From 69691fa7a6ce42c41608fa39cdc0c7145b13b1fb Mon Sep 17 00:00:00 2001 From: cpradio Date: Fri, 16 Sep 2016 15:20:42 -0400 Subject: [PATCH] FIX: Backup validation wasn't escaping hyphens Conflicts: spec/controllers/admin/backups_controller_spec.rb --- app/controllers/admin/backups_controller.rb | 2 +- spec/controllers/admin/backups_controller_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/admin/backups_controller.rb b/app/controllers/admin/backups_controller.rb index 6222fc2b088..82aebfc6c9d 100644 --- a/app/controllers/admin/backups_controller.rb +++ b/app/controllers/admin/backups_controller.rb @@ -119,7 +119,7 @@ class Admin::BackupsController < Admin::AdminController return render status: 415, text: I18n.t("backup.backup_file_should_be_tar_gz") unless /\.(tar\.gz|t?gz)$/i =~ filename return render status: 415, text: I18n.t("backup.not_enough_space_on_disk") unless has_enough_space_on_disk?(total_size) - return render status: 415, text: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\.-_]+$/ =~ filename) + return render status: 415, text: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\._-]+$/ =~ filename) file = params.fetch(:file) identifier = params.fetch(:resumableIdentifier) diff --git a/spec/controllers/admin/backups_controller_spec.rb b/spec/controllers/admin/backups_controller_spec.rb index dc44007ca3e..8ecfe105a9c 100644 --- a/spec/controllers/admin/backups_controller_spec.rb +++ b/spec/controllers/admin/backups_controller_spec.rb @@ -209,8 +209,8 @@ describe Admin::BackupsController do describe "when filename is valid" do it "should upload the file successfully" do xhr :post, :upload_backup_chunk, - resumableFilename: 'test.tar.gz', - resumableTotalSize: '1', + resumableFilename: 'test_Site-0123456789.tar.gz', + resumableTotalSize: 1, resumableIdentifier: 'test', resumableChunkNumber: '1', resumableChunkSize: '1',