##// END OF EJS Templates
jro_apps » redmine
RSS
Uploading of attachments which filename contains non-ASCII chars fails with Ruby 1.9 on issue update (#10575)....
Jean-Philippe Lang -
r9200:b4975862d66c
parent child
Show More
Side by Side Unified
Context file:
r9200:b4975862d66c Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,243 +1,244
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require "digest/md5"
19 19
20 20 class Attachment < ActiveRecord::Base
21 21 belongs_to :container, :polymorphic => true
22 22 belongs_to :author, :class_name => "User", :foreign_key => "author_id"
23 23
24 24 validates_presence_of :filename, :author
25 25 validates_length_of :filename, :maximum => 255
26 26 validates_length_of :disk_filename, :maximum => 255
27 27 validate :validate_max_file_size
28 28
29 29 acts_as_event :title => :filename,
30 30 :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id, :filename => o.filename}}
31 31
32 32 acts_as_activity_provider :type => 'files',
33 33 :permission => :view_files,
34 34 :author_key => :author_id,
35 35 :find_options => {:select => "#{Attachment.table_name}.*",
36 36 :joins => "LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " +
37 37 "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )"}
38 38
39 39 acts_as_activity_provider :type => 'documents',
40 40 :permission => :view_documents,
41 41 :author_key => :author_id,
42 42 :find_options => {:select => "#{Attachment.table_name}.*",
43 43 :joins => "LEFT JOIN #{Document.table_name} ON #{Attachment.table_name}.container_type='Document' AND #{Document.table_name}.id = #{Attachment.table_name}.container_id " +
44 44 "LEFT JOIN #{Project.table_name} ON #{Document.table_name}.project_id = #{Project.table_name}.id"}
45 45
46 46 cattr_accessor :storage_path
47 47 @@storage_path = Redmine::Configuration['attachments_storage_path'] || "#{Rails.root}/files"
48 48
49 49 before_save :files_to_final_location
50 50 after_destroy :delete_from_disk
51 51
52 52 def container_with_blank_type_check
53 53 if container_type.blank?
54 54 nil
55 55 else
56 56 container_without_blank_type_check
57 57 end
58 58 end
59 59 alias_method_chain :container, :blank_type_check unless method_defined?(:container_without_blank_type_check)
60 60
61 61 # Returns an unsaved copy of the attachment
62 62 def copy(attributes=nil)
63 63 copy = self.class.new
64 64 copy.attributes = self.attributes.dup.except("id", "downloads")
65 65 copy.attributes = attributes if attributes
66 66 copy
67 67 end
68 68
69 69 def validate_max_file_size
70 70 if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
71 71 errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
72 72 end
73 73 end
74 74
75 75 def file=(incoming_file)
76 76 unless incoming_file.nil?
77 77 @temp_file = incoming_file
78 78 if @temp_file.size > 0
79 79 if @temp_file.respond_to?(:original_filename)
80 80 self.filename = @temp_file.original_filename
81 self.filename.force_encoding("UTF-8") if filename.respond_to?(:force_encoding)
81 82 end
82 83 if @temp_file.respond_to?(:content_type)
83 84 self.content_type = @temp_file.content_type.to_s.chomp
84 85 end
85 86 if content_type.blank? && filename.present?
86 87 self.content_type = Redmine::MimeType.of(filename)
87 88 end
88 89 self.filesize = @temp_file.size
89 90 end
90 91 end
91 92 end
92 93
93 94 def file
94 95 nil
95 96 end
96 97
97 98 def filename=(arg)
98 99 write_attribute :filename, sanitize_filename(arg.to_s)
99 100 if new_record? && disk_filename.blank?
