diff options
author | francis <francis> | 2009-09-02 23:21:27 +0000 |
---|---|---|
committer | francis <francis> | 2009-09-02 23:21:27 +0000 |
commit | 1b16807345b57133239c46552b5bdf4d6912c9dd (patch) | |
tree | 5dc027bef7eb6ff6e6d4e802b4af21b5daaceca2 /app/controllers/request_controller.rb | |
parent | aa12112635207b923fbb453acac37edca8b0f4d7 (diff) |
Force correct filename for attachments.
Diffstat (limited to 'app/controllers/request_controller.rb')
-rw-r--r-- | app/controllers/request_controller.rb | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index c35e1688e..513c3716a 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: request_controller.rb,v 1.172 2009-09-02 17:00:51 francis Exp $ +# $Id: request_controller.rb,v 1.173 2009-09-02 23:21:27 francis Exp $ class RequestController < ApplicationController @@ -577,8 +577,11 @@ class RequestController < ApplicationController @attachment = IncomingMessage.get_attachment_by_url_part_number(@incoming_message.get_attachments_for_display, @part_number) - # Prevent spam to magic request address. - # It's a bit dodgy modifying a binary like this but hey. Some mime types are excluded for that reason. + # check filename in URL matches that in database (use a censor rule if you want to change a filename) + raise "please use same filename as original file has" if @attachment.display_filename != @original_filename + + # Prevent spam to magic request address. Note that the binary + # subsitution method used depends on the content type @attachment.body = @incoming_message.binary_mask_stuff(@attachment.body, @attachment.content_type) @attachment_url = get_attachment_url(:id => @incoming_message.info_request_id, |