From 5496d0d43660532da876abce37c12be0e1551799 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Wed, 12 Nov 2025 10:07:07 +0100 Subject: [PATCH 1/2] FIX Redirect back when file validation fails. On failed file validation actually return the redirect response rather then a hard `null`. --- code/Control/UserDefinedFormController.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/code/Control/UserDefinedFormController.php b/code/Control/UserDefinedFormController.php index 9cbb5a2c..964ab12e 100644 --- a/code/Control/UserDefinedFormController.php +++ b/code/Control/UserDefinedFormController.php @@ -327,8 +327,7 @@ public function process($data, $form) foreach ($validationResult->getMessages() as $message) { $form->sessionMessage($message['message'], ValidationResult::TYPE_ERROR); } - Controller::curr()->redirectBack(); - return null; + return $this->redirectBack(); } /** @var AssetContainer|File $file */ $file = $upload->getFile(); From dd5a652dcf05a6baafccbf63d45e8f78183de385 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Thu, 13 Nov 2025 09:05:49 +0100 Subject: [PATCH 2/2] Add test for file validation faillure redirect. --- .../Control/UserDefinedFormControllerTest.php | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tests/php/Control/UserDefinedFormControllerTest.php b/tests/php/Control/UserDefinedFormControllerTest.php index 24d4e79b..ca0e073e 100644 --- a/tests/php/Control/UserDefinedFormControllerTest.php +++ b/tests/php/Control/UserDefinedFormControllerTest.php @@ -525,6 +525,62 @@ public function testEmailAttachmentMaximumSizeCanBeConfigured() $this->assertSame(5 * 1024 * 1024, $udfController->getMaximumAllowedEmailAttachmentSize()); } + /** + * Test that file validation failures properly redirect back to the form + * instead of returning null. This ensures users see the validation error + * rather than encountering a broken page. + * + * Regression test for fix where redirectBack() was called but null was returned, + * preventing the redirect from executing. + */ + public function testFileValidationFailureRedirectsBack() + { + Config::modify()->set(Upload_Validator::class, 'use_is_uploaded_file', false); + + // Set extremely small max file size to trigger validation failure + Config::modify()->set(Upload_Validator::class, 'default_max_file_size', 1); + + $userForm = $this->setupFormFrontend('upload-form'); + $controller = new UserDefinedFormController($userForm); + $field = $this->objFromFixture(EditableFileField::class, 'file-field-1'); + + // Use existing test file which will exceed the 1 byte limit + $path = realpath(__DIR__ . '/fixtures/testfile.jpg'); + $data = [ + $field->Name => [ + 'name' => 'testfile.jpg', + 'type' => 'image/jpeg', + 'tmp_name' => $path, + 'error' => 0, + 'size' => filesize($path ?? ''), + ] + ]; + $_FILES[$field->Name] = $data[$field->Name]; + + $controller->getRequest()->setSession(new Session([])); + + // Process the form - this should trigger validation failure + $response = $controller->process($data, $controller->Form()); + + // Critical: Response must not be null (the bug being fixed) + $this->assertInstanceOf(HTTPResponse::class, $response, + 'Response should be HTTPResponse, not null, when file validation fails'); + + // Assert it's a redirect (302) + $this->assertEquals(302, $response->getStatusCode(), + 'Should redirect back to form on validation failure'); + + // Assert we don't redirect to the 'finished' success page + $location = $response->getHeader('Location'); + $this->assertStringNotContainsString('finished', $location, + 'Should not redirect to success page when validation fails'); + + // Assert no file was created in the database + $uploadedFiles = File::get()->filter(['Name:StartsWith' => 'testfile']); + $this->assertEquals(0, $uploadedFiles->count(), + 'No file should be created when validation fails'); + } + public function getParseByteSizeStringTestValues() { return [