100 101 self.disk_filename = Attachment.disk_filename(filename)
101 102 end
102 103 filename
103 104 end
104 105
105 106 # Copies the temporary file to its final location
106 107 # and computes its MD5 hash
107 108 def files_to_final_location
108 109 if @temp_file && (@temp_file.size > 0)
109 110 logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)")
110 111 md5 = Digest::MD5.new
111 112 File.open(diskfile, "wb") do |f|
112 113 buffer = ""
113 114 while (buffer = @temp_file.read(8192))
114 115 f.write(buffer)
115 116 md5.update(buffer)
116 117 end
117 118 end
118 119 self.digest = md5.hexdigest
119 120 end
120 121 @temp_file = nil
121 122 # Don't save the content type if it's longer than the authorized length
122 123 if self.content_type && self.content_type.length > 255
123 124 self.content_type = nil
124 125 end
125 126 end
126 127
127 128 # Deletes the file from the file system if it's not referenced by other attachments
128 129 def delete_from_disk
129 130 if Attachment.first(:conditions => ["disk_filename = ? AND id <> ?", disk_filename, id]).nil?
130 131 delete_from_disk!
131 132 end
132 133 end
133 134
134 135 # Returns file's location on disk
135 136 def diskfile
136 137 "#{@@storage_path}/#{self.disk_filename}"
137 138 end
138 139
139 140 def increment_download
140 141 increment!(:downloads)
141 142 end
142 143
143 144 def project
144 145 container.try(:project)
145 146 end
146 147
147 148 def visible?(user=User.current)
148 149 container && container.attachments_visible?(user)
149 150 end
150 151
151 152 def deletable?(user=User.current)
152 153 container && container.attachments_deletable?(user)
153 154 end
154 155
155 156 def image?
156 157 self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png)$/i
157 158 end
158 159
159 160 def is_text?
160 161 Redmine::MimeType.is_type?('text', filename)
161 162 end
162 163
163 164 def is_diff?
164 165 self.filename =~ /\.(patch|diff)$/i
165 166 end
166 167
167 168 # Returns true if the file is readable
168 169 def readable?
169 170 File.readable?(diskfile)
170 171 end
171 172
172 173 # Returns the attachment token
173 174 def token
174 175 "#{id}.#{digest}"
175 176 end
176 177
177 178 # Finds an attachment that matches the given token and that has no container
178 179 def self.find_by_token(token)
179 180 if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
180 181 attachment_id, attachment_digest = $1, $2
181 182 attachment = Attachment.first(:conditions => {:id => attachment_id, :digest => attachment_digest})
182 183 if attachment && attachment.container.nil?
183 184 attachment
184 185 end
185 186 end
186 187 end
187 188
188 189 # Bulk attaches a set of files to an object
189 190 #
190 191 # Returns a Hash of the results:
191 192 # :files => array of the attached files
192 193 # :unsaved => array of the files that could not be attached
193 194 def self.attach_files(obj, attachments)
194 195 result = obj.save_attachments(attachments, User.current)
195 196 obj.attach_saved_attachments
196 197 result
197 198 end
198 199
199 200 def self.latest_attach(attachments, filename)
200 201 attachments.sort_by(&:created_on).reverse.detect {
201 202 |att| att.filename.downcase == filename.downcase
202 203 }
203 204 end
204 205
205 206 def self.prune(age=1.day)
206 207 attachments = Attachment.all(:conditions => ["created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age])
207 208 attachments.each(&:destroy)
208 209 end
209 210
210 211 private
211 212
212 213 # Physically deletes the file from the file system
213 214 def delete_from_disk!
214 215 if disk_filename.present? && File.exist?(diskfile)
215 216 File.delete(diskfile)
216 217 end
217 218 end
218 219
219 220 def sanitize_filename(value)
220 221 # get only the filename, not the whole path
221 222 just_filename = value.gsub(/^.*(\\|\/)/, '')
222 223
223 224 # Finally, replace invalid characters with underscore
224 225 @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_')
225 226 end
226 227
227 228 # Returns an ASCII or hashed filename
228 229 def self.disk_filename(filename)
229 230 timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
230 231 ascii = ''
231 232 if filename =~ %r{^[a-zA-Z0-9_\.\-]*$}
232 233 ascii = filename
233 234 else
234 235 ascii = Digest::MD5.hexdigest(filename)
235 236 # keep the extension if any
236 237 ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
237 238 end
238 239 while File.exist?(File.join(@@storage_path, "#{timestamp}_#{ascii}"))
239 240 timestamp.succ!
240 241 end
241 242 "#{timestamp}_#{ascii}"
242 243 end
243 244 end
General Comments 0
You need to be logged in to leave comments. Login now