meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2025-12-19 15:01:14 +00:00
Code Issues Releases Wiki Activity

Restrict the length attachment filenames on disk (#24186).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@16083 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2016-12-16 08:45:41 +00:00
parent ff81353e8c
commit 20be00e437
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/attachment.rb
View File

@ -413,7 +413,7 @@ class Attachment < ActiveRecord::Base
def self.disk_filename(filename, directory=nil) def self.disk_filename(filename, directory=nil)
timestamp = DateTime.now.strftime("%y%m%d%H%M%S") timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
ascii = '' ascii = ''
if filename =~ %r{^[a-zA-Z0-9_\.\-]*$} if filename =~ %r{^[a-zA-Z0-9_\.\-]*$} && filename.length <= 50
ascii = filename ascii = filename
else else
ascii = Digest::MD5.hexdigest(filename) ascii = Digest::MD5.hexdigest(filename)

13
test/unit/attachment_test.rb
View File

@ -81,6 +81,19 @@ class AttachmentTest < ActiveSupport::TestCase
assert_nil a.content_type assert_nil a.content_type
end end
def test_shorted_filename_if_too_long
file = uploaded_test_file("testfile.txt", "text/plain")
file.instance_variable_set('@original_filename', "#{'a'*251}.txt")
assert 255, file.original_filename.length
a = Attachment.new(:container => Issue.find(1),
:file => file,
:author => User.find(1))
assert a.save
a.reload
assert_equal 12 + 1 + 32 + 4, a.disk_filename.length
end
def test_copy_should_preserve_attributes def test_copy_should_preserve_attributes
a = Attachment.find(1) a = Attachment.find(1)
copy = a.copy copy = a.copy