Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@20946 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.0.0
@@ -30,7 +30,8 @@ class Attachment < ActiveRecord::Base | |||
validates_length_of :filename, :maximum => 255 | |||
validates_length_of :disk_filename, :maximum => 255 | |||
validates_length_of :description, :maximum => 255 | |||
validate :validate_max_file_size, :validate_file_extension | |||
validate :validate_max_file_size | |||
validate :validate_file_extension, :if => :filename_changed? | |||
acts_as_event( | |||
:title => :filename, | |||
@@ -103,11 +104,9 @@ class Attachment < ActiveRecord::Base | |||
end | |||
def validate_file_extension | |||
if @temp_file | |||
extension = File.extname(filename) | |||
unless self.class.valid_extension?(extension) | |||
errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension)) | |||
end | |||
extension = File.extname(filename) | |||
unless self.class.valid_extension?(extension) | |||
errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension)) | |||
end | |||
end | |||
@@ -107,7 +107,7 @@ module Redmine | |||
end | |||
next unless a | |||
a.description = attachment['description'].to_s.strip | |||
if a.new_record? | |||
if a.new_record? || a.invalid? | |||
unsaved_attachments << a | |||
else | |||
saved_attachments << a |
@@ -152,6 +152,19 @@ class AttachmentTest < ActiveSupport::TestCase | |||
end | |||
end | |||
def test_extension_update_should_be_validated_against_denied_extensions | |||
with_settings :attachment_extensions_denied => "txt, png" do | |||
a = Attachment.new(:container => Issue.find(1), | |||
:file => mock_file_with_options(:original_filename => "test.jpeg"), | |||
:author => User.find(1)) | |||
assert_save a | |||
b = Attachment.find(a.id) | |||
b.filename = "test.png" | |||
assert !b.save | |||
end | |||
end | |||
def test_valid_extension_should_be_case_insensitive | |||
with_settings :attachment_extensions_allowed => "txt, Png" do | |||
assert Attachment.valid_extension?(".pnG") |