Merged r20946 from trunk to 4.0-stable (#34367).

author Go MAEDA <maeda@farend.jp>

Mon, 19 Apr 2021 23:43:37 +0000 (23:43 +0000)

committer Go MAEDA <maeda@farend.jp>

Mon, 19 Apr 2021 23:43:37 +0000 (23:43 +0000)
author Go MAEDA <maeda@farend.jp>
Mon, 19 Apr 2021 23:43:37 +0000 (23:43 +0000)
committer Go MAEDA <maeda@farend.jp>
Mon, 19 Apr 2021 23:43:37 +0000 (23:43 +0000)
diff --git a/app/models/attachment.rb b/app/models/attachment.rb

index 1f19f810a128956263a1a87c9aa9af30b0a666d3..7de24fd9f530008616ca290ec199b1c524233463 100644 (file)
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -27,7 +27,8 @@ class Attachment < ActiveRecord::Base
    validates_length_of :filename, :maximum => 255
    validates_length_of :disk_filename, :maximum => 255
    validates_length_of :description, :maximum => 255
-  validate :validate_max_file_size, :validate_file_extension
+  validate :validate_max_file_size
+  validate :validate_file_extension, :if => :filename_changed?
  
    acts_as_event :title => :filename,
                  :url => Proc.new {|o| {:controller => 'attachments', :action => 'show', :id => o.id, :filename => o.filename}}
@@ -74,11 +75,9 @@ class Attachment < ActiveRecord::Base
    end
  
    def validate_file_extension
-    if @temp_file
-      extension = File.extname(filename)
-      unless self.class.valid_extension?(extension)
-        errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
-      end
+    extension = File.extname(filename)
+    unless self.class.valid_extension?(extension)
+      errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
      end
    end
  
diff --git a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb

index 3cfc4916922cd7ffafb57b26c8f3fb233d275ff2..51e92b505ca1b01005d02f3cda9be8e027047b5e 100644 (file)
--- a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
+++ b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
@@ -105,7 +105,7 @@ module Redmine
                end
                next unless a
                a.description = attachment['description'].to_s.strip
-              if a.new_record?
+              if a.new_record? || a.invalid?
                  unsaved_attachments << a
                else
                  saved_attachments << a
diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb

index 144fb5425c392ee73d65fa3d33f5d387622a6e43..e33c2c62c5b5b75d7eb6043914e3d9af10c4fd17 100644 (file)
--- a/test/unit/attachment_test.rb
+++ b/test/unit/attachment_test.rb
@@ -151,6 +151,19 @@ class AttachmentTest < ActiveSupport::TestCase
      end
    end
  
+  def test_extension_update_should_be_validated_against_denied_extensions
+    with_settings :attachment_extensions_denied => "txt, png" do
+      a = Attachment.new(:container => Issue.find(1),
+                         :file => mock_file_with_options(:original_filename => "test.jpeg"),
+                         :author => User.find(1))
+      assert_save a
+
+      b = Attachment.find(a.id)
+      b.filename = "test.png"
+      assert !b.save
+    end
+  end
+
    def test_valid_extension_should_be_case_insensitive
      with_settings :attachment_extensions_allowed => "txt, Png" do
        assert Attachment.valid_extension?(".pnG")
author	Go MAEDA <maeda@farend.jp>
	Mon, 19 Apr 2021 23:43:37 +0000 (23:43 +0000)
committer	Go MAEDA <maeda@farend.jp>
	Mon, 19 Apr 2021 23:43:37 +0000 (23:43 +0000)
app/models/attachment.rb		patch \| blob \| history
lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb		patch \| blob \| history
test/unit/attachment_test.rb		patch \| blob \| history