Commit c217dd61 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Feature #3982 / Filename Sanatize: remove spaces.

Specify content disposition header filename in '"'. Remove none alnum chars from filename.
Sanitize.php: update doc
Download.php: Implement filename to be enclosed by ". Sanatize filename.
SanitizeTest.php: unittest for safeFilename().
parent d541459a
......@@ -164,7 +164,7 @@ class Sanitize {
'/ö/', '/Ö/',
'/ü/', '/Ü/',
// Definition of German Umlauts ENDE
'([^[:alnum:]._])' // Disallow: Not alphanumeric, dot or underscore
'([^[:alnum:]._])' // Disallow 'none alphanumeric'. Allow dot or underscore.
);
$replace = array(
......
......@@ -17,6 +17,7 @@ require_once(__DIR__ . '/../store/Session.php');
require_once(__DIR__ . '/../store/Store.php');
require_once(__DIR__ . '/../helper/OnArray.php');
require_once(__DIR__ . '/../helper/Logger.php');
require_once(__DIR__ . '/../helper/Sanitize.php');
require_once(__DIR__ . '/../report/Html2Pdf.php');
//require_once(__DIR__ . '/Link.php');
//require_once(__DIR__ . '/Sendmail.php');
......@@ -156,23 +157,24 @@ class Download {
/**
* Set header type and output $filename. Be careful not to send any additional characters.
*
* @param $filename
* @param $file
* @param $outputFilename
*/
private function outputFile($filename, $outputFilename) {
private function outputFile($file, $outputFilename) {
$length = filesize($filename);
$outputFilename = $this->targetFilenameExtension($filename, $outputFilename, $mimetype);
$length = filesize($file);
$outputFilename = $this->targetFilenameExtension($file, $outputFilename, $mimetype);
$outputFilename = Sanitize::safeFilename($outputFilename); // be sure that there are no problematic chars in the filename. E.g. MacOS X don't like spaces for downloads.
header("Content-type: $mimetype");
header("Content-Length: $length");
// If defined as 'attachment': PDFs are not shown inside the browser (if user configured that). Instead, always a 'save as'-dialog appears (Chrome, FF)
// header("Content-Disposition: attachment; filename=$outputFilename");
header("Content-Disposition: inline; filename=$outputFilename");
header("Content-Disposition: inline; filename=\"$outputFilename\"");
header("Pragma: no-cache");
header("Expires: 0");
print file_get_contents($filename);
print file_get_contents($file);
}
/**
......
......@@ -324,4 +324,27 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');
}
/**
* Test string, numeric, array, subarray
*
* @throws CodeException
*/
public function testSafeFilename() {
$value = '';
$this->assertEquals($value, Sanitize::safeFilename($value), 'Empty string');
$value = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$this->assertEquals($value, Sanitize::safeFilename($value), 'Alnum string');
$value = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.pdf';
$this->assertEquals($value, Sanitize::safeFilename($value), 'Alnum string with .');
$value = '1ü2ö3ä4Ü5Ö6Ä7';
$this->assertEquals('1ue2oe3ae4Ue5Oe6Ae7', Sanitize::safeFilename($value), 'Alnum string with umlaut');
$value = '`~!@#$%^&*()_+=-[]{}\|;:\'"/?.> ,<`';
$this->assertEquals('____________________________._____', Sanitize::safeFilename($value), 'Alnum string with umlaut');
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment