Commit 14fb7698 by Rolf Bjaanes

added sanitizing of filenames

parent edfff2fb
...@@ -58,7 +58,7 @@ module Paperclip ...@@ -58,7 +58,7 @@ module Paperclip
return nil if uploaded_file.nil? return nil if uploaded_file.nil?
@queued_for_write[:original] = uploaded_file.to_tempfile @queued_for_write[:original] = uploaded_file.to_tempfile
@instance[:"#{@name}_file_name"] = uploaded_file.original_filename.strip @instance[:"#{@name}_file_name"] = uploaded_file.original_filename.strip.gsub /[^A-Za-z0-9\.]/, '_'
@instance[:"#{@name}_content_type"] = uploaded_file.content_type.strip @instance[:"#{@name}_content_type"] = uploaded_file.content_type.strip
@instance[:"#{@name}_file_size"] = uploaded_file.size.to_i @instance[:"#{@name}_file_size"] = uploaded_file.size.to_i
......
...@@ -113,6 +113,33 @@ class AttachmentTest < Test::Unit::TestCase ...@@ -113,6 +113,33 @@ class AttachmentTest < Test::Unit::TestCase
should "strip whitespace from content_type field" do should "strip whitespace from content_type field" do
assert_equal "image/png", @dummy.avatar.instance.avatar_content_type assert_equal "image/png", @dummy.avatar.instance.avatar_content_type
end end
end
context "Attachment with strange letters" do
setup do
rebuild_model
@not_file = mock
@not_file.stubs(:nil?).returns(false)
@not_file.expects(:to_tempfile).returns(self)
@not_file.expects(:original_filename).returns("sheep_say_bæ.png\r\n")
@not_file.expects(:content_type).returns("image/png\r\n")
@not_file.expects(:size).returns(10)
@dummy = Dummy.new
@attachment = @dummy.avatar
@attachment.expects(:valid_assignment?).with(@not_file).returns(true)
@attachment.expects(:queue_existing_for_delete)
@attachment.expects(:post_process)
@attachment.expects(:validate)
@dummy.avatar = @not_file
end
should "remove strange letters and replace with underscore (_)" do
assert_equal "sheep_say_b__.png", @dummy.avatar.original_filename
end
end end
context "An attachment" do context "An attachment" do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment