GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: Ensure max filename length for stored attachments, closes #7785

Browse Source
This commit is contained in:
Tom Moor
2024-10-16 23:18:18 -04:00
parent b55915c257
commit f0add849f9
2 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/models/helpers/AttachmentHelper.test.ts
+51
View File
@@ -0,0 +1,51 @@
import AttachmentHelper from "./AttachmentHelper";
describe("AttachmentHelper", () => {
describe("getKey", () => {
it("should return the correct key for a public attachment", () => {
const key = AttachmentHelper.getKey({
acl: "public-read",
id: "123",
name: "test.png",
userId: "456",
});
expect(key).toEqual("public/456/123/test.png");
});
it("should return the correct key for a private attachment", () => {
const key = AttachmentHelper.getKey({
acl: "private",
id: "123",
name: "test.png",
userId: "456",
});
expect(key).toEqual("uploads/456/123/test.png");
});
it("should return the correct key for a long file name", () => {
const key = AttachmentHelper.getKey({
acl: "public-read",
id: "123",
name: "a".repeat(300),
userId: "456",
});
expect(key).toEqual(
`public/456/123/${"a".repeat(AttachmentHelper.maximumFileNameLength)}`
);
});
it("should remove invalid characters from the key", () => {
const key = AttachmentHelper.getKey({
acl: "public-read",
id: "123",
name: "test/../one.png",
userId: "456",
});
expect(key).toEqual("public/456/123/test/one.png");
});
});
});
server/models/helpers/AttachmentHelper.ts
+5 -1
View File
@@ -10,6 +10,8 @@ export enum Buckets {
}
export default class AttachmentHelper {
static maximumFileNameLength = 255;
/**
* Get the upload location for the given upload details
*
@@ -31,7 +33,9 @@ export default class AttachmentHelper {
}) {
const bucket = acl === "public-read" ? Buckets.public : Buckets.uploads;
const keyPrefix = `${bucket}/${userId}/${id}`;
return ValidateKey.sanitize(`${keyPrefix}/${name}`);
return ValidateKey.sanitize(
`${keyPrefix}/${name.slice(0, this.maximumFileNameLength)}`
);
}
/**