kolan/Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Limit the characters stripped by Attachment#sanitize_filename (#4324).

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7917 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2011-11-24 20:17:56 +00:00
parent 3df586d22d
commit 902b3078d5
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/attachment.rb
View File

@ -177,11 +177,9 @@ private
def sanitize_filename(value) def sanitize_filename(value)
# get only the filename, not the whole path # get only the filename, not the whole path
just_filename = value.gsub(/^.*(\\|\/)/, '') just_filename = value.gsub(/^.*(\\|\/)/, '')
# NOTE: File.basename doesn't work right with Windows paths on Unix
# INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/'))
# Finally, replace all non alphanumeric, hyphens or periods with underscore # Finally, replace invalid characters with underscore
@filename = just_filename.gsub(/[^\w\.\-]/,'_') @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_')
end end
# Returns an ASCII or hashed filename # Returns an ASCII or hashed filename

21
test/unit/attachment_test.rb
View File

@ -23,6 +23,17 @@ class AttachmentTest < ActiveSupport::TestCase
fixtures :users, :projects, :roles, :members, :member_roles, fixtures :users, :projects, :roles, :members, :member_roles,
:enabled_modules, :issues, :trackers, :attachments :enabled_modules, :issues, :trackers, :attachments
class MockFile
attr_reader :original_filename, :content_type, :content, :size
def initialize(attributes)
@original_filename = attributes[:original_filename]
@content_type = attributes[:content_type]
@content = attributes[:content] || "Content"
@size = content.size
end
end
def setup def setup
set_tmp_attachments_directory set_tmp_attachments_directory
end end
@ -76,6 +87,16 @@ class AttachmentTest < ActiveSupport::TestCase
assert a1.disk_filename != a2.disk_filename assert a1.disk_filename != a2.disk_filename
end end
def test_filename_should_be_basenamed
a = Attachment.new(:file => MockFile.new(:original_filename => "path/to/the/file"))
assert_equal 'file', a.filename
end
def test_filename_should_be_sanitized
a = Attachment.new(:file => MockFile.new(:original_filename => "valid:[] invalid:?%*|\"'<>chars"))
assert_equal 'valid_[] invalid_chars', a.filename
end
def test_diskfilename def test_diskfilename
assert Attachment.disk_filename("test_file.txt") =~ /^\d{12}_test_file.txt$/ assert Attachment.disk_filename("test_file.txt") =~ /^\d{12}_test_file.txt$/
assert_equal 'test_file.txt', Attachment.disk_filename("test_file.txt")[13..-1] assert_equal 'test_file.txt', Attachment.disk_filename("test_file.txt")[13..-1]