Restrict the length attachment filenames on disk (#24186).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Fri, 16 Dec 2016 08:45:41 +0000 (08:45 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Fri, 16 Dec 2016 08:45:41 +0000 (08:45 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 16 Dec 2016 08:45:41 +0000 (08:45 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 16 Dec 2016 08:45:41 +0000 (08:45 +0000)
diff --git a/app/models/attachment.rb b/app/models/attachment.rb

index 19f30a60947655d3319dee9e7ab17cc93cfc3261..d0384372a6a3f8d52d75cdc6bd6523079f0ac6e6 100644 (file)
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -413,7 +413,7 @@ class Attachment < ActiveRecord::Base
    def self.disk_filename(filename, directory=nil)
      timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
      ascii = ''
-    if filename =~ %r{^[a-zA-Z0-9_\.\-]*$}
+    if filename =~ %r{^[a-zA-Z0-9_\.\-]*$} && filename.length <= 50
        ascii = filename
      else
        ascii = Digest::MD5.hexdigest(filename)
diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb

index c2f6124056564435853315f3e3cf4ceff5421557..2df639c6104d2d7217991a77b83b3a076f542ec6 100644 (file)
--- a/test/unit/attachment_test.rb
+++ b/test/unit/attachment_test.rb
@@ -81,6 +81,19 @@ class AttachmentTest < ActiveSupport::TestCase
      assert_nil a.content_type
    end
  
+  def test_shorted_filename_if_too_long
+    file = uploaded_test_file("testfile.txt", "text/plain")
+    file.instance_variable_set('@original_filename', "#{'a'*251}.txt")
+    assert 255, file.original_filename.length
+
+    a = Attachment.new(:container => Issue.find(1),
+                       :file => file,
+                       :author => User.find(1))
+    assert a.save
+    a.reload
+    assert_equal 12 + 1 + 32 + 4, a.disk_filename.length
+  end
+
    def test_copy_should_preserve_attributes
      a = Attachment.find(1)
      copy = a.copy
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Fri, 16 Dec 2016 08:45:41 +0000 (08:45 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Fri, 16 Dec 2016 08:45:41 +0000 (08:45 +0000)
app/models/attachment.rb		patch \| blob \| history
test/unit/attachment_test.rb		patch \| blob \| history