diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-03 11:11:36 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-03 11:11:36 +0000 |
| commit | 30f7be9c19777d2b8ec88507a466bd35ffa523e3 (patch) | |
| tree | a0af4006841932b16b26b275906f6fd807194caf | |
| parent | 9441ab0ca8e8c4a51bf6716dbdaae0aea4f3fa21 (diff) | |
| download | redmine-30f7be9c19777d2b8ec88507a466bd35ffa523e3.tar.gz redmine-30f7be9c19777d2b8ec88507a466bd35ffa523e3.zip | |
Changes the digest used for attachments to SHA256 (#25240).
Patch by Jens Kraemer.
git-svn-id: http://svn.redmine.org/redmine/trunk@16454 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/attachment.rb | 10 | ||||
| -rw-r--r-- | db/migrate/20170302015225_change_attachments_digest_limit_to_64.rb | 8 | ||||
| -rw-r--r-- | test/unit/attachment_test.rb | 4 | ||||
| -rw-r--r-- | test/unit/mail_handler_test.rb | 10 |
4 files changed, 20 insertions, 12 deletions
diff --git a/app/models/attachment.rb b/app/models/attachment.rb index 52c782521..3bfecfc7b 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -15,7 +15,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -require "digest/md5" +require "digest" require "fileutils" class Attachment < ActiveRecord::Base @@ -116,20 +116,20 @@ class Attachment < ActiveRecord::Base unless File.directory?(path) FileUtils.mkdir_p(path) end - md5 = Digest::MD5.new + sha = Digest::SHA256.new File.open(diskfile, "wb") do |f| if @temp_file.respond_to?(:read) buffer = "" while (buffer = @temp_file.read(8192)) f.write(buffer) - md5.update(buffer) + sha.update(buffer) end else f.write(@temp_file) - md5.update(@temp_file) + sha.update(@temp_file) end end - self.digest = md5.hexdigest + self.digest = sha.hexdigest end @temp_file = nil diff --git a/db/migrate/20170302015225_change_attachments_digest_limit_to_64.rb b/db/migrate/20170302015225_change_attachments_digest_limit_to_64.rb new file mode 100644 index 000000000..df710e82c --- /dev/null +++ b/db/migrate/20170302015225_change_attachments_digest_limit_to_64.rb @@ -0,0 +1,8 @@ +class ChangeAttachmentsDigestLimitTo64 < ActiveRecord::Migration + def up + change_column :attachments, :digest, :string, limit: 64 + end + def down + change_column :attachments, :digest, :string, limit: 40 + end +end diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb index 81d7e3cbd..a70009d23 100644 --- a/test/unit/attachment_test.rb +++ b/test/unit/attachment_test.rb @@ -62,7 +62,7 @@ class AttachmentTest < ActiveSupport::TestCase assert_equal 59, a.filesize assert_equal 'text/plain', a.content_type assert_equal 0, a.downloads - assert_equal '1478adae0d4eb06d35897518540e25d6', a.digest + assert_equal '6bc2eb7e87cfbf9145065689aaa8b5f513089ca0af68e2dc41f9cc025473d106', a.digest assert a.disk_directory assert_match %r{\A\d{4}/\d{2}\z}, a.disk_directory @@ -188,7 +188,7 @@ class AttachmentTest < ActiveSupport::TestCase assert_equal 59, a.filesize assert_equal 'text/plain', a.content_type assert_equal 0, a.downloads - assert_equal '1478adae0d4eb06d35897518540e25d6', a.digest + assert_equal '6bc2eb7e87cfbf9145065689aaa8b5f513089ca0af68e2dc41f9cc025473d106', a.digest diskfile = a.diskfile assert File.exist?(diskfile) assert_equal 59, File.size(a.diskfile) diff --git a/test/unit/mail_handler_test.rb b/test/unit/mail_handler_test.rb index e6c20481e..cbfcfa7ad 100644 --- a/test/unit/mail_handler_test.rb +++ b/test/unit/mail_handler_test.rb @@ -522,7 +522,7 @@ class MailHandlerTest < ActiveSupport::TestCase assert_equal 10790, attachment.filesize assert File.exist?(attachment.diskfile) assert_equal 10790, File.size(attachment.diskfile) - assert_equal 'caaf384198bcbc9563ab5c058acd73cd', attachment.digest + assert_equal '4474dd534c36bdd212e2efc549507377c3e77147c9167b66dedcebfe9da8807f', attachment.digest end def test_thunderbird_with_attachment_ja @@ -538,7 +538,7 @@ class MailHandlerTest < ActiveSupport::TestCase assert_equal 5, attachment.filesize assert File.exist?(attachment.diskfile) assert_equal 5, File.size(attachment.diskfile) - assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest + assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest end def test_invalid_utf8 @@ -564,7 +564,7 @@ class MailHandlerTest < ActiveSupport::TestCase assert_equal 5, attachment.filesize assert File.exist?(attachment.diskfile) assert_equal 5, File.size(attachment.diskfile) - assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest + assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest end def test_thunderbird_with_attachment_latin1 @@ -582,7 +582,7 @@ class MailHandlerTest < ActiveSupport::TestCase assert_equal 130, attachment.filesize assert File.exist?(attachment.diskfile) assert_equal 130, File.size(attachment.diskfile) - assert_equal '4d80e667ac37dddfe05502530f152abb', attachment.digest + assert_equal '5635d67364de20432247e651dfe86fcb2265ad5e9750bd8bba7319a86363e738', attachment.digest end def test_gmail_with_attachment_latin1 @@ -600,7 +600,7 @@ class MailHandlerTest < ActiveSupport::TestCase assert_equal 5, attachment.filesize assert File.exist?(attachment.diskfile) assert_equal 5, File.size(attachment.diskfile) - assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest + assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest end def test_mail_with_attachment_latin2 |