Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUG Fixed critical issue with Folder::find_or_make failing to handle …

…invalid filename characters

BUG Fix UploadField duplicate checking with invalid folderName
  • Loading branch information...
commit ebeb663ddf9cd254eb076333b492d5a989f13135 1 parent 429fdfa
Damian Mooyman tractorcow authored
23 filesystem/Folder.php
View
@@ -57,20 +57,23 @@ public static function find_or_make($folderPath) {
$parentID = 0;
$item = null;
+ $filter = FileNameFilter::create();
foreach($parts as $part) {
if(!$part) continue; // happens for paths with a trailing slash
- $item = DataObject::get_one(
- "Folder",
- sprintf(
- "\"Name\" = '%s' AND \"ParentID\" = %d",
- Convert::raw2sql($part),
- (int)$parentID
- )
- );
+
+ // Ensure search includes folders with illegal characters removed, but
+ // err in favour of matching existing folders if $folderPath
+ // includes illegal characters itself.
+ $partSafe = $filter->filter($part);
+ $item = Folder::get()->filter(array(
+ 'ParentID' => $parentID,
+ 'Name' => array($partSafe, $part)
+ ))->first();
+
if(!$item) {
$item = new Folder();
$item->ParentID = $parentID;
- $item->Name = $part;
+ $item->Name = $partSafe;
$item->Title = $part;
$item->write();
}
@@ -460,7 +463,7 @@ public function getCMSFields() {
* Get the children of this folder that are also folders.
*/
public function ChildFolders() {
- return DataObject::get("Folder", "\"ParentID\" = " . (int)$this->ID);
+ return Folder::get()->filter('ParentID', $this->ID);
}
/**
8 forms/UploadField.php
View
@@ -1273,11 +1273,15 @@ public function fileexists(SS_HTTPRequest $request) {
$nameFilter = FileNameFilter::create();
$filteredFile = basename($nameFilter->filter($originalFile));
+ // Resolve expected folder name
+ $folderName = $this->getFolderName();
+ $folder = Folder::find_or_make($folderName);
+ $parentPath = BASE_PATH."/".$folder->getFilename();
+
// check if either file exists
- $folder = $this->getFolderName();
$exists = false;
foreach(array($originalFile, $filteredFile) as $file) {
- if(file_exists(ASSETS_PATH."/$folder/$file")) {
+ if(file_exists($parentPath.$file)) {
$exists = true;
break;
}
17 tests/filesystem/FolderTest.php
View
@@ -338,4 +338,21 @@ public function testSyncedChildren() {
))->count());
}
+ public function testIllegalFilenames() {
+
+ // Test that generating a filename with invalid characters generates a correctly named folder.
+ $folder = Folder::find_or_make('/FolderTest/EN_US Lang');
+ $this->assertEquals(ASSETS_DIR.'/FolderTest/EN-US-Lang/', $folder->getRelativePath());
+
+ // Test repeatitions of folder
+ $folder2 = Folder::find_or_make('/FolderTest/EN_US Lang');
+ $this->assertEquals($folder->ID, $folder2->ID);
+
+ $folder3 = Folder::find_or_make('/FolderTest/EN--US_L!ang');
+ $this->assertEquals($folder->ID, $folder3->ID);
+
+ $folder4 = Folder::find_or_make('/FolderTest/EN-US-Lang');
+ $this->assertEquals($folder->ID, $folder4->ID);
+ }
+
}

1 comment on commit ebeb663

Fred Condo

Please see #2997

Please sign in to comment.
Something went wrong with that request. Please try again.