From: Jean-Philippe Lang Date: Wed, 11 Sep 2013 19:19:24 +0000 (+0000) Subject: Strip eols from file names (#14819). X-Git-Tag: 2.4.0~121 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=02fca76c13cde18859eaf6dde2381328feaacb39;p=redmine.git Strip eols from file names (#14819). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@12128 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/models/attachment.rb b/app/models/attachment.rb index eeab56242..dd1aa3a7c 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -294,10 +294,10 @@ class Attachment < ActiveRecord::Base def sanitize_filename(value) # get only the filename, not the whole path - just_filename = value.gsub(/^.*(\\|\/)/, '') + just_filename = value.gsub(/\A.*(\\|\/)/m, '') # Finally, replace invalid characters with underscore - @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_') + @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_') end # Returns the subdirectory in which the attachment will be saved diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb index b3608aef7..a038042cb 100644 --- a/test/unit/attachment_test.rb +++ b/test/unit/attachment_test.rb @@ -42,6 +42,13 @@ class AttachmentTest < ActiveSupport::TestCase assert_nil Attachment.new.container end + def test_filename_should_remove_eols + assert_equal "line_feed", Attachment.new(:filename => "line\nfeed").filename + assert_equal "line_feed", Attachment.new(:filename => "some\npath/line\nfeed").filename + assert_equal "carriage_return", Attachment.new(:filename => "carriage\rreturn").filename + assert_equal "carriage_return", Attachment.new(:filename => "some\rpath/carriage\rreturn").filename + end + def test_create a = Attachment.new(:container => Issue.find(1), :file => uploaded_test_file("testfile.txt", "text/plain"),