aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorKevin Decherf <kevin@kdecherf.com>2019-01-07 23:50:08 +0100
committerKevin Decherf <kevin@kdecherf.com>2019-01-08 15:13:35 +0100
commitdac93644e8585cc6b2ea1a0409b11ed82bb8169d (patch)
tree6ac87a2f9e70f5ea2668e5d84e21dba5c85e2795
parentad5ef8bca0c0321f348dcf402e0a20791eca3f4d (diff)
downloadwallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.tar.gz
wallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.tar.zst
wallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.zip
EntriesExport: sanitize filename and fix tests
Filename will now only use a-zA-Z0-9-' and space. Fixes remaining filename issue on #3811 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
-rw-r--r--src/Wallabag/CoreBundle/Helper/EntriesExport.php28
-rw-r--r--tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php11
2 files changed, 26 insertions, 13 deletions
diff --git a/src/Wallabag/CoreBundle/Helper/EntriesExport.php b/src/Wallabag/CoreBundle/Helper/EntriesExport.php
index 1debdf8e..1a611199 100644
--- a/src/Wallabag/CoreBundle/Helper/EntriesExport.php
+++ b/src/Wallabag/CoreBundle/Helper/EntriesExport.php
@@ -223,7 +223,7 @@ class EntriesExport
223 [ 223 [
224 'Content-Description' => 'File Transfer', 224 'Content-Description' => 'File Transfer',
225 'Content-type' => 'application/epub+zip', 225 'Content-type' => 'application/epub+zip',
226 'Content-Disposition' => 'attachment; filename="' . $this->title . '.epub"', 226 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.epub"',
227 'Content-Transfer-Encoding' => 'binary', 227 'Content-Transfer-Encoding' => 'binary',
228 ] 228 ]
229 ); 229 );
@@ -265,9 +265,6 @@ class EntriesExport
265 } 265 }
266 $mobi->setContentProvider($content); 266 $mobi->setContentProvider($content);
267 267
268 // the browser inside Kindle Devices doesn't likes special caracters either, we limit to A-z/0-9
269 $this->title = preg_replace('/[^A-Za-z0-9\-]/', '', $this->title);
270
271 return Response::create( 268 return Response::create(
272 $mobi->toString(), 269 $mobi->toString(),
273 200, 270 200,
@@ -275,7 +272,7 @@ class EntriesExport
275 'Accept-Ranges' => 'bytes', 272 'Accept-Ranges' => 'bytes',
276 'Content-Description' => 'File Transfer', 273 'Content-Description' => 'File Transfer',
277 'Content-type' => 'application/x-mobipocket-ebook', 274 'Content-type' => 'application/x-mobipocket-ebook',
278 'Content-Disposition' => 'attachment; filename="' . $this->title . '.mobi"', 275 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.mobi"',
279 'Content-Transfer-Encoding' => 'binary', 276 'Content-Transfer-Encoding' => 'binary',
280 ] 277 ]
281 ); 278 );
@@ -348,7 +345,7 @@ class EntriesExport
348 [ 345 [
349 'Content-Description' => 'File Transfer', 346 'Content-Description' => 'File Transfer',
350 'Content-type' => 'application/pdf', 347 'Content-type' => 'application/pdf',
351 'Content-Disposition' => 'attachment; filename="' . $this->title . '.pdf"', 348 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.pdf"',
352 'Content-Transfer-Encoding' => 'binary', 349 'Content-Transfer-Encoding' => 'binary',
353 ] 350 ]
354 ); 351 );
@@ -394,7 +391,7 @@ class EntriesExport
394 200, 391 200,
395 [ 392 [
396 'Content-type' => 'application/csv', 393 'Content-type' => 'application/csv',
397 'Content-Disposition' => 'attachment; filename="' . $this->title . '.csv"', 394 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.csv"',
398 'Content-Transfer-Encoding' => 'UTF-8', 395 'Content-Transfer-Encoding' => 'UTF-8',
399 ] 396 ]
400 ); 397 );
@@ -412,7 +409,7 @@ class EntriesExport
412 200, 409 200,
413 [ 410 [
414 'Content-type' => 'application/json', 411 'Content-type' => 'application/json',
415 'Content-Disposition' => 'attachment; filename="' . $this->title . '.json"', 412 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.json"',
416 'Content-Transfer-Encoding' => 'UTF-8', 413 'Content-Transfer-Encoding' => 'UTF-8',
417 ] 414 ]
418 ); 415 );
@@ -430,7 +427,7 @@ class EntriesExport
430 200, 427 200,
431 [ 428 [
432 'Content-type' => 'application/xml', 429 'Content-type' => 'application/xml',
