EntriesExport: sanitize filename and fix tests

Filename will now only use a-zA-Z0-9-' and space.

Fixes remaining filename issue on #3811

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf 2019-01-07 23:50:08 +01:00
parent ad5ef8bca0
commit dac93644e8
2 changed files with 26 additions and 13 deletions

View file

@ -223,7 +223,7 @@ class EntriesExport
[ [
'Content-Description' => 'File Transfer', 'Content-Description' => 'File Transfer',
'Content-type' => 'application/epub+zip', 'Content-type' => 'application/epub+zip',
'Content-Disposition' => 'attachment; filename="' . $this->title . '.epub"', 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.epub"',
'Content-Transfer-Encoding' => 'binary', 'Content-Transfer-Encoding' => 'binary',
] ]
); );
@ -265,9 +265,6 @@ class EntriesExport
} }
$mobi->setContentProvider($content); $mobi->setContentProvider($content);
// the browser inside Kindle Devices doesn't likes special caracters either, we limit to A-z/0-9
$this->title = preg_replace('/[^A-Za-z0-9\-]/', '', $this->title);
return Response::create( return Response::create(
$mobi->toString(), $mobi->toString(),
200, 200,
@ -275,7 +272,7 @@ class EntriesExport
'Accept-Ranges' => 'bytes', 'Accept-Ranges' => 'bytes',
'Content-Description' => 'File Transfer', 'Content-Description' => 'File Transfer',
'Content-type' => 'application/x-mobipocket-ebook', 'Content-type' => 'application/x-mobipocket-ebook',
'Content-Disposition' => 'attachment; filename="' . $this->title . '.mobi"', 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.mobi"',
'Content-Transfer-Encoding' => 'binary', 'Content-Transfer-Encoding' => 'binary',
] ]
); );
@ -348,7 +345,7 @@ class EntriesExport
[ [
'Content-Description' => 'File Transfer', 'Content-Description' => 'File Transfer',
'Content-type' => 'application/pdf', 'Content-type' => 'application/pdf',
'Content-Disposition' => 'attachment; filename="' . $this->title . '.pdf"', 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.pdf"',
'Content-Transfer-Encoding' => 'binary', 'Content-Transfer-Encoding' => 'binary',
] ]
); );
@ -394,7 +391,7 @@ class EntriesExport
200, 200,
[ [
'Content-type' => 'application/csv', 'Content-type' => 'application/csv',
'Content-Disposition' => 'attachment; filename="' . $this->title . '.csv"', 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.csv"',
'Content-Transfer-Encoding' => 'UTF-8', 'Content-Transfer-Encoding' => 'UTF-8',
] ]
); );
@ -412,7 +409,7 @@ class EntriesExport
200, 200,
[ [
'Content-type' => 'application/json', 'Content-type' => 'application/json',
'Content-Disposition' => 'attachment; filename="' . $this->title . '.json"', 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.json"',
'Content-Transfer-Encoding' => 'UTF-8', 'Content-Transfer-Encoding' => 'UTF-8',
] ]
); );
@ -430,7 +427,7 @@ class EntriesExport
200, 200,
[ [
'Content-type' => 'application/xml', 'Content-type' => 'application/xml',
'Content-Disposition' => 'attachment; filename="' . $this->title . '.xml"', 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.xml"',
'Content-Transfer-Encoding' => 'UTF-8', 'Content-Transfer-Encoding' => 'UTF-8',
] ]
); );
@ -456,7 +453,7 @@ class EntriesExport
200, 200,
[ [
'Content-type' => 'text/plain', 'Content-type' => 'text/plain',
'Content-Disposition' => 'attachment; filename="' . $this->title . '.txt"', 'Content-Disposition' => 'attachment; filename="' . $this->getSanitizedFilename() . '.txt"',
'Content-Transfer-Encoding' => 'UTF-8', 'Content-Transfer-Encoding' => 'UTF-8',
] ]
); );
@ -499,4 +496,15 @@ class EntriesExport
return str_replace('%IMAGE%', '', $info); return str_replace('%IMAGE%', '', $info);
} }
/**
* Return a sanitized version of the title by applying translit iconv
* and removing non alphanumeric characters, - and space.
*
* @return string Sanitized filename
*/
private function getSanitizedFilename()
{
return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $this->title));
}
} }

View file

@ -98,7 +98,7 @@ class ExportControllerTest extends WallabagCoreTestCase
$headers = $client->getResponse()->headers; $headers = $client->getResponse()->headers;
$this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type')); $this->assertSame('application/x-mobipocket-ebook', $headers->get('content-type'));
$this->assertSame('attachment; filename="' . preg_replace('/[^A-Za-z0-9\-]/', '', $content->getTitle()) . '.mobi"', $headers->get('content-disposition')); $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($content->getTitle()) . '.mobi"', $headers->get('content-disposition'));
$this->assertSame('binary', $headers->get('content-transfer-encoding')); $this->assertSame('binary', $headers->get('content-transfer-encoding'));
} }
@ -126,7 +126,7 @@ class ExportControllerTest extends WallabagCoreTestCase
$headers = $client->getResponse()->headers; $headers = $client->getResponse()->headers;
$this->assertSame('application/pdf', $headers->get('content-type')); $this->assertSame('application/pdf', $headers->get('content-type'));
$this->assertSame('attachment; filename="Tag_entries articles.pdf"', $headers->get('content-disposition')); $this->assertSame('attachment; filename="Tag foo bar articles.pdf"', $headers->get('content-disposition'));
$this->assertSame('binary', $headers->get('content-transfer-encoding')); $this->assertSame('binary', $headers->get('content-transfer-encoding'));
} }
@ -212,7 +212,7 @@ class ExportControllerTest extends WallabagCoreTestCase
$headers = $client->getResponse()->headers; $headers = $client->getResponse()->headers;
$this->assertSame('application/json', $headers->get('content-type')); $this->assertSame('application/json', $headers->get('content-type'));
$this->assertSame('attachment; filename="' . $contentInDB->getTitle() . '.json"', $headers->get('content-disposition')); $this->assertSame('attachment; filename="' . $this->getSanitizedFilename($contentInDB->getTitle()) . '.json"', $headers->get('content-disposition'));
$this->assertSame('UTF-8', $headers->get('content-transfer-encoding')); $this->assertSame('UTF-8', $headers->get('content-transfer-encoding'));
$content = json_decode($client->getResponse()->getContent(), true); $content = json_decode($client->getResponse()->getContent(), true);
@ -281,4 +281,9 @@ class ExportControllerTest extends WallabagCoreTestCase
$this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at); $this->assertNotEmpty('created_at', (string) $content->entry[0]->created_at);
$this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at); $this->assertNotEmpty('updated_at', (string) $content->entry[0]->updated_at);
} }
private function getSanitizedFilename($title)
{
return preg_replace('/[^A-Za-z0-9\- \']/', '', iconv('utf-8', 'us-ascii//TRANSLIT', $title));
}
} }