[HttpFoundation] Fix name sanitization after perfoming move

src/Symfony/Component/HttpFoundation/File/File.php

@@ -532,7 +532,7 @@ public function move($directory, $name = null)
             throw new FileException(sprintf('Unable to write in the "%s" directory', $directory));
         }
 
-        $target = $directory.DIRECTORY_SEPARATOR.(null === $name ? $this->getBasename() : basename($name));
+        $target = $directory.DIRECTORY_SEPARATOR.(null === $name ? $this->getBasename() : $this->getName($name));
 
         if (!@rename($this->getPathname(), $target)) {
             $error = error_get_last();
@@ -543,4 +543,20 @@ public function move($directory, $name = null)
 
         return new File($target);
     }
+
+    /**
+     * Returns locale independent base name of the given path.
+     *
+     * @param string $name The new file name
+     *
+     * @return string containing
+     */
+    protected function getName($name)
+    {
+        $originalName = str_replace('\\', '/', $name);
+        $pos = strrpos($originalName, '/');
+        $originalName = false === $pos ? $originalName : substr($originalName, $pos + 1);
+
+        return $originalName;
+    }
 }

src/Symfony/Component/HttpFoundation/File/UploadedFile.php

@@ -94,9 +94,7 @@ public function __construct($path, $originalName, $mimeType = null, $size = null
             throw new FileException(sprintf('Unable to create UploadedFile because "file_uploads" is disabled in your php.ini file (%s)', get_cfg_var('cfg_file_path')));
         }
 
-        $originalName = str_replace('\\', '/', $originalName);
-        $pos = strrpos($originalName, '/');
-        $this->originalName = false === $pos ? $originalName : substr($originalName, $pos + 1);
+        $this->originalName = $this->getName($originalName);
         $this->mimeType = $mimeType ?: 'application/octet-stream';
         $this->size = $size;
         $this->error = $error ?: UPLOAD_ERR_OK;
@@ -168,7 +166,7 @@ public function getError()
     /**
      * Returns whether the file was uploaded successfully.
      *
-     * @return Boolean  True if no error occurred during uploading
+     * @return Boolean True if no error occurred during uploading
      *
      * @api
      */

tests/Symfony/Tests/Component/HttpFoundation/File/FileTest.php

@@ -91,6 +91,41 @@ public function testMoveWithNewName()
         @unlink($targetPath);
     }
 
+    public function getFilenameFixtures()
+    {
+        return array(
+            array('original.gif', 'original.gif'),
+            array('..\\..\\original.gif', 'original.gif'),
+            array('../../original.gif', 'original.gif'),
+            array('файлfile.gif', 'файлfile.gif'),
+            array('..\\..\\файлfile.gif', 'файлfile.gif'),
+            array('../../файлfile.gif', 'файлfile.gif'),
+        );
+    }
+
+    /**
+     * @dataProvider getFilenameFixtures
+     */
+    public function testMoveWithNonLatinName($filename, $sanitizedFilename)
+    {
+        $path = __DIR__.'/Fixtures/'.$sanitizedFilename;
+        $targetDir = __DIR__.'/Fixtures/directory/';
+        $targetPath = $targetDir.$sanitizedFilename;
+        @unlink($path);
+        @unlink($targetPath);
+        copy(__DIR__.'/Fixtures/test.gif', $path);
+
+        $file = new File($path);
+        $movedFile = $file->move($targetDir,$filename);
+        $this->assertInstanceOf('Symfony\Component\HttpFoundation\File\File', $movedFile);
+
+        $this->assertTrue(file_exists($targetPath));
+        $this->assertFalse(file_exists($path));
+        $this->assertEquals(realpath($targetPath), $movedFile->getRealPath());
+
+        @unlink($targetPath);
+    }
+
     public function testMoveToAnUnexistentDirectory()
     {
         $sourcePath = __DIR__.'/Fixtures/test.copy.gif';