Avoid invalid WikiFile links
Reported by Andrew Stacey.
This commit is contained in:
Jacques Distler
parent
66b8f3454d
commit
b48a56028a
3 changed files with 19 additions and 4 deletions
|
|
@ -12,10 +12,9 @@ class WikiFile < ActiveRecord::Base
|
|||
first(:conditions => ['file_name = ?', file_name])
|
||||
end
|
||||
|
||||
SANE_FILE_NAME = /^[a-zA-Z0-9\-_\. ]*$/
|
||||
def validate
|
||||
if file_name
|
||||
if file_name !~ SANE_FILE_NAME
|
||||
if ! is_valid?(file_name)
|
||||
errors.add("file_name", "is invalid. Only latin characters, digits, dots, underscores, " +
|
||||
"dashes and spaces are accepted")
|
||||
elsif file_name == '.' or file_name == '..'
|
||||
|
|
@ -58,7 +57,10 @@ class WikiFile < ActiveRecord::Base
|
|||
require 'fileutils'
|
||||
FileUtils.rm_f(content_path) if File.exists?(content_path)
|
||||
end
|
||||
|
||||
|
||||
|
||||
SANE_FILE_NAME = /^[a-zA-Z0-9\-_\. ]*$/
|
||||
def self.is_valid?(name)
|
||||
name =~ SANE_FILE_NAME
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue