diff options
| author | Kevin Decherf <kevin@kdecherf.com> | 2019-01-07 23:50:08 +0100 |
|---|---|---|
| committer | Kevin Decherf <kevin@kdecherf.com> | 2019-01-08 15:13:35 +0100 |
| commit | dac93644e8585cc6b2ea1a0409b11ed82bb8169d (patch) | |
| tree | 6ac87a2f9e70f5ea2668e5d84e21dba5c85e2795 | |
| parent | ad5ef8bca0c0321f348dcf402e0a20791eca3f4d (diff) | |
| download | wallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.tar.gz wallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.tar.zst wallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.zip | |
EntriesExport: sanitize filename and fix tests
Filename will now only use a-zA-Z0-9-' and space.
Fixes remaining filename issue on #3811
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
| -rw-r--r-- | src/Wallabag/CoreBundle/Helper/EntriesExport.php | 28 | ||||
| -rw-r--r-- | tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php | 11 |
2 files changed, 26 insertions, 13 deletions
diff --git a/src/Wallabag/CoreBundle/Helper/EntriesExport.php b/src/Wallabag/CoreBundle/Helper/EntriesExport.php index 1debdf8e..1a611199 100644 --- a/src/Wallabag/CoreBundle/Helper/EntriesExport.php +++ b/src/Wallabag/CoreBundle/Helper/EntriesExport.php | |||
| @@ -223,7 +223,7 @@ class EntriesExport | |||
| 223 | [ | 223 | [ |
| 224 | 'Content-Description' => 'File Transfer', | 224 | 'Content-Description' => 'File Transfer', |
| 225 | 'Content-type' => 'application/epub+zip', | 225 | 'Content-type' => 'application/epub+zip', |
| 226 | 'Content-Disposition' => 'attachment; filename="' . $this->title . '.epub"', | 226 | 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.epub"', |
| 227 | 'Content-Transfer-Encoding' => 'binary', | 227 | 'Content-Transfer-Encoding' => 'binary', |
| 228 | ] | 228 | ] |
| 229 | ); | 229 | ); |
| @@ -265,9 +265,6 @@ class EntriesExport | |||
| 265 | } | 265 | } |
| 266 | $mobi->setContentProvider($content); | 266 | $mobi->setContentProvider($content); |
| 267 | 267 | ||
| 268 | // the browser inside Kindle Devices doesn't likes special caracters either, we limit to A-z/0-9 | ||
| 269 | $this->title = preg_replace('/[^A-Za-z0-9\-]/', '', $this->title); | ||
| 270 | |||
| 271 | return Response::create( | 268 | return Response::create( |
| 272 | $mobi->toString(), | 269 | $mobi->toString(), |
| 273 | 200, | 270 | 200, |
| @@ -275,7 +272,7 @@ class EntriesExport | |||
| 275 | 'Accept-Ranges' => 'bytes', | 272 | 'Accept-Ranges' => 'bytes', |
| 276 | 'Content-Description' => 'File Transfer', | 273 | 'Content-Description' => 'File Transfer', |
| 277 | 'Content-type' => 'application/x-mobipocket-ebook', | 274 | 'Content-type' => 'application/x-mobipocket-ebook', |
| 278 | 'Content-Disposition' => 'attachment; filename="' . $this->title . '.mobi"', | 275 | 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.mobi"', |
| 279 | 'Content-Transfer-Encoding' => 'binary', | 276 | 'Content-Transfer-Encoding' => 'binary', |
| 280 | ] | 277 | ] |
| 281 | ); | 278 | ); |
| @@ -348,7 +345,7 @@ class EntriesExport | |||
| 348 | [ | 345 | [ |
| 349 | 'Content-Description' => 'File Transfer', | 346 | 'Content-Description' => 'File Transfer', |
| 350 | 'Content-type' => 'application/pdf', | 347 | 'Content-type' => 'application/pdf', |
| 351 | 'Content-Disposition' => 'attachment; filename="' . $this->title . '.pdf"', | 348 | 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.pdf"', |
| 352 | 'Content-Transfer-Encoding' => 'binary', | 349 | 'Content-Transfer-Encoding' => 'binary', |
| 353 | ] | 350 | ] |
| 354 | ); | 351 | ); |
| @@ -394,7 +391,7 @@ class EntriesExport | |||
| 394 | 200, | 391 | 200, |
| 395 | [ | 392 | [ |
| 396 | 'Content-type' => 'application/csv', | 393 | 'Content-type' => 'application/csv', |
| 397 | 'Content-Disposition' => 'attachment; filename="' . $this->title . '.csv"', | 394 | 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.csv"', |
| 398 | 'Content-Transfer-Encoding' => 'UTF-8', | 395 | 'Content-Transfer-Encoding' => 'UTF-8', |
| 399 | ] | 396 | ] |
| 400 | ); | 397 | ); |
| @@ -412,7 +409,7 @@ class EntriesExport | |||
| 412 | 200, | 409 | 200, |
| 413 | [ | 410 | [ |
| 414 | 'Content-type' => 'application/json', | 411 | 'Content-type' => 'application/json', |
| 415 | 'Content-Disposition' => 'attachment; filename="' . $this->title . '.json"', | 412 | 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.json"', |
| 416 | 'Content-Transfer-Encoding' => 'UTF-8', | 413 | 'Content-Transfer-Encoding' => 'UTF-8', |
| 417 | ] | 414 | ] |
| 418 | ); | 415 | ); |
| @@ -430,7 +427,7 @@ class EntriesExport | |||
| 430 | 200, | 427 | 200, |
| 431 | [ | 428 | [ |
| 432 | 'Content-type' => 'application/xml', | 429 | 'Content-type' => 'application/xml', |
