webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-01-03 23:42:28 +03:00
Code Activity

Allow uploads of files containing dots in filename. Closes BookStackApp/BookStack#2217

Browse Source
This commit is contained in:
Timo Förster
2021-03-04 21:45:56 +01:00
parent 4d4a57d1bf
commit 745d15d200
35 changed files with 25 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/Uploads/ImageTest.php
View File

@@ -165,7 +165,7 @@ class ImageTest extends TestCase
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped');
}
public function test_files_with_double_extensions_cannot_be_uploaded()
public function test_files_with_double_extensions_will_get_sanitized()
{
$page = Page::first();
$admin = $this->getAdmin();
@@ -177,9 +177,17 @@ class ImageTest extends TestCase
$file = $this->newTestImageFromBase64('bad-phtml-png.base64', $fileName);
$upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
$upload->assertStatus(302);
$upload->assertStatus(200);
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped');
$lastImage = Image::query()->latest('id')->first();
$newFileName = explode('.', basename($lastImage->path))[0];
$this->assertEquals($lastImage->name, 'bad-phtml.png');
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image file name was not stripped of dots');
$this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing');
$this->deleteImage($lastImage->path);
}
public function test_url_entities_removed_from_filenames()
@@ -428,4 +436,4 @@ class ImageTest extends TestCase
$this->deleteImage($relPath);
}
}
}