Fix #4908 - Do not keep remote file names, generate random (#4934)

author Eugen Rochko <eugen@zeonfederated.com>

Thu, 14 Sep 2017 14:41:59 +0000 (16:41 +0200)

committer GitHub <noreply@github.com>

Thu, 14 Sep 2017 14:41:59 +0000 (16:41 +0200)
author Eugen Rochko <eugen@zeonfederated.com>
Thu, 14 Sep 2017 14:41:59 +0000 (16:41 +0200)
committer GitHub <noreply@github.com>
Thu, 14 Sep 2017 14:41:59 +0000 (16:41 +0200)
diff --git a/app/models/concerns/remotable.rb b/app/models/concerns/remotable.rb

index 270043a9ef2d696aacba82c1fd84827c96611ec7..990035b34b80f7934cd87cb43198950611a2c64c 100644 (file)
--- a/app/models/concerns/remotable.rb
+++ b/app/models/concerns/remotable.rb
@@ -27,9 +27,11 @@ module Remotable
  
            matches  = response.headers['content-disposition']&.match(/filename="([^"]*)"/)
            filename = matches.nil? ? parsed_url.path.split('/').last : matches[1]
+          basename = SecureRandom.hex(8)
+          extname  = File.extname(filename)
  
            send("#{attachment_name}=", StringIO.new(response.to_s))
-          send("#{attachment_name}_file_name=", filename)
+          send("#{attachment_name}_file_name=", basename + extname)
  
            self[attribute_name] = url if has_attribute?(attribute_name)
          rescue HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError, Paperclip::Errors::NotIdentifiedByImageMagickError, Addressable::URI::InvalidURIError => e
author	Eugen Rochko <eugen@zeonfederated.com>
	Thu, 14 Sep 2017 14:41:59 +0000 (16:41 +0200)
committer	GitHub <noreply@github.com>
	Thu, 14 Sep 2017 14:41:59 +0000 (16:41 +0200)