Project

General

Profile

Download (2.92 KB)

Defect #5969 » 0001-allow-upload-of-zero-byte-files-as-attachments.patch

Jens Krämer, 2016-08-31 03:23

View differences:

app/models/attachment.rb
82 82 
  def file=(incoming_file)
83 83 
    unless incoming_file.nil?
84 84 
      @temp_file = incoming_file
85 
      if @temp_file.size > 0
86 
        if @temp_file.respond_to?(:original_filename)
87 
          self.filename = @temp_file.original_filename
88 
          self.filename.force_encoding("UTF-8")
89 
        end
90 
        if @temp_file.respond_to?(:content_type)
91 
          self.content_type = @temp_file.content_type.to_s.chomp
92 
        end
93 
        self.filesize = @temp_file.size
85 
      if @temp_file.respond_to?(:original_filename)
86 
        self.filename = @temp_file.original_filename
87 
        self.filename.force_encoding("UTF-8")
94 88 
      end
89 
      if @temp_file.respond_to?(:content_type)
90 
        self.content_type = @temp_file.content_type.to_s.chomp
91 
      end
92 
      self.filesize = @temp_file.size
95 93 
    end
96 94 
  end
97 95 

  		




  ......




  107
  105
  
    
  # Copies the temporary file to its final location

  		




  108
  106
  
    
  # and computes its MD5 hash

  		




  109
  107
  
    
  def files_to_final_location

  		




  110
  
  
    
    if @temp_file && (@temp_file.size > 0)

  		




  
  108
  
    
    if @temp_file

  		




  111
  109
  
    
      self.disk_directory = target_directory

  		




  112
  110
  
    
      self.disk_filename = Attachment.disk_filename(filename, disk_directory)

  		




  113
  111
  
    
      logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)") if logger

  		












  

    
      test/integration/attachments_test.rb
    
  





  136
  136
  
    
    assert_include "$('#attachments_1').remove();", response.body

  		




  137
  137
  
    
  end

  		




  138
  138
  
    

  		




  
  139
  
    
  def test_upload_zero_byte_file

  		




  
  140
  
    
    log_user('jsmith', 'jsmith')

  		




  
  141
  
    

  		




  
  142
  
    
    ajax_upload('empty.txt', '')

  		




  
  143
  
    

  		




  
  144
  
    
    attachment = Attachment.order('id DESC').first

  		




  
  145
  
    
    attachment_path = "/attachments/#{attachment.id}.js?attachment_id=1"

  		




  
  146
  
    
    assert_include "href: '#{attachment_path}'", response.body, "Path to attachment: #{attachment_path} not found in response:\n#{response.body}"

  		




  
  147
  
    

  		




  
  148
  
    
    assert File.readable? attachment.diskfile

  		




  
  149
  
    
    assert_equal 0, File.size(attachment.diskfile)

  		




  
  150
  
    

  		




  
  151
  
    
    assert_difference 'Attachment.count', -1 do

  		




  
  152
  
    
      delete attachment_path

  		




  
  153
  
    
      assert_response :success

  		




  
  154
  
    
    end

  		




  
  155
  
    

  		




  
  156
  
    
    assert_include "$('#attachments_1').remove();", response.body

  		




  
  157
  
    
  end

  		




  
  158
  
    

  		




  139
  159
  
    
  private

  		




  140
  160
  
    

  		




  141
  161
  
    
  def ajax_upload(filename, content, attachment_id=1)

  		















  
    (1-1/1)