From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 16 Dec 2016 08:45:41 +0000 (+0000)
Subject: Restrict the length attachment filenames on disk (#24186).
X-Git-Tag: 3.4.0~493
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=20be00e437a5874d8a47b82ba3aec6dc4c01c3be;p=redmine.git

Restrict the length attachment filenames on disk (#24186).

git-svn-id: http://svn.redmine.org/redmine/trunk@16083 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/models/attachment.rb b/app/models/attachment.rb
index 19f30a609..d0384372a 100644
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -413,7 +413,7 @@ class Attachment < ActiveRecord::Base
   def self.disk_filename(filename, directory=nil)
     timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
     ascii = ''
-    if filename =~ %r{^[a-zA-Z0-9_\.\-]*$}
+    if filename =~ %r{^[a-zA-Z0-9_\.\-]*$} && filename.length <= 50
       ascii = filename
     else
       ascii = Digest::MD5.hexdigest(filename)
diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb
index c2f612405..2df639c61 100644
--- a/test/unit/attachment_test.rb
+++ b/test/unit/attachment_test.rb
@@ -81,6 +81,19 @@ class AttachmentTest < ActiveSupport::TestCase
     assert_nil a.content_type
   end
 
+  def test_shorted_filename_if_too_long
+    file = uploaded_test_file("testfile.txt", "text/plain")
+    file.instance_variable_set('@original_filename', "#{'a'*251}.txt")
+    assert 255, file.original_filename.length
+
+    a = Attachment.new(:container => Issue.find(1),
+                       :file => file,
+                       :author => User.find(1))
+    assert a.save
+    a.reload
+    assert_equal 12 + 1 + 32 + 4, a.disk_filename.length
+  end
+
   def test_copy_should_preserve_attributes
     a = Attachment.find(1)
     copy = a.copy