| @@ -177,11 +177,9 private | |||||
| 177 | def sanitize_filename(value) |
|
177 | def sanitize_filename(value) | |
| 178 | # get only the filename, not the whole path |
|
178 | # get only the filename, not the whole path | |
| 179 | just_filename = value.gsub(/^.*(\\|\/)/, '') |
|
179 | just_filename = value.gsub(/^.*(\\|\/)/, '') | |
| 180 | # NOTE: File.basename doesn't work right with Windows paths on Unix |
|
|||
| 181 | # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/')) |
|
|||
| 182 |
|
180 | |||
| 183 |
# Finally, replace |
|
181 | # Finally, replace invalid characters with underscore | |
| 184 |
@filename = just_filename.gsub(/[ |
|
182 | @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_') | |
| 185 | end |
|
183 | end | |
| 186 |
|
184 | |||
| 187 | # Returns an ASCII or hashed filename |
|
185 | # Returns an ASCII or hashed filename | |
| @@ -22,6 +22,17 require File.expand_path('../../test_helper', __FILE__) | |||||
| 22 | class AttachmentTest < ActiveSupport::TestCase |
|
22 | class AttachmentTest < ActiveSupport::TestCase | |
| 23 | fixtures :users, :projects, :roles, :members, :member_roles, |
|
23 | fixtures :users, :projects, :roles, :members, :member_roles, | |
| 24 | :enabled_modules, :issues, :trackers, :attachments |
|
24 | :enabled_modules, :issues, :trackers, :attachments | |
|
|
25 | ||||
|
|
26 | class MockFile | |||
|
|
27 | attr_reader :original_filename, :content_type, :content, :size | |||
|
|
28 | ||||
|
|
29 | def initialize(attributes) | |||
|
|
30 | @original_filename = attributes[:original_filename] | |||
|
|
31 | @content_type = attributes[:content_type] | |||
|
|
32 | @content = attributes[:content] || "Content" | |||
|
|
33 | @size = content.size | |||
|
|
34 | end | |||
|
|
35 | end | |||
| 25 |
|
36 | |||
| 26 | def setup |
|
37 | def setup | |
| 27 | set_tmp_attachments_directory |
|
38 | set_tmp_attachments_directory | |
| @@ -75,6 +86,16 class AttachmentTest < ActiveSupport::TestCase | |||||
| 75 | :author => User.find(1)) |
|
86 | :author => User.find(1)) | |
| 76 | assert a1.disk_filename != a2.disk_filename |
|
87 | assert a1.disk_filename != a2.disk_filename | |
| 77 | end |
|
88 | end | |
|
|
89 | ||||
|
|
90 | def test_filename_should_be_basenamed | |||
|
|
91 | a = Attachment.new(:file => MockFile.new(:original_filename => "path/to/the/file")) | |||
|
|
92 | assert_equal 'file', a.filename | |||
|
|
93 | end | |||
|
|
94 | ||||
|
|
95 | def test_filename_should_be_sanitized | |||
|
|
96 | a = Attachment.new(:file => MockFile.new(:original_filename => "valid:[] invalid:?%*|\"'<>chars")) | |||
|
|
97 | assert_equal 'valid_[] invalid_chars', a.filename | |||
|
|
98 | end | |||
| 78 |
|
99 | |||
| 79 | def test_diskfilename |
|
100 | def test_diskfilename | |
| 80 | assert Attachment.disk_filename("test_file.txt") =~ /^\d{12}_test_file.txt$/ |
|
101 | assert Attachment.disk_filename("test_file.txt") =~ /^\d{12}_test_file.txt$/ | |
General Comments 0
You need to be logged in to leave comments.
Login now