[HttpFoundation] Sanitize uploaded file original name

2011-04-29 19:26:59 +02:00 · 2011-04-29 19:26:59 +02:00 · dccac192d6
commit dccac192d6
parent f8cc8a7deb
2 changed files with 15 additions and 2 deletions
--- a/src/Symfony/Component/HttpFoundation/File/UploadedFile.php
+++ b/src/Symfony/Component/HttpFoundation/File/UploadedFile.php
@ -82,7 +82,7 @@ class UploadedFile extends File
        }

        $this->path = realpath($path);
-        $this->originalName = $originalName;
+        $this->originalName = basename($originalName);
        $this->mimeType = $mimeType ?: 'application/octet-stream';
        $this->size = $size;
        $this->error = $error ?: UPLOAD_ERR_OK;
--- a/tests/Symfony/Tests/Component/HttpFoundation/File/UploadedFileTest.php
+++ b/tests/Symfony/Tests/Component/HttpFoundation/File/UploadedFileTest.php
@ -77,6 +77,19 @@ class UploadedFileTest extends \PHPUnit_Framework_TestCase
            null
        );

-        $this->assertEquals('test.gif', $file->getName());
+        $this->assertEquals('original.gif', $file->getOriginalName());
    }
+    
+    public function testGetOriginalNameSanitizeFilename()
+    {
+        $file = new UploadedFile(
+            __DIR__.'/Fixtures/test.gif',
+            '../../original.gif',
+            'image/gif',
+            filesize(__DIR__.'/Fixtures/test.gif'),
+            null
+        );
+
+        $this->assertEquals('original.gif', $file->getOriginalName());
+    }    
 }