diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2014-04-12 10:16:41 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2014-04-12 10:16:41 +0200 |
| commit | da834a96f9c1b9cff20b01098046925c7182d5e3 (patch) | |
| tree | f5886536f5193671cb8b9f5baf50b74e8c244bfb | |
| parent | c1bcc1e7b3b69e43fffb2877bc6c0b75720beb18 (diff) | |
| parent | 106be54de3e8295e74cf3ab27c6062993b2786e8 (diff) | |
| download | forums-da834a96f9c1b9cff20b01098046925c7182d5e3.tar forums-da834a96f9c1b9cff20b01098046925c7182d5e3.tar.gz forums-da834a96f9c1b9cff20b01098046925c7182d5e3.tar.bz2 forums-da834a96f9c1b9cff20b01098046925c7182d5e3.tar.xz forums-da834a96f9c1b9cff20b01098046925c7182d5e3.zip | |
Merge remote-tracking branch 'marc/ticket/12211' into develop-ascraeus
* marc/ticket/12211:
[ticket/12211] Do not run attachment file names twice through htmlspecialchars
| -rw-r--r-- | phpBB/includes/functions_upload.php | 2 | ||||
| -rw-r--r-- | tests/upload/filespec_test.php | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 04d483e14c..9d61e39c98 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -64,7 +64,7 @@ class filespec $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; $name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name']; - $name = trim(utf8_htmlspecialchars(utf8_basename($name))); + $name = trim(utf8_basename($name)); $this->realname = $this->uploadname = $name; $this->mimetype = $upload_ary['type']; diff --git a/tests/upload/filespec_test.php b/tests/upload/filespec_test.php index 492f31cee6..2d46fd4058 100644 --- a/tests/upload/filespec_test.php +++ b/tests/upload/filespec_test.php @@ -273,4 +273,18 @@ class phpbb_filespec_test extends phpbb_test_case $phpEx = ''; } + + /** + * @dataProvider clean_filename_variables + */ + public function test_uploadname($filename) + { + $type_cast_helper = new \phpbb\request\type_cast_helper(); + + $upload_name = ''; + $type_cast_helper->set_var($upload_name, $filename, 'string', true, true); + $filespec = $this->get_filespec(array('name'=> $upload_name)); + + $this->assertSame(trim(utf8_basename(htmlspecialchars($filename))), $filespec->uploadname); + } } |