diff options
| -rw-r--r-- | app/controllers/request_controller.rb | 4 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 21 | ||||
| -rw-r--r-- | spec/fixtures/files/incoming-request-attachment-unknown-extension.email | 20 |
3 files changed, 37 insertions, 8 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 9c0855b8d..578e247d1 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -587,7 +587,7 @@ class RequestController < ApplicationController if foi_fragment_cache_exists?(key_path) cached = foi_fragment_cache_read(key_path) - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) or 'application/octet-stream' + response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' render_for_text(cached) return end @@ -609,7 +609,7 @@ class RequestController < ApplicationController @incoming_message.binary_mask_stuff!(@attachment.body, @attachment.content_type) # we don't use @attachment.content_type here, as we want same mime type when cached in cache_attachments above - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) or 'application/octet-stream' + response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' render :text => @attachment.body end diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index a543995f6..759ac5ea1 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -114,10 +114,19 @@ describe RequestController, "when showing one request" do get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 2, :file_name => ['hello.txt'] response.content_type.should == "text/plain" - response.should have_text(/Second hello/) + response.should have_text(/Second hello/) get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 3, :file_name => ['hello.txt'] response.content_type.should == "text/plain" - response.should have_text(/First hello/) + response.should have_text(/First hello/) + end + + it "should treat attachments with unknown extensions as binary" do + ir = info_requests(:fancy_dog_request) + receive_incoming_mail('incoming-request-attachment-unknown-extension.email', ir.incoming_email) + + get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 2, :file_name => ['hello.qwglhm'] + response.content_type.should == "application/octet-stream" + response.should have_text(/an unusual sort of file/) end it "should not download attachments with wrong file name" do @@ -144,7 +153,7 @@ describe RequestController, "when showing one request" do get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 2, :file_name => ['hello.txt'] response.content_type.should == "text/plain" - response.should have_text(/xxxxxx hello/) + response.should have_text(/xxxxxx hello/) end it "should censor with rules on the user (rather than the request)" do @@ -161,7 +170,7 @@ describe RequestController, "when showing one request" do get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 2, :file_name => ['hello.txt'] response.content_type.should == "text/plain" - response.should have_text(/xxxxxx hello/) + response.should have_text(/xxxxxx hello/) end it "should censor attachment names" do @@ -254,11 +263,11 @@ describe RequestController, "when changing prominence of a request" do get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 2 response.content_type.should == "text/html" - response.should_not have_text(/Second hello/) + response.should_not have_text(/Second hello/) response.should render_template('request/hidden') get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 3 response.content_type.should == "text/html" - response.should_not have_text(/First hello/) + response.should_not have_text(/First hello/) response.should render_template('request/hidden') end diff --git a/spec/fixtures/files/incoming-request-attachment-unknown-extension.email b/spec/fixtures/files/incoming-request-attachment-unknown-extension.email new file mode 100644 index 000000000..b3485ec2d --- /dev/null +++ b/spec/fixtures/files/incoming-request-attachment-unknown-extension.email @@ -0,0 +1,20 @@ +From: EMAIL_FROM +To: FOI Person <EMAIL_TO> +Subject: Same attachment twice +Content-Type: multipart/mixed; boundary="Q68bSM7Ycu6FN28Q" +Content-Disposition: inline + + +--Q68bSM7Ycu6FN28Q +Content-Type: text/plain; charset=utf-8 +Content-Disposition: inline + + + +--Q68bSM7Ycu6FN28Q +Content-Type: application/x-nonsense +Content-Disposition: attachment; filename="hello.qwglhm" + +This is an unusual sort of file. + +--Q68bSM7Ycu6FN28Q |