Sanitize snippet file name in raw headers
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
This commit is contained in:
parent
f28a12a559
commit
118bd7178b
|
@ -68,7 +68,7 @@ class Projects::SnippetsController < Projects::ApplicationController
|
|||
@snippet.content,
|
||||
type: 'text/plain; charset=utf-8',
|
||||
disposition: 'inline',
|
||||
filename: @snippet.file_name
|
||||
filename: @snippet.sanitized_file_name
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -79,7 +79,7 @@ class SnippetsController < ApplicationController
|
|||
@snippet.content,
|
||||
type: 'text/plain; charset=utf-8',
|
||||
disposition: 'inline',
|
||||
filename: @snippet.file_name
|
||||
filename: @snippet.sanitized_file_name
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -64,6 +64,10 @@ class Snippet < ActiveRecord::Base
|
|||
file_name
|
||||
end
|
||||
|
||||
def sanitized_file_name
|
||||
file_name.gsub(/[^a-zA-Z0-9_\-\.]+/, '')
|
||||
end
|
||||
|
||||
def mode
|
||||
nil
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue