Strip eols from file names (#14819).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@12128 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/models/attachment.rb b/app/models/attachment.rb
index eeab562426ae903b1c070180f711cdcf536063ac..dd1aa3a7c9b959a913b3f452c276b8721f99723c 100644 (file)
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -294,10 +294,10 @@ class Attachment < ActiveRecord::Base
 
   def sanitize_filename(value)
     # get only the filename, not the whole path
-    just_filename = value.gsub(/^.*(\\|\/)/, '')
+    just_filename = value.gsub(/\A.*(\\|\/)/m, '')
 
     # Finally, replace invalid characters with underscore
-    @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_')
+    @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_')
   end
 
   # Returns the subdirectory in which the attachment will be saved

diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb
index b3608aef74310fdd3608b28087a185ace1e56485..a038042cbcf053eee84538eb0aa758dbb1d5e8be 100644 (file)
--- a/test/unit/attachment_test.rb
+++ b/test/unit/attachment_test.rb
@@ -42,6 +42,13 @@ class AttachmentTest < ActiveSupport::TestCase
     assert_nil Attachment.new.container
   end
 
+  def test_filename_should_remove_eols
+    assert_equal "line_feed", Attachment.new(:filename => "line\nfeed").filename
+    assert_equal "line_feed", Attachment.new(:filename => "some\npath/line\nfeed").filename
+    assert_equal "carriage_return", Attachment.new(:filename => "carriage\rreturn").filename
+    assert_equal "carriage_return", Attachment.new(:filename => "some\rpath/carriage\rreturn").filename
+  end
+
   def test_create
     a = Attachment.new(:container => Issue.find(1),
                        :file => uploaded_test_file("testfile.txt", "text/plain"),