François Beausoleil
2005-Sep-08 14:12 UTC
[BUG][file_column] filename sanitization error patch
Hello Sebastian,
In another thread, I said filenames were not properly sanitized. I
found the reason why:
Index: lib/file_column.rb
==================================================================---
lib/file_column.rb (revision 4915)
+++ lib/file_column.rb (revision 4917)
@@ -249,7 +249,7 @@
def self.sanitize_filename(filename)
filename = File.basename(filename.gsub("\\", "/"))
#
work-around for IE
- filename.gsub(/[^a-zA-Z0-9\.\-\+_]/,"_")
+ filename.gsub!(/[^a-zA-Z0-9\.\-\+_]/,"_")
filename = "_#{filename}" if filename =~ /^\.+$/
filename
end
Notice I am now using gsub!() from gsub().
Bye !
François
Wagner Narde
2005-Sep-08 21:26 UTC
Re: [BUG][file_column] filename sanitization error patch
Someone forgot the "filename = " On 9/8/05, François Beausoleil <fbeausoleil-IQIa899fVSs@public.gmane.org> wrote:> > Hello Sebastian, > > In another thread, I said filenames were not properly sanitized. I > found the reason why: > Index: lib/file_column.rb > ==================================================================> --- lib/file_column.rb (revision 4915) > +++ lib/file_column.rb (revision 4917) > @@ -249,7 +249,7 @@ > > def self.sanitize_filename(filename) > filename = File.basename(filename.gsub("\\", "/")) # > work-around for IE > - filename.gsub(/[^a-zA-Z0-9\.\-\+_]/,"_") > + filename.gsub!(/[^a-zA-Z0-9\.\-\+_]/,"_") > filename = "_#{filename}" if filename =~ /^\.+$/ > filename > end > > Notice I am now using gsub!() from gsub(). > > Bye ! > François > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Wagner Narde wnarde-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails