From 4120afb131462de482b89e791edc1d7a71ef86a6 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Mon, 25 Jun 2018 11:25:30 +0200 Subject: [PATCH] Fixed issue #1246 - Filename of images (c&p) downloaded via lightbox is invalid. --- lib/html_sanitizer.rb | 8 ++++++- lib/static_assets.rb | 4 ++++ .../ticket_articles_controller_test.rb | 2 +- test/controllers/tickets_controller_test.rb | 9 +++++--- test/unit/aaa_string_test.rb | 21 +++++++++++++++++++ 5 files changed, 39 insertions(+), 5 deletions(-) diff --git a/lib/html_sanitizer.rb b/lib/html_sanitizer.rb index 6305013a4..a83892bf9 100644 --- a/lib/html_sanitizer.rb +++ b/lib/html_sanitizer.rb @@ -422,14 +422,20 @@ reolace inline images with cid images def self.replace_inline_images(string, prefix = rand(999_999_999)) attachments_inline = [] + filename_counter = 0 scrubber = Loofah::Scrubber.new do |node| if node.name == 'img' if node['src'] && node['src'] =~ %r{^(data:image/(jpeg|png);base64,.+?)$}i + filename_counter += 1 file_attributes = StaticAssets.data_url_attributes($1) cid = "#{prefix}.#{rand(999_999_999)}@#{Setting.get('fqdn')}" + filename = cid + if file_attributes[:file_extention].present? + filename = "image#{filename_counter}.#{file_attributes[:file_extention]}" + end attachment = { data: file_attributes[:content], - filename: cid, + filename: filename, preferences: { 'Content-Type' => file_attributes[:mime_type], 'Mime-Type' => file_attributes[:mime_type], diff --git a/lib/static_assets.rb b/lib/static_assets.rb index b9a17e133..a6ccb2c38 100644 --- a/lib/static_assets.rb +++ b/lib/static_assets.rb @@ -9,6 +9,7 @@ returns { mime_type: 'image/png', content: image_bin_content, + file_extention: 'png', } =end @@ -18,6 +19,9 @@ returns if data_url =~ /^data:(.+?);base64,(.+?)$/ data[:mime_type] = $1 data[:content] = Base64.decode64($2) + if data[:mime_type] =~ %r{/(.+?)$} + data[:file_extention] = $1 + end return data end raise "Unable to parse data url: #{data_url.substr(0, 100)}" diff --git a/test/controllers/ticket_articles_controller_test.rb b/test/controllers/ticket_articles_controller_test.rb index f37271792..840f154e8 100644 --- a/test/controllers/ticket_articles_controller_test.rb +++ b/test/controllers/ticket_articles_controller_test.rb @@ -110,7 +110,7 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO assert_equal(0, ticket.articles[1].attachments.count) assert_equal(1, ticket.articles[2].attachments.count) assert(ticket.articles[2].attachments[0]['id']) - assert_match(/@zammad.example.com/, ticket.articles[2].attachments[0]['filename']) + assert_equal('image1.png', ticket.articles[2].attachments[0]['filename']) assert_equal('21', ticket.articles[2].attachments[0]['size']) assert_equal('image/png', ticket.articles[2].attachments[0]['preferences']['Mime-Type']) assert_equal('inline', ticket.articles[2].attachments[0]['preferences']['Content-Disposition']) diff --git a/test/controllers/tickets_controller_test.rb b/test/controllers/tickets_controller_test.rb index 04587b0b2..01f1b9a45 100644 --- a/test/controllers/tickets_controller_test.rb +++ b/test/controllers/tickets_controller_test.rb @@ -626,13 +626,15 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO assert_equal(2, ticket.articles.first.attachments.count) file = ticket.articles.first.attachments[0] assert_equal('d3c1e09bdefb92b6a06b791a24ca9599', Digest::MD5.hexdigest(file.content)) - assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.filename) + assert_equal('image1.png', file.filename) assert_equal('image/png', file.preferences['Mime-Type']) + assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID']) assert(file.preferences['Content-ID']) file = ticket.articles.first.attachments[1] assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content)) - assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.filename) + assert_equal('image2.jpeg', file.filename) assert_equal('image/jpeg', file.preferences['Mime-Type']) + assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID']) assert(file.preferences['Content-ID']) end @@ -670,9 +672,10 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO assert_equal(2, ticket.articles.first.attachments.count) file = ticket.articles.first.attachments[0] assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content)) - assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.filename) + assert_equal('image1.jpeg', file.filename) assert_equal('image/jpeg', file.preferences['Mime-Type']) assert(file.preferences['Content-ID']) + assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID']) file = ticket.articles.first.attachments[1] assert_equal('39d0d586a701e199389d954f2d592720', Digest::MD5.hexdigest(file.content)) assert_equal('some_file.txt', file.filename) diff --git a/test/unit/aaa_string_test.rb b/test/unit/aaa_string_test.rb index 1ab4ddaef..cee19da8f 100644 --- a/test/unit/aaa_string_test.rb +++ b/test/unit/aaa_string_test.rb @@ -1020,16 +1020,28 @@ html.html2html_strict (body, attachments_inline) = HtmlSanitizer.replace_inline_images(html) assert_match(//, body) assert(1, attachments_inline.count) + assert_equal('image1.jpeg', attachments_inline[0][:filename]) + assert_equal('image/jpeg', attachments_inline[0][:preferences]['Content-Type']) + assert_match(/@#{Setting.get('fqdn')}/, attachments_inline[0][:preferences]['Content-ID']) + assert_equal('inline', attachments_inline[0][:preferences]['Content-Disposition']) html = 'abc' (body, attachments_inline) = HtmlSanitizer.replace_inline_images(html) assert_match(/abc/, body) assert(1, attachments_inline.count) + assert_equal('image1.jpeg', attachments_inline[0][:filename]) + assert_equal('image/jpeg', attachments_inline[0][:preferences]['Content-Type']) + assert_match(/@#{Setting.get('fqdn')}/, attachments_inline[0][:preferences]['Content-ID']) + assert_equal('inline', attachments_inline[0][:preferences]['Content-Disposition']) html = 'abc/, body) assert(1, attachments_inline.count) + assert_equal('image1.jpeg', attachments_inline[0][:filename]) + assert_equal('image/jpeg', attachments_inline[0][:preferences]['Content-Type']) + assert_match(/@#{Setting.get('fqdn')}/, attachments_inline[0][:preferences]['Content-ID']) + assert_equal('inline', attachments_inline[0][:preferences]['Content-Disposition']) html = 'abc' (body, attachments_inline) = HtmlSanitizer.replace_inline_images(html) @@ -1040,6 +1052,15 @@ html.html2html_strict (body, attachments_inline) = HtmlSanitizer.replace_inline_images(html) assert_match(/
\s+

123<\/p>\s+\s+<\/div>/, body) assert(2, attachments_inline.count) + assert_equal('image1.jpeg', attachments_inline[0][:filename]) + assert_equal('image/jpeg', attachments_inline[0][:preferences]['Content-Type']) + assert_match(/@#{Setting.get('fqdn')}/, attachments_inline[0][:preferences]['Content-ID']) + assert_equal('inline', attachments_inline[0][:preferences]['Content-Disposition']) + + assert_equal('image2.jpeg', attachments_inline[1][:filename]) + assert_equal('image/jpeg', attachments_inline[1][:preferences]['Content-Type']) + assert_match(/@#{Setting.get('fqdn')}/, attachments_inline[1][:preferences]['Content-ID']) + assert_equal('inline', attachments_inline[1][:preferences]['Content-Disposition']) end test 'set dynamic image size' do