0001-Validate-attachment-filenames-on-every-change.patch - Redmine

Defect #34367 » 0001-Validate-attachment-filenames-on-every-change.patch

Holger Just, 2020-12-02 15:09

       validates_length_of :filename, :maximum => 255
       validates_length_of :disk_filename, :maximum => 255
       validates_length_of :description, :maximum => 255
       validate :validate_max_file_size, :validate_file_extension
       validate :validate_max_file_size
       validate :validate_file_extension, :if => :filename_changed?
       acts_as_event(
         :title => :filename,
-...
       end
       def validate_file_extension
         if @temp_file
           extension = File.extname(filename)
           unless self.class.valid_extension?(extension)
             errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
           end
         extension = File.extname(filename)
         unless self.class.valid_extension?(extension)
           errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
         end
       end

                   end
                   next unless a
                   a.description = attachment['description'].to_s.strip
                   if a.new_record?
                   if a.new_record? || a.invalid?
                     unsaved_attachments << a
                   else
                     saved_attachments << a

         end
       end
       def test_extension_update_should_be_validated_against_denied_extensions
         with_settings :attachment_extensions_denied => "txt, png" do
           a = Attachment.new(:container => Issue.find(1),
                              :file => mock_file_with_options(:original_filename => "test.jpeg"),
                              :author => User.find(1))
           assert_save a
           b = Attachment.find(a.id)
           b.filename = "test.png"
           assert !b.save
         end
       end
       def test_valid_extension_should_be_case_insensitive
         with_settings :attachment_extensions_allowed => "txt, Png" do
           assert Attachment.valid_extension?(".pnG")

(1-1/1)