From dccac192d6cd54ffbdcd549dbb3c08c397e367de Mon Sep 17 00:00:00 2001 From: Victor Berchet Date: Fri, 29 Apr 2011 19:26:59 +0200 Subject: [PATCH] [HttpFoundation] Sanitize uploaded file original name --- .../HttpFoundation/File/UploadedFile.php | 2 +- .../HttpFoundation/File/UploadedFileTest.php | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/File/UploadedFile.php b/src/Symfony/Component/HttpFoundation/File/UploadedFile.php index 26d5d72bd5..8a3fad7662 100644 --- a/src/Symfony/Component/HttpFoundation/File/UploadedFile.php +++ b/src/Symfony/Component/HttpFoundation/File/UploadedFile.php @@ -82,7 +82,7 @@ class UploadedFile extends File } $this->path = realpath($path); - $this->originalName = $originalName; + $this->originalName = basename($originalName); $this->mimeType = $mimeType ?: 'application/octet-stream'; $this->size = $size; $this->error = $error ?: UPLOAD_ERR_OK; diff --git a/tests/Symfony/Tests/Component/HttpFoundation/File/UploadedFileTest.php b/tests/Symfony/Tests/Component/HttpFoundation/File/UploadedFileTest.php index 8c1821cf0c..088b6554ed 100644 --- a/tests/Symfony/Tests/Component/HttpFoundation/File/UploadedFileTest.php +++ b/tests/Symfony/Tests/Component/HttpFoundation/File/UploadedFileTest.php @@ -77,6 +77,19 @@ class UploadedFileTest extends \PHPUnit_Framework_TestCase null ); - $this->assertEquals('test.gif', $file->getName()); + $this->assertEquals('original.gif', $file->getOriginalName()); } + + public function testGetOriginalNameSanitizeFilename() + { + $file = new UploadedFile( + __DIR__.'/Fixtures/test.gif', + '../../original.gif', + 'image/gif', + filesize(__DIR__.'/Fixtures/test.gif'), + null + ); + + $this->assertEquals('original.gif', $file->getOriginalName()); + } }