Better handling of permissions for re-uploading a file that already exists (ticket:163)

2005-06-09 20:05:16 +00:00 · 2005-06-09 20:05:16 +00:00 · ebe0af1dfc
parent 04a8f80273
commit ebe0af1dfc
3 changed files with 14 additions and 12 deletions
--- a/2
+++ b/2
@ -5,6 +5,8 @@
          some other layout)
          <nowiki> tag can span several lines (before it was applied when both opening and closing 
          tags were on the same line only)
+          Resolved the "endless redirection loop" condition and otherwise improved handling of 
+          errors in the rendering engines

 * 0.10.1:
          Upgraded Rails to 0.12.0
--- a/app/models/file_yard.rb
+++ b/app/models/file_yard.rb
@ -6,10 +6,9 @@ class FileYard
  attr_reader :files_path

  def initialize(files_path, max_upload_size)
-    @files_path = files_path
-    @max_upload_size = max_upload_size
-    FileUtils.mkdir_p(files_path) unless File.exist?(files_path)
-    @files = Dir["#{files_path}/*"].collect{|path| File.basename(path) if File.file?(path) }.compact
+    @files_path, @max_upload_size = files_path, max_upload_size
+    FileUtils.mkdir_p(@files_path) unless File.exist?(@files_path)
+    @files = Dir["#{@files_path}/*"].collect{|path| File.basename(path) if File.file?(path) }.compact
  end

  def upload_file(name, io)
@ -17,6 +16,7 @@ class FileYard
    if io.kind_of?(Tempfile)
      io.close
      check_upload_size(io.size)
+      File.chmod(600, file_path(name)) if File.exists? file_path(name)
      FileUtils.mv(io.path, file_path(name))
    else
      content = io.read
@ -39,12 +39,12 @@ class FileYard
    "#{files_path}/#{name}"
  end

-  SANE_FILE_NAME = /[-_\.A-Za-z0-9]{1,255}/
+  SANE_FILE_NAME = /[a-zA-Z0-9\-_\. ]{1,255}/

  def sanitize_file_name(name)
-    unless name =~ SANE_FILE_NAME
+    unless name =~ SANE_FILE_NAME or name == '.' or name == '..'
      raise Instiki::ValidationError.new("Invalid file name: '#{name}'.\n" +
-            "Only latin characters, digits, dots, underscores and dashes are accepted.")
+            "Only latin characters, digits, dots, underscores, dashes and spaces are accepted.")
    end
  end
  
--- a/test/unit/file_yard_test.rb
+++ b/test/unit/file_yard_test.rb
@ -35,28 +35,28 @@ class FileYardTest < Test::Unit::TestCase

  def test_size_limit
    @yard = FileYard.new(file_path, 1)
-    one_kylobyte_string = "a" * 1024
+    one_kilobyte_string = "a" * 1.kilobyte

    # as StringIO
    assert_nothing_raised { 
-      @yard.upload_file('acceptable_file', StringIO.new(one_kylobyte_string)) 
+      @yard.upload_file('acceptable_file', StringIO.new(one_kilobyte_string)) 
    }
    assert_raises(Instiki::ValidationError) { 
-      @yard.upload_file('one_byte_too_long', StringIO.new(one_kylobyte_string + 'a')) 
+      @yard.upload_file('one_byte_too_long', StringIO.new(one_kilobyte_string + 'a')) 
    }

    # as Tempfile
    require 'tempfile'

    Tempfile.open('acceptable_file') do |f| 
-      f.write(one_kylobyte_string)
+      f.write(one_kilobyte_string)
      assert_nothing_raised { 
        @yard.upload_file('acceptable_file', f) 
      }
    end

    Tempfile.open('one_byte_too_long') do |f|
-      f.write(one_kylobyte_string + 'a')
+      f.write(one_kilobyte_string + 'a')
      assert_nothing_raised { 
        @yard.upload_file('one_byte_too_long_2', f)
      }