EntriesExport: sanitize filename and fix tests

Filename will now only use a-zA-Z0-9-' and space.

Fixes remaining filename issue on #3811

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>

diff --git a/src/Wallabag/CoreBundle/Helper/EntriesExport.php b/src/Wallabag/CoreBundle/Helper/EntriesExport.php
index 1debdf8e457af9847db482fd82b25311d834c56e..1a611199412f5bd259c54fcc140feb08c0cf54f5 100644 (file)
--- a/src/Wallabag/CoreBundle/Helper/EntriesExport.php
+++ b/src/Wallabag/CoreBundle/Helper/EntriesExport.php
@@ -223,7 +223,7 @@ class EntriesExport
             [
                 'Content-Description' => 'File Transfer',
                 'Content-type' => 'application/epub+zip',
-                'Content-Disposition' => 'attachment; filename="' . $this->title . '.epub"',
+                'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.epub"',
                 'Content-Transfer-Encoding' => 'binary',
             ]
         );
@@ -265,9 +265,6 @@ class EntriesExport
         }
         $mobi->setContentProvider($content);
 
-        // the browser inside Kindle Devices doesn't likes special caracters either, we limit to A-z/0-9
-        $this->title = preg_replace('/[^A-Za-z0-9\-]/', '', $this->title);
-
         return Response::create(
             $mobi->toString(),
             200,
@@ -275,7 +272,7 @@ class EntriesExport
                 'Accept-Ranges' => 'bytes',
                 'Content-Description' => 'File Transfer',
                 'Content-type' => 'application/x-mobipocket-ebook',
-                'Content-Disposition' => 'attachment; filename="' . $this->title . '.mobi"',
+                'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.mobi"',
                 'Content-Transfer-Encoding' => 'binary',
             ]
         );
@@ -348,7 +345,7 @@ class EntriesExport
             [
                 'Content-Description' => 'File Transfer',
                 'Content-type' => 'application/pdf',
-                'Content-Disposition' => 'attachment; filename="' . $this->title . '.pdf"',
+                'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.pdf"',
                 'Content-Transfer-Encoding' => 'binary',
             ]
         );
@@ -394,7 +391,7 @@ class EntriesExport
             200,
             [
                 'Content-type' => 'application/csv',
-                'Content-Disposition' => 'attachment; filename="' . $this->title . '.csv"',
+                'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.csv"',
                 'Content-Transfer-Encoding' => 'UTF-8',
             ]
         );
@@ -412,7 +409,7 @@ class EntriesExport
             200,
             [
                 'Content-type' => 'application/json',
-                'Content-Disposition' => 'attachment; filename="' . $this->title . '.json"',
+                'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.json"',
                 'Content-Transfer-Encoding' => 'UTF-8',
             ]
         );
@@ -430,7 +427,7 @@ class EntriesExport
             200,
             [
                 'Content-type' => 'application/xml',
-                'Content-Disposition' => 'attachment; filename="' . $this->title . '.xml"',
+                'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.xml"',
                 'Content-Transfer-Encoding' => 'UTF-8',
             ]
         );
@@ -456,7 +453,7 @@ class EntriesExport
             200,
             [
                 'Content-type' => 'text/plain',
-                'Content-Disposition' => 'attachment; filename="' . $this->title . '.txt"',
+                'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.txt"',
                 'Content-Transfer-Encoding' => 'UTF-8',
             ]
         );
@@ -499,4 +496,15 @@ class EntriesExport
 
         return str_replace('%IMAGE%', '', $info);
     }
+
+    /**
+     * Return a sanitized version of the title by applying translit iconv
+     * and removing non alphanumeric characters, - and space.
+     *
+     * @return string Sanitized filename
+     */
+    private function getSanitizedFilename()
+    {
+        return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $this->title));
+    }
 }

diff --git a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php
index 6f3308e56f337bd1d02d8cc7a36fca40a844deba..0c3d4c83adc721c2b0ac9a84d82f9d7cc9d19db4 100644 (file)
--- a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php
@@ -98,7 +98,7 @@ class ExportControllerTest extends WallabagCoreTestCase
 
         $headers = $client->getResponse()->headers;
         $this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type'));
-        $this->assertSame('attachment; filename="' . preg_replace('/[^A-Za-z0-9\-]/', '', $content->getTitle()) . '.mobi"', $headers->get('content-disposition'));
+        $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($content->getTitle()) . '.mobi"', $headers->get('content-disposition'));
         $this->assertSame('binary', $headers->get('content-transfer-encoding'));
     }
 
@@ -126,7 +126,7 @@ class ExportControllerTest extends WallabagCoreTestCase
 
         $headers = $client->getResponse()->headers;
         $this->assertSame('application/pdf', $headers->get('content-type'));
-        $this->assertSame('attachment; filename="Tag_entries articles.pdf"', $headers->get('content-disposition'));
+        $this->assertSame('attachment; filename="Tag foo bar articles.pdf"', $headers->get('content-disposition'));
         $this->assertSame('binary', $headers->get('content-transfer-encoding'));
     }
 
@@ -212,7 +212,7 @@ class ExportControllerTest extends WallabagCoreTestCase
 
         $headers = $client->getResponse()->headers;
         $this->assertSame('application/json', $headers->get('content-type'));
-        $this->assertSame('attachment; filename="' . $contentInDB->getTitle() . '.json"', $headers->get('content-disposition'));
+        $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($contentInDB->getTitle()) . '.json"', $headers->get('content-disposition'));
         $this->assertSame('UTF-8', $headers->get('content-transfer-encoding'));
 
         $content = json_decode($client->getResponse()->getContent(), true);
@@ -281,4 +281,9 @@ class ExportControllerTest extends WallabagCoreTestCase
         $this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at);
         $this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at);
     }
+
+    private function getSanitizedFilename($title)
+    {
+        return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $title));
+    }
 }