From dac93644e8585cc6b2ea1a0409b11ed82bb8169d Mon Sep 17 00:00:00 2001 From: Kevin Decherf Date: Mon, 7 Jan 2019 23:50:08 +0100 Subject: [PATCH] EntriesExport: sanitize filename and fix tests Filename will now only use a-zA-Z0-9-' and space. Fixes remaining filename issue on #3811 Signed-off-by: Kevin Decherf --- .../CoreBundle/Helper/EntriesExport.php | 28 ++++++++++++------- .../Controller/ExportControllerTest.php | 11 ++++++-- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/src/Wallabag/CoreBundle/Helper/EntriesExport.php b/src/Wallabag/CoreBundle/Helper/EntriesExport.php index 1debdf8e..1a611199 100644 --- a/src/Wallabag/CoreBundle/Helper/EntriesExport.php +++ b/src/Wallabag/CoreBundle/Helper/EntriesExport.php @@ -223,7 +223,7 @@ class EntriesExport [ 'Content-Description' => 'File Transfer', 'Content-type' => 'application/epub+zip', - 'Content-Disposition' => 'attachment; filename="' . $this->title . '.epub"', + 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.epub"', 'Content-Transfer-Encoding' => 'binary', ] ); @@ -265,9 +265,6 @@ class EntriesExport } $mobi->setContentProvider($content); - // the browser inside Kindle Devices doesn't likes special caracters either, we limit to A-z/0-9 - $this->title = preg_replace('/[^A-Za-z0-9\-]/', '', $this->title); - return Response::create( $mobi->toString(), 200, @@ -275,7 +272,7 @@ class EntriesExport 'Accept-Ranges' => 'bytes', 'Content-Description' => 'File Transfer', 'Content-type' => 'application/x-mobipocket-ebook', - 'Content-Disposition' => 'attachment; filename="' . $this->title . '.mobi"', + 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.mobi"', 'Content-Transfer-Encoding' => 'binary', ] ); @@ -348,7 +345,7 @@ class EntriesExport [ 'Content-Description' => 'File Transfer', 'Content-type' => 'application/pdf', - 'Content-Disposition' => 'attachment; filename="' . $this->title . '.pdf"', + 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.pdf"', 'Content-Transfer-Encoding' => 'binary', ] ); @@ -394,7 +391,7 @@ class EntriesExport 200, [ 'Content-type' => 'application/csv', - 'Content-Disposition' => 'attachment; filename="' . $this->title . '.csv"', + 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.csv"', 'Content-Transfer-Encoding' => 'UTF-8', ] ); @@ -412,7 +409,7 @@ class EntriesExport 200, [ 'Content-type' => 'application/json', - 'Content-Disposition' => 'attachment; filename="' . $this->title . '.json"', + 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.json"', 'Content-Transfer-Encoding' => 'UTF-8', ] ); @@ -430,7 +427,7 @@ class EntriesExport 200, [ 'Content-type' => 'application/xml', - 'Content-Disposition' => 'attachment; filename="' . $this->title . '.xml"', + 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.xml"', 'Content-Transfer-Encoding' => 'UTF-8', ] ); @@ -456,7 +453,7 @@ class EntriesExport 200, [ 'Content-type' => 'text/plain', - 'Content-Disposition' => 'attachment; filename="' . $this->title . '.txt"', + 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.txt"', 'Content-Transfer-Encoding' => 'UTF-8', ] ); @@ -499,4 +496,15 @@ class EntriesExport return str_replace('%IMAGE%', '', $info); } + + /** + * Return a sanitized version of the title by applying translit iconv + * and removing non alphanumeric characters, - and space. + * + * @return string Sanitized filename + */ + private function getSanitizedFilename() + { + return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $this->title)); + } } diff --git a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php index 6f3308e5..0c3d4c83 100644 --- a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php @@ -98,7 +98,7 @@ class ExportControllerTest extends WallabagCoreTestCase $headers = $client->getResponse()->headers; $this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type')); - $this->assertSame('attachment; filename="' . preg_replace('/[^A-Za-z0-9\-]/', '', $content->getTitle()) . '.mobi"', $headers->get('content-disposition')); + $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($content->getTitle()) . '.mobi"', $headers->get('content-disposition')); $this->assertSame('binary', $headers->get('content-transfer-encoding')); } @@ -126,7 +126,7 @@ class ExportControllerTest extends WallabagCoreTestCase $headers = $client->getResponse()->headers; $this->assertSame('application/pdf', $headers->get('content-type')); - $this->assertSame('attachment; filename="Tag_entries articles.pdf"', $headers->get('content-disposition')); + $this->assertSame('attachment; filename="Tag foo bar articles.pdf"', $headers->get('content-disposition')); $this->assertSame('binary', $headers->get('content-transfer-encoding')); } @@ -212,7 +212,7 @@ class ExportControllerTest extends WallabagCoreTestCase $headers = $client->getResponse()->headers; $this->assertSame('application/json', $headers->get('content-type')); - $this->assertSame('attachment; filename="' . $contentInDB->getTitle() . '.json"', $headers->get('content-disposition')); + $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($contentInDB->getTitle()) . '.json"', $headers->get('content-disposition')); $this->assertSame('UTF-8', $headers->get('content-transfer-encoding')); $content = json_decode($client->getResponse()->getContent(), true); @@ -281,4 +281,9 @@ class ExportControllerTest extends WallabagCoreTestCase $this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at); $this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at); } + + private function getSanitizedFilename($title) + { + return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $title)); + } } -- 2.41.0