diff --git a/app/models/environment.rb b/app/models/environment.rb index 4dea8c5..f370ba6 100644 --- a/app/models/environment.rb +++ b/app/models/environment.rb @@ -9,10 +9,10 @@ class Environment < ActiveRecord::Base has_many :tasks, :dependent => :destroy, :as => 'target' - IDENTIFY_SCRIPTS = /(?:php[0-9s]?(\..*)?|[sp]htm[l]?(\..*)?|pl|py|cgi|rb)/ + IDENTIFY_SCRIPTS = /(php[0-9s]?|[sp]htm[l]?|pl|py|cgi|rb)/ def self.verify_filename(filename) - filename += '.txt' if filename =~ IDENTIFY_SCRIPTS + filename += '.txt' if File.extname(filename) =~ IDENTIFY_SCRIPTS filename end diff --git a/db/migrate/20110706171330_fix_misunderstood_script_filename.rb b/db/migrate/20110706171330_fix_misunderstood_script_filename.rb new file mode 100644 index 0000000..cb197a2 --- /dev/null +++ b/db/migrate/20110706171330_fix_misunderstood_script_filename.rb @@ -0,0 +1,57 @@ +#FIXME Don't know why, but this xss_terminate and sanitize_tag_list calls here +# from the migration fall on a loop and breaks the migration. Both them are +# related to alias_method_chain, probably there is a problem with this kind of +# alias on the migration level. +class Article < ActiveRecord::Base + def sanitize_tag_list + end +end + +module XssTerminate + module InstanceMethods + def sanitize_fields_with_white_list + end + end +end + +#FIXME This after save calls the environment methods 'blocks' and +# 'portal_community'. Both acts as not defined don't know why. +class ArticleSweeper < ActiveRecord::Observer + def after_save(article) + end +end + +class Environment < ActiveRecord::Base + def self.verify_filename(filename) + filename + end +end + +class FixMisunderstoodScriptFilename < ActiveRecord::Migration + def self.up + Image.all.select { |i| !i.thumbnail? && File.extname(i.filename) == '.txt'}.map do |image| + image.thumbnails.destroy_all + image.filename = fixed_name(image) + image.save! + image.create_thumbnails + end + + UploadedFile.all.select { |u| u.content_type != 'text/plain' && File.extname(u.filename) == '.txt' }.map do |uploaded_file| + uploaded_file.thumbnails.destroy_all + uploaded_file.filename = fixed_name(uploaded_file) + uploaded_file.save! + uploaded_file.create_thumbnails + end + end + + def self.down + say "WARNING: cannot undo this migration" + end + + class << self + def fixed_name(file) + file.filename.gsub('.txt', '') + end + end + +end diff --git a/test/unit/environment_test.rb b/test/unit/environment_test.rb index c5000e8..3076d15 100644 --- a/test/unit/environment_test.rb +++ b/test/unit/environment_test.rb @@ -1124,15 +1124,25 @@ class EnvironmentTest < Test::Unit::TestCase end should 'identify scripts with regex' do - scripts_extensions = %w[php php1 php4 phps php.bli cgi shtm phtm shtml phtml pl py rb] - name = 'uploaded_file' + scripts_extensions = %w[php php1 php4 phps cgi shtm phtm shtml phtml pl py rb] scripts_extensions.each do |extension| - assert_not_nil name+'.'+extension =~ Environment::IDENTIFY_SCRIPTS + assert_not_nil extension =~ Environment::IDENTIFY_SCRIPTS end end + should 'filter file as script only if it has the extension as a script extension' do + name = 'file_php_testing' + assert_equal name, Environment.verify_filename(name) + + name += '.php' + assert_equal name+'.txt', Environment.verify_filename(name) + + name += '.bli' + assert_equal name, Environment.verify_filename(name) + end + should 'verify filename and append .txt if script' do - scripts_extensions = %w[php php1 php4 phps php.bli cgi shtm phtm shtml phtml pl py rb] + scripts_extensions = %w[php php1 php4 phps cgi shtm phtm shtml phtml pl py rb] name = 'uploaded_file' scripts_extensions.each do |extension| filename = name+'.'+extension -- libgit2 0.21.2