Commit d35e9456 authored by jplang's avatar jplang

Changes the digest used for attachments to SHA256 (#25240).

Patch by Jens Kraemer.

git-svn-id: https://svn.redmine.org/redmine/trunk@16454 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 768e6be0
......@@ -15,7 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require "digest/md5"
require "digest"
require "fileutils"
class Attachment < ActiveRecord::Base
......@@ -116,20 +116,20 @@ class Attachment < ActiveRecord::Base
unless File.directory?(path)
FileUtils.mkdir_p(path)
end
md5 = Digest::MD5.new
sha = Digest::SHA256.new
File.open(diskfile, "wb") do |f|
if @temp_file.respond_to?(:read)
buffer = ""
while (buffer = @temp_file.read(8192))
f.write(buffer)
md5.update(buffer)
sha.update(buffer)
end
else
f.write(@temp_file)
md5.update(@temp_file)
sha.update(@temp_file)
end
end
self.digest = md5.hexdigest
self.digest = sha.hexdigest
end
@temp_file = nil
......
class ChangeAttachmentsDigestLimitTo64 < ActiveRecord::Migration
def up
change_column :attachments, :digest, :string, limit: 64
end
def down
change_column :attachments, :digest, :string, limit: 40
end
end
......@@ -62,7 +62,7 @@ class AttachmentTest < ActiveSupport::TestCase
assert_equal 59, a.filesize
assert_equal 'text/plain', a.content_type
assert_equal 0, a.downloads
assert_equal '1478adae0d4eb06d35897518540e25d6', a.digest
assert_equal '6bc2eb7e87cfbf9145065689aaa8b5f513089ca0af68e2dc41f9cc025473d106', a.digest
assert a.disk_directory
assert_match %r{\A\d{4}/\d{2}\z}, a.disk_directory
......@@ -188,7 +188,7 @@ class AttachmentTest < ActiveSupport::TestCase
assert_equal 59, a.filesize
assert_equal 'text/plain', a.content_type
assert_equal 0, a.downloads
assert_equal '1478adae0d4eb06d35897518540e25d6', a.digest
assert_equal '6bc2eb7e87cfbf9145065689aaa8b5f513089ca0af68e2dc41f9cc025473d106', a.digest
diskfile = a.diskfile
assert File.exist?(diskfile)
assert_equal 59, File.size(a.diskfile)
......
......@@ -522,7 +522,7 @@ class MailHandlerTest < ActiveSupport::TestCase
assert_equal 10790, attachment.filesize
assert File.exist?(attachment.diskfile)
assert_equal 10790, File.size(attachment.diskfile)
assert_equal 'caaf384198bcbc9563ab5c058acd73cd', attachment.digest
assert_equal '4474dd534c36bdd212e2efc549507377c3e77147c9167b66dedcebfe9da8807f', attachment.digest
end
def test_thunderbird_with_attachment_ja
......@@ -538,7 +538,7 @@ class MailHandlerTest < ActiveSupport::TestCase
assert_equal 5, attachment.filesize
assert File.exist?(attachment.diskfile)
assert_equal 5, File.size(attachment.diskfile)
assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest
assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest
end
def test_invalid_utf8
......@@ -564,7 +564,7 @@ class MailHandlerTest < ActiveSupport::TestCase
assert_equal 5, attachment.filesize
assert File.exist?(attachment.diskfile)
assert_equal 5, File.size(attachment.diskfile)
assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest
assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest
end
def test_thunderbird_with_attachment_latin1
......@@ -582,7 +582,7 @@ class MailHandlerTest < ActiveSupport::TestCase
assert_equal 130, attachment.filesize
assert File.exist?(attachment.diskfile)
assert_equal 130, File.size(attachment.diskfile)
assert_equal '4d80e667ac37dddfe05502530f152abb', attachment.digest
assert_equal '5635d67364de20432247e651dfe86fcb2265ad5e9750bd8bba7319a86363e738', attachment.digest
end
def test_gmail_with_attachment_latin1
......@@ -600,7 +600,7 @@ class MailHandlerTest < ActiveSupport::TestCase
assert_equal 5, attachment.filesize
assert File.exist?(attachment.diskfile)
assert_equal 5, File.size(attachment.diskfile)
assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest
assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest
end
def test_mail_with_attachment_latin2
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment