jro_apps/redmine Commit - r7797:902b3078d549

Limit the characters stripped by Attachment#sanitize_filename (#4324)....

Jean-Philippe Lang -

r7797:902b3078d549

parent child

Context file:

r7797:902b3078d549

app/models/attachment.rb +2 -4

                def sanitize_filename(value)
                  # get only the filename, not the whole path
                  just_filename = value.gsub(/^.*(\\|\/)/, '')
-                 # NOTE: File.basename doesn't work right with Windows paths on Unix
-                 # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/'))
-                 # Finally, replace all non alphanumeric, hyphens or periods with underscore
-                 @filename = just_filename.gsub(/[^\w\.\-]/,'_')
+                 # Finally, replace invalid characters with underscore
+                 @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_')
                end
                # Returns an ASCII or hashed filename

test/unit/attachment_test.rb +21 0

              class AttachmentTest < ActiveSupport::TestCase
                fixtures :users, :projects, :roles, :members, :member_roles,
                         :enabled_modules, :issues, :trackers, :attachments
+               class MockFile
+                 attr_reader :original_filename, :content_type, :content, :size
+                 def initialize(attributes)
+                   @original_filename = attributes[:original_filename]
+                   @content_type = attributes[:content_type]
+                   @content = attributes[:content] || "Content"
+                   @size = content.size
+                 end
+               end
                def setup
                  set_tmp_attachments_directory
                                          :author => User.find(1))
                  assert a1.disk_filename != a2.disk_filename
                end
+               def test_filename_should_be_basenamed
+                 a = Attachment.new(:file => MockFile.new(:original_filename => "path/to/the/file"))
+                 assert_equal 'file', a.filename
+               end
+               def test_filename_should_be_sanitized
+                 a = Attachment.new(:file => MockFile.new(:original_filename => "valid:[] invalid:?%*|\"'<>chars"))
+                 assert_equal 'valid_[] invalid_chars', a.filename
+               end
                def test_diskfilename
                  assert Attachment.disk_filename("test_file.txt") =~ /^\d{12}_test_file.txt$/

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages