From 455070f2ea576775fe28f0bb2d01a6b62d2dc7d0 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Mon, 4 Apr 2022 13:56:40 -0300
Subject: [PATCH 1/3] normalizar todas las strings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

convierte la codificación de windows/osx en unicode normalizado.
---
 app/models/metadata_markdown.rb         | 2 +-
 app/models/metadata_markdown_content.rb | 2 +-
 app/models/metadata_permalink.rb        | 2 +-
 app/models/metadata_string.rb           | 2 +-
 app/models/metadata_template.rb         | 9 ++++++---
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/app/models/metadata_markdown.rb b/app/models/metadata_markdown.rb
index 1e8b4fc8..7816ec33 100644
--- a/app/models/metadata_markdown.rb
+++ b/app/models/metadata_markdown.rb
@@ -12,6 +12,6 @@ class MetadataMarkdown < MetadataText
   # markdown y se eliminan autolinks.  Mejor es habilitar la generación
   # SAFE de CommonMark en la configuración del sitio.
   def sanitize(string)
-    string
+    string.unicode_normalize(:nfkc)
   end
 end
diff --git a/app/models/metadata_markdown_content.rb b/app/models/metadata_markdown_content.rb
index 92a1ab21..cb4124db 100644
--- a/app/models/metadata_markdown_content.rb
+++ b/app/models/metadata_markdown_content.rb
@@ -25,6 +25,6 @@ class MetadataMarkdownContent < MetadataText
   # markdown y se eliminan autolinks.  Mejor es deshabilitar la
   # generación SAFE de CommonMark en la configuración del sitio.
   def sanitize(string)
-    string.tr("\r", '')
+    string.tr("\r", '').unicode_normalize(:nfkc)
   end
 end
diff --git a/app/models/metadata_permalink.rb b/app/models/metadata_permalink.rb
index 59b68461..9b0c063c 100644
--- a/app/models/metadata_permalink.rb
+++ b/app/models/metadata_permalink.rb
@@ -19,7 +19,7 @@ class MetadataPermalink < MetadataString
   # puntos suspensivos, la primera / para que siempre sea relativa y
   # agregamos una / al final si la ruta no tiene extensión.
   def sanitize(value)
-    value  = value.strip.gsub('..', '/').gsub('./', '').squeeze('/')
+    value  = value.strip.unicode_normalize(:nfkc).gsub('..', '/').gsub('./', '').squeeze('/')
     value  = value[1..-1] if value.start_with? '/'
     value += '/' if File.extname(value).blank?
 
diff --git a/app/models/metadata_string.rb b/app/models/metadata_string.rb
index 95aac4d4..28bfe82a 100644
--- a/app/models/metadata_string.rb
+++ b/app/models/metadata_string.rb
@@ -17,7 +17,7 @@ class MetadataString < MetadataTemplate
   def sanitize(string)
     return '' if string.blank?
 
-    sanitizer.sanitize(string.strip,
+    sanitizer.sanitize(string.strip.unicode_normalize(:nfkc),
                        tags: [],
                        attributes: []).strip.html_safe
   end
diff --git a/app/models/metadata_template.rb b/app/models/metadata_template.rb
index 5baa7a4a..a72f8e83 100644
--- a/app/models/metadata_template.rb
+++ b/app/models/metadata_template.rb
@@ -184,9 +184,12 @@ MetadataTemplate = Struct.new(:site, :document, :name, :label, :type,
     return if string.nil?
     return string unless string.is_a? String
 
-    sanitizer.sanitize(string.tr("\r", ''),
-                       tags: allowed_tags,
-                       attributes: allowed_attributes).strip.html_safe
+    sanitizer
+      .sanitize(string.tr("\r", '').unicode_normalize(:nfkc),
+                tags: allowed_tags,
+                attributes: allowed_attributes)
+      .strip
+      .html_safe
   end
 
   def sanitizer

From 30bc14d83e790c6540a6fb19e8afa8184eef6c37 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Mon, 4 Apr 2022 14:27:00 -0300
Subject: [PATCH 2/3] normalizar los nombres de archivo enviados por subida
 directa

---
 .../direct_uploads_controller_decorator.rb            | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/app/controllers/active_storage/direct_uploads_controller_decorator.rb b/app/controllers/active_storage/direct_uploads_controller_decorator.rb
index f27c4cfb..3052f974 100644
--- a/app/controllers/active_storage/direct_uploads_controller_decorator.rb
+++ b/app/controllers/active_storage/direct_uploads_controller_decorator.rb
@@ -11,6 +11,17 @@ module ActiveStorage
         blob = ActiveStorage::Blob.create_before_direct_upload!(service_name: session[:service_name], **blob_args)
         render json: direct_upload_json(blob)
       end
+
+      private
+
+      # Normalizar los caracteres unicode en los nombres de archivos
+      # para que puedan propagarse correctamente a través de todo el
+      # stack.
+      def blob_args
+        params.require(:blob).permit(:filename, :byte_size, :checksum, :content_type, metadata: {}).to_h.symbolize_keys.tap do |ba|
+          ba[:filename] = ba[:filename].unicode_normalize(:nfkc)
+        end
+      end
     end
   end
 end

From 4d6a26d67178ec90e4b8f580889cee528f74d195 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Mon, 4 Apr 2022 14:32:58 -0300
Subject: [PATCH 3/3] normalizar todos los nombres de archivos subidos

---
 .../http/uploaded_file_decorator.rb           | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 app/lib/action_dispatch/http/uploaded_file_decorator.rb

diff --git a/app/lib/action_dispatch/http/uploaded_file_decorator.rb b/app/lib/action_dispatch/http/uploaded_file_decorator.rb
new file mode 100644
index 00000000..c171c81c
--- /dev/null
+++ b/app/lib/action_dispatch/http/uploaded_file_decorator.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  module Http
+    # Normaliza los nombres de archivo para que se propaguen
+    # correctamente a través de todo el stack.
+    module UploadedFileDecorator
+      extend ActiveSupport::Concern
+
+      included do
+        # Devolver el nombre de archivo con caracteres unicode
+        # normalizados
+        def original_filename
+          @original_filename.unicode_normalize(:nfkc)
+        end
+      end
+    end
+  end
+end
+
+ActionDispatch::Http::UploadedFile.include ActionDispatch::Http::UploadedFileDecorator