Strip eols from file names (#14819).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@12128 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 9 insertions, 2 deletions

diff --git a/app/models/attachment.rb b/app/models/attachment.rb
index eeab56242..dd1aa3a7c 100644
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -294,10 +294,10 @@ class Attachment < ActiveRecord::Base
 
   def sanitize_filename(value)
     # get only the filename, not the whole path
-    just_filename = value.gsub(/^.*(\\|\/)/, '')
+    just_filename = value.gsub(/\A.*(\\|\/)/m, '')
 
     # Finally, replace invalid characters with underscore
-    @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_')
+    @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_')
   end
 
   # Returns the subdirectory in which the attachment will be saved
diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb
index b3608aef7..a038042cb 100644
--- a/test/unit/attachment_test.rb
+++ b/test/unit/attachment_test.rb
@@ -42,6 +42,13 @@ class AttachmentTest < ActiveSupport::TestCase
     assert_nil Attachment.new.container
   end
 
+  def test_filename_should_remove_eols
+    assert_equal "line_feed", Attachment.new(:filename => "line\nfeed").filename
+    assert_equal "line_feed", Attachment.new(:filename => "some\npath/line\nfeed").filename
+    assert_equal "carriage_return", Attachment.new(:filename => "carriage\rreturn").filename
+    assert_equal "carriage_return", Attachment.new(:filename => "some\rpath/carriage\rreturn").filename
+  end
+
   def test_create
     a = Attachment.new(:container => Issue.find(1),
                        :file => uploaded_test_file("testfile.txt", "text/plain"),