| @@ -294,10 +294,10 class Attachment < ActiveRecord::Base | |||||
| 294 |
|
294 | |||
| 295 | def sanitize_filename(value) |
|
295 | def sanitize_filename(value) | |
| 296 | # get only the filename, not the whole path |
|
296 | # get only the filename, not the whole path | |
| 297 |
just_filename = value.gsub(/ |
|
297 | just_filename = value.gsub(/\A.*(\\|\/)/m, '') | |
| 298 |
|
298 | |||
| 299 | # Finally, replace invalid characters with underscore |
|
299 | # Finally, replace invalid characters with underscore | |
| 300 | @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_') |
|
300 | @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_') | |
| 301 | end |
|
301 | end | |
| 302 |
|
302 | |||
| 303 | # Returns the subdirectory in which the attachment will be saved |
|
303 | # Returns the subdirectory in which the attachment will be saved | |
| @@ -42,6 +42,13 class AttachmentTest < ActiveSupport::TestCase | |||||
| 42 | assert_nil Attachment.new.container |
|
42 | assert_nil Attachment.new.container | |
| 43 | end |
|
43 | end | |
| 44 |
|
44 | |||
|
|
45 | def test_filename_should_remove_eols | |||
|
|
46 | assert_equal "line_feed", Attachment.new(:filename => "line\nfeed").filename | |||
|
|
47 | assert_equal "line_feed", Attachment.new(:filename => "some\npath/line\nfeed").filename | |||
|
|
48 | assert_equal "carriage_return", Attachment.new(:filename => "carriage\rreturn").filename | |||
|
|
49 | assert_equal "carriage_return", Attachment.new(:filename => "some\rpath/carriage\rreturn").filename | |||
|
|
50 | end | |||
|
|
51 | ||||
| 45 | def test_create |
|
52 | def test_create | |
| 46 | a = Attachment.new(:container => Issue.find(1), |
|
53 | a = Attachment.new(:container => Issue.find(1), | |
| 47 | :file => uploaded_test_file("testfile.txt", "text/plain"), |
|
54 | :file => uploaded_test_file("testfile.txt", "text/plain"), | |
General Comments 0
You need to be logged in to leave comments.
Login now