433 'Content-Disposition' => 'attachment; filename="' . $this->title . '.xml"', 430 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.xml"',
434 'Content-Transfer-Encoding' => 'UTF-8', 431 'Content-Transfer-Encoding' => 'UTF-8',
435 ] 432 ]
436 ); 433 );
@@ -456,7 +453,7 @@ class EntriesExport
456 200, 453 200,
457 [ 454 [
458 'Content-type' => 'text/plain', 455 'Content-type' => 'text/plain',
459 'Content-Disposition' => 'attachment; filename="' . $this->title . '.txt"', 456 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.txt"',
460 'Content-Transfer-Encoding' => 'UTF-8', 457 'Content-Transfer-Encoding' => 'UTF-8',
461 ] 458 ]
462 ); 459 );
@@ -499,4 +496,15 @@ class EntriesExport
499 496
500 return str_replace('%IMAGE%', '', $info); 497 return str_replace('%IMAGE%', '', $info);
501 } 498 }
499
500 /**
501 * Return a sanitized version of the title by applying translit iconv
502 * and removing non alphanumeric characters, - and space.
503 *
504 * @return string Sanitized filename
505 */
506 private function getSanitizedFilename()
507 {
508 return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $this->title));
509 }
502} 510}
diff --git a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php
index 6f3308e5..0c3d4c83 100644
--- a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php
@@ -98,7 +98,7 @@ class ExportControllerTest extends WallabagCoreTestCase
98 98
99 $headers = $client->getResponse()->headers; 99 $headers = $client->getResponse()->headers;
100 $this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type')); 100 $this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type'));
101 $this->assertSame('attachment; filename="' . preg_replace('/[^A-Za-z0-9\-]/', '', $content->getTitle()) . '.mobi"', $headers->get('content-disposition')); 101 $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($content->getTitle()) . '.mobi"', $headers->get('content-disposition'));
102 $this->assertSame('binary', $headers->get('content-transfer-encoding')); 102 $this->assertSame('binary', $headers->get('content-transfer-encoding'));
103 } 103 }
104 104
@@ -126,7 +126,7 @@ class ExportControllerTest extends WallabagCoreTestCase
126 126
127 $headers = $client->getResponse()->headers; 127 $headers = $client->getResponse()->headers;
128 $this->assertSame('application/pdf', $headers->get('content-type')); 128 $this->assertSame('application/pdf', $headers->get('content-type'));
129 $this->assertSame('attachment; filename="Tag_entries articles.pdf"', $headers->get('content-disposition')); 129 $this->assertSame('attachment; filename="Tag foo bar articles.pdf"', $headers->get('content-disposition'));
130 $this->assertSame('binary', $headers->get('content-transfer-encoding')); 130 $this->assertSame('binary', $headers->get('content-transfer-encoding'));
131 } 131 }
132 132
@@ -212,7 +212,7 @@ class ExportControllerTest extends WallabagCoreTestCase
212 212
213 $headers = $client->getResponse()->headers; 213 $headers = $client->getResponse()->headers;
214 $this->assertSame('application/json', $headers->get('content-type')); 214 $this->assertSame('application/json', $headers->get('content-type'));
215 $this->assertSame('attachment; filename="' . $contentInDB->getTitle() . '.json"', $headers->get('content-disposition')); 215 $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($contentInDB->getTitle()) . '.json"', $headers->get('content-disposition'));
216 $this->assertSame('UTF-8', $headers->get('content-transfer-encoding')); 216 $this->assertSame('UTF-8', $headers->get('content-transfer-encoding'));
217 217
218 $content = json_decode($client->getResponse()->getContent(), true); 218 $content = json_decode($client->getResponse()->getContent(), true);
@@ -281,4 +281,9 @@ class ExportControllerTest extends WallabagCoreTestCase
281 $this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at); 281 $this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at);
282 $this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at); 282 $this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at);
283 } 283 }
284
285 private function getSanitizedFilename($title)
286 {
287 return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $title));
288 }
284} 289}