Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #3032376 by alexpott, dww, Berdir: Files renamed by \_file_save_upload_single() do not have the correct filename on the File entity

8.7.x
Lee Rowlands 2019-02-25 20:45:21 +10:00
parent 3b32b1e600
commit 9431a1cb8e
No known key found for this signature in database
GPG Key ID: 2B829A3DF9204DC4
4 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/modules/file/file.module
View File

@ -1092,6 +1092,10 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va
} }
} }
// Update the filename with any changes as a result of security or renaming
// due to an existing file.
$file->setFilename(\Drupal::service('file_system')->basename($file->destination));
// If we made it this far it's safe to record this file in the database. // If we made it this far it's safe to record this file in the database.
$file->save(); $file->save();

4
core/modules/file/src/Tests/FileFieldWidgetTest.php
View File

@ -259,7 +259,7 @@ class FileFieldWidgetTest extends FileFieldTestBase {
'%field' => $field_name, '%field' => $field_name,
'@max' => $cardinality, '@max' => $cardinality,
'@count' => count($upload_files_node_creation) + count($upload_files_node_revision), '@count' => count($upload_files_node_creation) + count($upload_files_node_revision),
'%list' => implode(', ', array_fill(0, 3, $test_file->getFilename())), '%list' => implode(', ', ['text-0_2.txt', 'text-0_3.txt', 'text-0_4.txt']),
]; ];
$this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args)); $this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args));
$node_storage->resetCache([$nid]); $node_storage->resetCache([$nid]);
@ -291,7 +291,7 @@ class FileFieldWidgetTest extends FileFieldTestBase {
'%field' => $field_name, '%field' => $field_name,
'@max' => $cardinality, '@max' => $cardinality,
'@count' => count($upload_files), '@count' => count($upload_files),
'%list' => $test_file->getFileName(), '%list' => 'text-0_12.txt',
]; ];
$this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args)); $this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args));
} }

5
core/modules/file/tests/src/Functional/SaveUploadTest.php
View File

@ -207,6 +207,7 @@ class SaveUploadTest extends FileManagedTestBase {
$this->assertResponse(200, 'Received a 200 response for posted test file.'); $this->assertResponse(200, 'Received a 200 response for posted test file.');
$message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '.txt' . '</em>'; $message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '.txt' . '</em>';
$this->assertRaw($message, 'Dangerous file was renamed.'); $this->assertRaw($message, 'Dangerous file was renamed.');
$this->assertSession()->pageTextContains('File name is php-2.php.txt.');
$this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed."); $this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed.");
$this->assertRaw(t('You WIN!'), 'Found the success message.'); $this->assertRaw(t('You WIN!'), 'Found the success message.');
@ -222,7 +223,7 @@ class SaveUploadTest extends FileManagedTestBase {
$this->drupalPostForm('file-test/upload', $edit, t('Submit')); $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
$this->assertResponse(200, 'Received a 200 response for posted test file.'); $this->assertResponse(200, 'Received a 200 response for posted test file.');
$this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found no security message.'); $this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found no security message.');
$this->assertRaw(t('File name is @filename', ['@filename' => $this->phpfile->filename]), 'Dangerous file was not renamed when insecure uploads is TRUE.'); $this->assertSession()->pageTextContains('File name is php-2.php.');
$this->assertRaw(t('You WIN!'), 'Found the success message.'); $this->assertRaw(t('You WIN!'), 'Found the success message.');
// Check that the correct hooks were called. // Check that the correct hooks were called.
@ -292,6 +293,7 @@ class SaveUploadTest extends FileManagedTestBase {
$this->drupalPostForm('file-test/upload', $edit, t('Submit')); $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
$this->assertResponse(200, 'Received a 200 response for posted test file.'); $this->assertResponse(200, 'Received a 200 response for posted test file.');
$this->assertRaw(t('You WIN!'), 'Found the success message.'); $this->assertRaw(t('You WIN!'), 'Found the success message.');
$this->assertSession()->pageTextContains('File name is image-test_0.png.');
// Check that the correct hooks were called. // Check that the correct hooks were called.
$this->assertFileHooksCalled(['validate', 'insert']); $this->assertFileHooksCalled(['validate', 'insert']);
@ -308,6 +310,7 @@ class SaveUploadTest extends FileManagedTestBase {
$this->drupalPostForm('file-test/upload', $edit, t('Submit')); $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
$this->assertResponse(200, 'Received a 200 response for posted test file.'); $this->assertResponse(200, 'Received a 200 response for posted test file.');
$this->assertRaw(t('You WIN!'), 'Found the success message.'); $this->assertRaw(t('You WIN!'), 'Found the success message.');
$this->assertSession()->pageTextContains('File name is image-test.png.');
// Check that the correct hooks were called. // Check that the correct hooks were called.
$this->assertFileHooksCalled(['validate', 'load', 'update']); $this->assertFileHooksCalled(['validate', 'load', 'update']);

2
core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php
View File

@ -139,7 +139,7 @@ class InlineBlockPrivateFilesTest extends InlineBlockTestBase {
$assert_session->pageTextContains('You are not authorized to access this page'); $assert_session->pageTextContains('You are not authorized to access this page');
$this->drupalGet('node/2/layout'); $this->drupalGet('node/2/layout');
$file4 = $this->createPrivateFile('drupal.txt'); $file4 = $this->createPrivateFile('drupal_4.txt');
$this->addInlineFileBlockToLayout('The file', $file4); $this->addInlineFileBlockToLayout('The file', $file4);
$this->assertSaveLayout(); $this->assertSaveLayout();