[HttpFoundation] Fix name sanitization after perfoming move
This commit is contained in:
Al Ganiev
Fabien Potencier
parent
462f93ad12
commit
9872d26c9c
@ -532,7 +532,7 @@ class File extends \SplFileInfo
|
||||
throw new FileException(sprintf('Unable to write in the "%s" directory', $directory));
|
||||
}
|
||||
|
||||
$target = $directory.DIRECTORY_SEPARATOR.(null === $name ? $this->getBasename() : basename($name));
|
||||
$target = $directory.DIRECTORY_SEPARATOR.(null === $name ? $this->getBasename() : $this->getName($name));
|
||||
|
||||
if (!@rename($this->getPathname(), $target)) {
|
||||
$error = error_get_last();
|
||||
@ -543,4 +543,20 @@ class File extends \SplFileInfo
|
||||
|
||||
return new File($target);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns locale independent base name of the given path.
|
||||
*
|
||||
* @param string $name The new file name
|
||||
*
|
||||
* @return string containing
|
||||
*/
|
||||
protected function getName($name)
|
||||
{
|
||||
$originalName = str_replace('\\', '/', $name);
|
||||
$pos = strrpos($originalName, '/');
|
||||
$originalName = false === $pos ? $originalName : substr($originalName, $pos + 1);
|
||||
|
||||
return $originalName;
|
||||
}
|
||||
}
|
||||
|
||||
@ -94,9 +94,7 @@ class UploadedFile extends File
|
||||
throw new FileException(sprintf('Unable to create UploadedFile because "file_uploads" is disabled in your php.ini file (%s)', get_cfg_var('cfg_file_path')));
|
||||
}
|
||||
|
||||
$originalName = str_replace('\\', '/', $originalName);
|
||||
$pos = strrpos($originalName, '/');
|
||||
$this->originalName = false === $pos ? $originalName : substr($originalName, $pos + 1);
|
||||
$this->originalName = $this->getName($originalName);
|
||||
$this->mimeType = $mimeType ?: 'application/octet-stream';
|
||||
$this->size = $size;
|
||||
$this->error = $error ?: UPLOAD_ERR_OK;
|
||||
@ -168,7 +166,7 @@ class UploadedFile extends File
|
||||
/**
|
||||
* Returns whether the file was uploaded successfully.
|
||||
*
|
||||
* @return Boolean True if no error occurred during uploading
|
||||
* @return Boolean True if no error occurred during uploading
|
||||
*
|
||||
* @api
|
||||
*/
|
||||
|
||||
@ -91,6 +91,41 @@ class FileTest extends \PHPUnit_Framework_TestCase
|
||||
@unlink($targetPath);
|
||||
}
|
||||
|
||||
public function getFilenameFixtures()
|
||||
{
|
||||
return array(
|
||||
array('original.gif', 'original.gif'),
|
||||
array('..\\..\\original.gif', 'original.gif'),
|
||||
array('../../original.gif', 'original.gif'),
|
||||
array('файлfile.gif', 'файлfile.gif'),
|
||||
array('..\\..\\файлfile.gif', 'файлfile.gif'),
|
||||
array('../../файлfile.gif', 'файлfile.gif'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider getFilenameFixtures
|
||||
*/
|
||||
public function testMoveWithNonLatinName($filename, $sanitizedFilename)
|
||||
{
|
||||
$path = __DIR__.'/Fixtures/'.$sanitizedFilename;
|
||||
$targetDir = __DIR__.'/Fixtures/directory/';
|
||||
$targetPath = $targetDir.$sanitizedFilename;
|
||||
@unlink($path);
|
||||
@unlink($targetPath);
|
||||
copy(__DIR__.'/Fixtures/test.gif', $path);
|
||||
|
||||
$file = new File($path);
|
||||
$movedFile = $file->move($targetDir,$filename);
|
||||
$this->assertInstanceOf('Symfony\Component\HttpFoundation\File\File', $movedFile);
|
||||
|
||||
$this->assertTrue(file_exists($targetPath));
|
||||
$this->assertFalse(file_exists($path));
|
||||
$this->assertEquals(realpath($targetPath), $movedFile->getRealPath());
|
||||
|
||||
@unlink($targetPath);
|
||||
}
|
||||
|
||||
public function testMoveToAnUnexistentDirectory()
|
||||
{
|
||||
$sourcePath = __DIR__.'/Fixtures/test.copy.gif';
|
||||
|
||||
Reference in New Issue
Block a user