded correctly (Please upload a JPEG image only ), please try again." ], + }, + { + msg => 'photo with octet-stream gets through okay', + pc => 'SW1A 1AA', + fields => { + title => '', + detail => 'Detail', + photo => [ [ $sample_file, undef, Content_Type => 'application/octet-stream' ], 1 ], + name => 'Bob Jones', + may_show_name => '1', + email => 'bob@example.com', + phone => '', + category => 'Street lighting', + password_sign_in => '', + password_register => '', + remember_me => undef, + }, + changes => { + photo => '', + }, + errors => [ "Please enter a subject" ], + }, ) { subtest "check form errors where $test->{msg}" => sub { |