aboutsummaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorKevin Decherf <kevin@kdecherf.com>2019-01-07 23:50:08 +0100
committerKevin Decherf <kevin@kdecherf.com>2019-01-08 15:13:35 +0100
commitdac93644e8585cc6b2ea1a0409b11ed82bb8169d (patch)
tree6ac87a2f9e70f5ea2668e5d84e21dba5c85e2795 /src
parentad5ef8bca0c0321f348dcf402e0a20791eca3f4d (diff)
downloadwallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.tar.gz
wallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.tar.zst
wallabag-dac93644e8585cc6b2ea1a0409b11ed82bb8169d.zip
EntriesExport: sanitize filename and fix tests
Filename will now only use a-zA-Z0-9-' and space. Fixes remaining filename issue on #3811 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
Diffstat (limited to 'src')
-rw-r--r--src/Wallabag/CoreBundle/Helper/EntriesExport.php28
1 files changed, 18 insertions, 10 deletions
diff --git a/src/Wallabag/CoreBundle/Helper/EntriesExport.php b/src/Wallabag/CoreBundle/Helper/EntriesExport.php
index 1debdf8e..1a611199 100644
--- a/src/Wallabag/CoreBundle/Helper/EntriesExport.php
+++ b/src/Wallabag/CoreBundle/Helper/EntriesExport.php
@@ -223,7 +223,7 @@ class EntriesExport
223 [ 223 [
224 'Content-Description' => 'File Transfer', 224 'Content-Description' => 'File Transfer',
225 'Content-type' => 'application/epub+zip', 225 'Content-type' => 'application/epub+zip',
226 'Content-Disposition' => 'attachment; filename="' . $this->title . '.epub"', 226 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.epub"',
227 'Content-Transfer-Encoding' => 'binary', 227 'Content-Transfer-Encoding' => 'binary',
228 ] 228 ]
229 ); 229 );
@@ -265,9 +265,6 @@ class EntriesExport
265 } 265 }
266 $mobi->setContentProvider($content); 266 $mobi->setContentProvider($content);
267 267
268 // the browser inside Kindle Devices doesn't likes special caracters either, we limit to A-z/0-9
269 $this->title = preg_replace('/[^A-Za-z0-9\-]/', '', $this->title);
270
271 return Response::create( 268 return Response::create(
272 $mobi->toString(), 269 $mobi->toString(),
273 200, 270 200,
@@ -275,7 +272,7 @@ class EntriesExport
275 'Accept-Ranges' => 'bytes', 272 'Accept-Ranges' => 'bytes',
276 'Content-Description' => 'File Transfer', 273 'Content-Description' => 'File Transfer',
277 'Content-type' => 'application/x-mobipocket-ebook', 274 'Content-type' => 'application/x-mobipocket-ebook',
278 'Content-Disposition' => 'attachment; filename="' . $this->title . '.mobi"', 275 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.mobi"',
279 'Content-Transfer-Encoding' => 'binary', 276 'Content-Transfer-Encoding' => 'binary',
280 ] 277 ]
281 ); 278 );
@@ -348,7 +345,7 @@ class EntriesExport
348 [ 345 [
349 'Content-Description' => 'File Transfer', 346 'Content-Description' => 'File Transfer',
350 'Content-type' => 'application/pdf', 347 'Content-type' => 'application/pdf',
351 'Content-Disposition' => 'attachment; filename="' . $this->title . '.pdf"', 348 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.pdf"',
352 'Content-Transfer-Encoding' => 'binary', 349 'Content-Transfer-Encoding' => 'binary',
353 ] 350 ]
354 ); 351 );
@@ -394,7 +391,7 @@ class EntriesExport
394 200, 391 200,
395 [ 392 [
396 'Content-type' => 'application/csv', 393 'Content-type' => 'application/csv',
397 'Content-Disposition' => 'attachment; filename="' . $this->title . '.csv"', 394 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.csv"',
398 'Content-Transfer-Encoding' => 'UTF-8', 395 'Content-Transfer-Encoding' => 'UTF-8',
399 ] 396 ]
400 ); 397 );
@@ -412,7 +409,7 @@ class EntriesExport
412 200, 409 200,
413 [ 410 [
414 'Content-type' => 'application/json', 411 'Content-type' => 'application/json',
415 'Content-Disposition' => 'attachment; filename="' . $this->title . '.json"', 412 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.json"',
416 'Content-Transfer-Encoding' => 'UTF-8', 413 'Content-Transfer-Encoding' => 'UTF-8',
417 ] 414 ]
418 ); 415 );
@@ -430,7 +427,7 @@ class EntriesExport
430 200, 427 200,
431 [ 428 [
432 'Content-type' => 'application/xml', 429 'Content-type' => 'application/xml',
433 'Content-Disposition' => 'attachment; filename="' . $this->title . '.xml"', 430 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.xml"',
434 'Content-Transfer-Encoding' => 'UTF-8', 431 'Content-Transfer-Encoding' => 'UTF-8',
435 ] 432 ]
436 ); 433 );
@@ -456,7 +453,7 @@ class EntriesExport
456 200, 453 200,
457 [ 454 [
458 'Content-type' => 'text/plain', 455 'Content-type' => 'text/plain',
459 'Content-Disposition' => 'attachment; filename="' . $this->title . '.txt"', 456 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.txt"',
460 'Content-Transfer-Encoding' => 'UTF-8', 457 'Content-Transfer-Encoding' => 'UTF-8',
461 ] 458 ]
462 ); 459 );
@@ -499,4 +496,15 @@ class EntriesExport
499 496
500 return str_replace('%IMAGE%', '', $info); 497 return str_replace('%IMAGE%', '', $info);
501 } 498 }
499
500 /**
501 * Return a sanitized version of the title by applying translit iconv
502 * and removing non alphanumeric characters, - and space.
503 *
504 * @return string Sanitized filename
505 */
506 private function getSanitizedFilename()
507 {
508 return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $this->title));
509 }
502} 510}