| 433 | 'Content-Disposition' => 'attachment; filename="' . $this->title . '.xml"', | 430 | 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.xml"', |
| 434 | 'Content-Transfer-Encoding' => 'UTF-8', | 431 | 'Content-Transfer-Encoding' => 'UTF-8', |
| 435 | ] | 432 | ] |
| 436 | ); | 433 | ); |
| @@ -456,7 +453,7 @@ class EntriesExport | |||
| 456 | 200, | 453 | 200, |
| 457 | [ | 454 | [ |
| 458 | 'Content-type' => 'text/plain', | 455 | 'Content-type' => 'text/plain', |
| 459 | 'Content-Disposition' => 'attachment; filename="' . $this->title . '.txt"', | 456 | 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.txt"', |
| 460 | 'Content-Transfer-Encoding' => 'UTF-8', | 457 | 'Content-Transfer-Encoding' => 'UTF-8', |
| 461 | ] | 458 | ] |
| 462 | ); | 459 | ); |
| @@ -499,4 +496,15 @@ class EntriesExport | |||
| 499 | 496 | ||
| 500 | return str_replace('%IMAGE%', '', $info); | 497 | return str_replace('%IMAGE%', '', $info); |
| 501 | } | 498 | } |
| 499 | |||
| 500 | /** | ||
| 501 | * Return a sanitized version of the title by applying translit iconv | ||
| 502 | * and removing non alphanumeric characters, - and space. | ||
| 503 | * | ||
| 504 | * @return string Sanitized filename | ||
| 505 | */ | ||
| 506 | private function getSanitizedFilename() | ||
| 507 | { | ||
| 508 | return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $this->title)); | ||
| 509 | } | ||
| 502 | } | 510 | } |
diff --git a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php index 6f3308e5..0c3d4c83 100644 --- a/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ExportControllerTest.php | |||
| @@ -98,7 +98,7 @@ class ExportControllerTest extends WallabagCoreTestCase | |||
| 98 | 98 | ||
| 99 | $headers = $client->getResponse()->headers; | 99 | $headers = $client->getResponse()->headers; |
| 100 | $this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type')); | 100 | $this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type')); |
| 101 | $this->assertSame('attachment; filename="' . preg_replace('/[^A-Za-z0-9\-]/', '', $content->getTitle()) . '.mobi"', $headers->get('content-disposition')); | 101 | $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($content->getTitle()) . '.mobi"', $headers->get('content-disposition')); |
| 102 | $this->assertSame('binary', $headers->get('content-transfer-encoding')); | 102 | $this->assertSame('binary', $headers->get('content-transfer-encoding')); |
| 103 | } | 103 | } |
| 104 | 104 | ||
| @@ -126,7 +126,7 @@ class ExportControllerTest extends WallabagCoreTestCase | |||
| 126 | 126 | ||
| 127 | $headers = $client->getResponse()->headers; | 127 | $headers = $client->getResponse()->headers; |
| 128 | $this->assertSame('application/pdf', $headers->get('content-type')); | 128 | $this->assertSame('application/pdf', $headers->get('content-type')); |
| 129 | $this->assertSame('attachment; filename="Tag_entries articles.pdf"', $headers->get('content-disposition')); | 129 | $this->assertSame('attachment; filename="Tag foo bar articles.pdf"', $headers->get('content-disposition')); |
| 130 | $this->assertSame('binary', $headers->get('content-transfer-encoding')); | 130 | $this->assertSame('binary', $headers->get('content-transfer-encoding')); |
| 131 | } | 131 | } |
| 132 | 132 | ||
| @@ -212,7 +212,7 @@ class ExportControllerTest extends WallabagCoreTestCase | |||
| 212 | 212 | ||
| 213 | $headers = $client->getResponse()->headers; | 213 | $headers = $client->getResponse()->headers; |
| 214 | $this->assertSame('application/json', $headers->get('content-type')); | 214 | $this->assertSame('application/json', $headers->get('content-type')); |
| 215 | $this->assertSame('attachment; filename="' . $contentInDB->getTitle() . '.json"', $headers->get('content-disposition')); | 215 | $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($contentInDB->getTitle()) . '.json"', $headers->get('content-disposition')); |
| 216 | $this->assertSame('UTF-8', $headers->get('content-transfer-encoding')); | 216 | $this->assertSame('UTF-8', $headers->get('content-transfer-encoding')); |
| 217 | 217 | ||
| 218 | $content = json_decode($client->getResponse()->getContent(), true); | 218 | $content = json_decode($client->getResponse()->getContent(), true); |
| @@ -281,4 +281,9 @@ class ExportControllerTest extends WallabagCoreTestCase | |||
| 281 | $this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at); | 281 | $this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at); |
| 282 | $this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at); | 282 | $this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at); |
| 283 | } | 283 | } |
| 284 | |||
| 285 | private function getSanitizedFilename($title) | ||
| 286 | { | ||
| 287 | return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $title)); | ||
| 288 | } | ||
| 284 | } | 289 | } |