Index: modules/simpletest/tests/file.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/file.test,v
retrieving revision 1.7
diff -u -p -r1.7 file.test
--- modules/simpletest/tests/file.test	12 Oct 2008 06:37:40 -0000	1.7
+++ modules/simpletest/tests/file.test	4 Nov 2008 20:01:14 -0000
@@ -1136,4 +1136,102 @@ class FileSaveDataTest extends FileHookT
     $file = file_save_data($contents, 'asdf.txt', FILE_EXISTS_ERROR);
     $this->assertFalse($file, t("Overwriting a file fails when FILE_EXISTS_ERROR is specified."));
   }
-}
\ No newline at end of file
+}
+
+/**
+ * Tests for download/file transfer functions.
+ */
+class FileDownloadTest extends FileTestCase {
+  /**
+   * Implementation of getInfo().
+   */
+  function getInfo() {
+    return array(
+      'name' => t('File download'),
+      'description' => t('Tests for file download/transfer functions.'),
+      'group' => t('File'),
+    );
+  }
+
+  /**
+   * Implementation of setUp().
+   */
+  function setUp() {
+    parent::setUp('file_test');
+
+    // Set file downloads to private so handler functions get called.
+    variable_set('file_downloads', FILE_DOWNLOADS_PRIVATE);
+  }
+
+  /**
+   * Tests for file_download().
+   */
+  function testFileTransfer() {
+    // Create file.
+    $base_file = $this->createFile();
+    // Copy files to files directory.
+    $file = file_copy(clone $base_file);
+    // Set file_test access header to allow the download.
+    file_test_set_access(TRUE);
+
+    $url = file_create_url($file->filename);
+    $this->drupalHead($url);
+    $this->assertRaw('Content-Type: test_file', t('Found header set by file_test module on private download.'));
+
+    // Deny access to all downloads via a -1 header.
+    file_test_set_access(FALSE);
+    $this->drupalHead($url);
+    $this->assertResponse(403, t('Correctly denied access to a file when file_test sets the header to -1.'));
+
+    // Try non-existent file.
+    $url = file_create_url($this->randomName());
+    $this->drupalHead($url);
+    $this->assertResponse(404, t('Correctly returned 404 response for a non-existent file.'));
+  }
+}
+
+/**
+ * Tests for file_munge_filename() and file_unmunge_filename().
+ */
+class FileNameMungingTest extends FileTestCase {
+  /**
+   * Implementation of getInfo().
+   */
+  function getInfo() {
+    return array(
+      'name' => t('File naming'),
+      'description' => t('Filename munging and unmunging tests.'),
+      'group' => t('File'),
+    );
+  }
+
+  /**
+   * Create a file and munge/unmunge the name.
+   */
+  function testFileNameMunging() {
+    $file = $this->createFile();
+    $insecure_extension = 'php';
+    $extension = 'txt';
+    $original_name = $file->filename . '.' . $insecure_extension . '.' . $extension;
+
+    // If allow insecure uploads is enabled, the file should come out
+    // untouched, no matter what.
+    variable_set('allow_insecure_uploads', 1);
+    $munged_name = file_munge_filename($original_name, '');
+    $this->assertIdentical($munged_name, $original_name, t('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', array('%munged' => $munged_name, '%original' => $original_name)));
+
+    // Disable insecure uploads.
+    variable_set('allow_insecure_uploads', 0);
+    $munged_name = file_munge_filename($original_name, '', TRUE);
+    $messages = drupal_get_messages();
+    $this->assertTrue(in_array(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $munged_name)), $messages['status']), t('Alert properly set when a file is renamed.'));
+    $this->assertNotEqual($munged_name, $original_name, t('The new filename (%munged) has been modified from the original (%original)', array('%munged' => $munged_name, '%original' => $original_name)));
+    $unmunged_name = file_unmunge_filename($munged_name);
+    $this->assertIdentical($unmunged_name, $original_name, t('The unmunged (%unmunged) filename matches the original (%original)', array('%unmunged' => $unmunged_name, '%original' => $original_name)));
+
+    // Declare our extension as whitelisted.
+    $munged_name = file_munge_filename($original_name, $insecure_extension);
+    $this->assertIdentical($munged_name, $original_name, t('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', array('%munged' => $munged_name, '%original' => $original_name)));
+  }
+}
+      
\ No newline at end of file
Index: modules/simpletest/tests/file_test.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/file_test.module,v
retrieving revision 1.2
diff -u -p -r1.2 file_test.module
--- modules/simpletest/tests/file_test.module	9 Oct 2008 00:02:29 -0000	1.2
+++ modules/simpletest/tests/file_test.module	4 Nov 2008 20:01:14 -0000
@@ -118,6 +118,22 @@ function file_test_file_status(&$file) {
  */
 function file_test_file_download(&$file) {
   $GLOBALS['file_test_results']['download'][] = func_get_args();
+
+  $access = file_test_get_access();
+  if ($access === TRUE) {
+    // Add a header for testing file_transfer().
+    return array(
+      'Content-Type: test_file',
+    );
+  }
+  elseif ($access === FALSE) {
+    // Deny access to the file.
+    return array(
+      -1,
+    );
+  }
+
+  // If access hasn't been defined, simply return the test array.
   return $GLOBALS['file_test_hook_return']['download'];
 }
 
@@ -164,3 +180,21 @@ function file_test_file_delete(&$file) {
   $GLOBALS['file_test_results']['delete'][] = func_get_args();
 }
 
+/**
+ * Set a session variable that is used to determine the file headers added via
+ * file_test_file_download().
+ *
+ * @param boolean $value
+ *   A value of FALSE will deny access to files, while a value of true will
+ *   allow access.
+ */
+function file_test_set_access($value) {
+  variable_set('file_test_file_access', $value);
+}
+
+/**
+ * Return the current access state for file_test_file_download().
+ */
+function file_test_get_access() {
+  return variable_get('file_test_file_access', NULL);
+}
\ No newline at end of file
