Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-11-23 19:32:29 +01:00
Code Issues Releases Wiki Activity

Merge image name cleaning functions

Browse Source 
Updated testing for changes and to check existing of new expected file
name.
Related to #2611
This commit is contained in:
Dan Brown 2021-03-14 23:20:21 +00:00
parent c1f67372a7
commit 215c69acb2
3 changed files with 10 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Uploads/ImageService.php
View File

@ -60,7 +60,7 @@ class ImageService
int $resizeHeight = null,
bool $keepRatio = true
) {
$imageName = $this->sanitizeFileName($uploadedFile->getClientOriginalName());
$imageName = $uploadedFile->getClientOriginalName();
$imageData = file_get_contents($uploadedFile->getRealPath());
if ($resizeWidth !== null || $resizeHeight !== null) {
@ -139,7 +139,7 @@ class ImageService
$name = str_replace(' ', '-', $name);
$nameParts = explode('.', $name);
$extension = array_pop($nameParts);
$name = implode('.', $nameParts);
$name = implode('-', $nameParts);
$name = Str::slug($name);
if (strlen($name) === 0) {
@ -426,15 +426,4 @@ class ImageService
$basePath = ($this->storageUrl == false) ? url('/') : $this->storageUrl;
return rtrim($basePath, '/') . $filePath;
}
/**
* Returns a sanitized filename with only one file extension
*/
private function sanitizeFileName(string $fileName): string
{
$parts = explode('.', $fileName);
$extension = array_pop($parts);
return sprintf('%s.%s', implode('-', $parts), $extension);
}
}

14
tests/Uploads/ImageTest.php
View File

@ -167,25 +167,25 @@ class ImageTest extends TestCase
public function test_files_with_double_extensions_will_get_sanitized()
{
$page = Page::first();
$page = Page::query()->first();
$admin = $this->getAdmin();
$this->actingAs($admin);
$fileName = 'bad.phtml.png';
$relPath = $this->getTestImagePath('gallery', $fileName);
$this->deleteImage($relPath);
$expectedRelPath = dirname($relPath) . '/bad-phtml.png';
$this->deleteImage($expectedRelPath);
$file = $this->newTestImageFromBase64('bad-phtml-png.base64', $fileName);
$upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
$upload->assertStatus(200);
$lastImage = Image::query()->latest('id')->first();
$newFileName = explode('.', basename($lastImage->path))[0];
$this->assertEquals($lastImage->name, 'bad-phtml.png');
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image file name was not stripped of dots');
$this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing');
$this->assertEquals('bad.phtml.png', $lastImage->name);
$this->assertEquals('bad-phtml.png', basename($lastImage->path));
$this->assertFileNotExists(public_path($relPath), 'Uploaded image file name was not stripped of dots');
$this->assertFileExists(public_path($expectedRelPath));
$this->deleteImage($lastImage->path);
}

3
tests/Uploads/UsesImages.php
View File

@ -100,9 +100,8 @@ trait UsesImages
/**
* Delete an uploaded image.
* @param $relPath
*/
protected function deleteImage($relPath)
protected function deleteImage(string $relPath)
{
$path = public_path($relPath);
if (file_exists($path)) {