From 07e59cf27e9b7aea7f8f4846daa809e4d0383aaf Mon Sep 17 00:00:00 2001
From: Katharina Irrgang <katharina.irrgang@googlemail.com>
Date: Mon, 22 Aug 2016 17:54:10 +0200
Subject: [PATCH] fixes: storage base getUniqueFileName (#7230)

no issue
- getUniqueFileName does not replace . by -
- added poor extensions validation
---
 core/server/storage/base.js                   | 26 ++++++++++++-----
 .../unit/storage_local-file-store_spec.js     | 29 +++++++++++++++++++
 2 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/core/server/storage/base.js b/core/server/storage/base.js
index a981de9267..fd76049a5c 100644
--- a/core/server/storage/base.js
+++ b/core/server/storage/base.js
@@ -1,5 +1,5 @@
-var moment  = require('moment'),
-    path    = require('path');
+var moment = require('moment'),
+    path = require('path');
 
 function StorageBase() {
 }
@@ -7,7 +7,7 @@ function StorageBase() {
 StorageBase.prototype.getTargetDir = function (baseDir) {
     var m = moment(),
         month = m.format('MM'),
-        year =  m.format('YYYY');
+        year = m.format('YYYY');
 
     if (baseDir) {
         return path.join(baseDir, year, month);
@@ -25,7 +25,11 @@ StorageBase.prototype.generateUnique = function (store, dir, name, ext, i) {
         append = '-' + i;
     }
 
-    filename = path.join(dir, name + append + ext);
+    if (ext) {
+        filename = path.join(dir, name + append + ext);
+    } else {
+        filename = path.join(dir, name + append);
+    }
 
     return store.exists(filename).then(function (exists) {
         if (exists) {
@@ -38,11 +42,17 @@ StorageBase.prototype.generateUnique = function (store, dir, name, ext, i) {
 };
 
 StorageBase.prototype.getUniqueFileName = function (store, image, targetDir) {
-    var ext = path.extname(image.name),
-        name = path.basename(image.name, ext).replace(/[^\w@]/gi, '-'),
-        self = this;
+    var ext = path.extname(image.name), name;
 
-    return self.generateUnique(store, targetDir, name, ext, 0);
+    // poor extension validation
+    // .1 is not a valid extension
+    if (!ext.match(/.\d/)) {
+        name = path.basename(image.name, ext).replace(/[^\w@.]/gi, '-');
+        return this.generateUnique(store, targetDir, name, ext, 0);
+    } else {
+        name = path.basename(image.name).replace(/[^\w@.]/gi, '-');
+        return this.generateUnique(store, targetDir, name, null, 0);
+    }
 };
 
 module.exports = StorageBase;
diff --git a/core/test/unit/storage_local-file-store_spec.js b/core/test/unit/storage_local-file-store_spec.js
index fc2ceef404..d3d0411251 100644
--- a/core/test/unit/storage_local-file-store_spec.js
+++ b/core/test/unit/storage_local-file-store_spec.js
@@ -149,6 +149,35 @@ describe('Local File System Storage', function () {
         }).catch(done);
     });
 
+    describe('validate extentions', function () {
+        it('name contains a .\d as extension', function (done) {
+            localFileStore.save({
+                name: 'test-1.1.1'
+            }).then(function (url) {
+                should.exist(url.match(/test-1.1.1/));
+                done();
+            }).catch(done);
+        });
+
+        it('name contains a .zip as extension', function (done) {
+            localFileStore.save({
+                name: 'test-1.1.1.zip'
+            }).then(function (url) {
+                should.exist(url.match(/test-1.1.1.zip/));
+                done();
+            }).catch(done);
+        });
+
+        it('name contains a .jpeg as extension', function (done) {
+            localFileStore.save({
+                name: 'test-1.1.1.jpeg'
+            }).then(function (url) {
+                should.exist(url.match(/test-1.1.1.jpeg/));
+                done();
+            }).catch(done);
+        });
+    });
+
     describe('when a custom content path is used', function () {
         beforeEach(function () {
             var configPaths = configUtils.defaultConfig.paths;