Fix safe basename in $file->changeName()

getkirby · May 30, 2024 · 98f5a0d · 98f5a0d
1 parent be1dde0
commit 98f5a0d
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 15 deletions.
diff --git a/src/Cms/FileActions.php b/src/Cms/FileActions.php
@@ -47,7 +47,9 @@ public function changeName(
 		string|null $extension = null
 	): static {
 		if ($sanitize === true) {
-			$name = F::safeName($name);
+			// sanitize the basename part only
+			// as the extension isn't included in $name
+			$name = F::safeBasename($name, false);
 		}
 
 		// if no extension is passed, make sure to maintain current one

diff --git a/src/Filesystem/F.php b/src/Filesystem/F.php
@@ -756,20 +756,32 @@ public static function safeName(string $string): string
 	 * Sanitize a file's name (without extension)
 	 * @since 4.0.0
 	 */
-	public static function safeBasename(string $string): string
-	{
-		$name = static::name($string);
-		return Str::slug($name, '-', 'a-z0-9@._-');
+	public static function safeBasename(
+		string $string,
+		bool $extract = true
+	): string {
+		// extract only the name part from whole filename string
+		if ($extract === true) {
+			$string = static::name($string);
+		}
+
+		return Str::slug($string, '-', 'a-z0-9@._-');
 	}
 
 	/**
 	 * Sanitize a file's extension
 	 * @since 4.0.0
 	 */
-	public static function safeExtension(string $string): string
-	{
-		$extension = static::extension($string);
-		return Str::slug($extension);
+	public static function safeExtension(
+		string $string,
+		bool $extract = true
+	): string {
+		// extract only the extension part from whole filename string
+		if ($extract === true) {
+			$string = static::extension($string);
+		}
+
+		return Str::slug($string);
 	}
 
 	/**

diff --git a/tests/Filesystem/FTest.php b/tests/Filesystem/FTest.php
@@ -763,14 +763,17 @@ public function testSafeName()
 		// without extension
 		$this->assertSame('uber-genious', F::safeName('über genious'));
 
-		// with leading dash
-		$this->assertSame('super.jpg', F::safeName('-super.jpg'));
+		// with leading and trailing dash
+		$this->assertSame('super.jpg', F::safeName('-super.jpg-'));
+
+		// with leading and trailing underscore
+		$this->assertSame('super.jpg', F::safeName('_super.jpg_'));
 
-		// with leading underscore
-		$this->assertSame('super.jpg', F::safeName('_super.jpg'));
+		// with leading and trailing dot
+		$this->assertSame('super.jpg', F::safeName('.super.jpg.'));
 
-		// with leading dot
-		$this->assertSame('super.jpg', F::safeName('.super.jpg'));
+		// leave allowed characters untouched
+		$this->assertSame('file.a@b_c-d.jpg', F::safeName('file.a@b_c-d.jpg'));
 	}
 
 	/**
@@ -786,6 +789,8 @@ public function testSafeBasename()
 
 		// without extension
 		$this->assertSame('uber-genious', F::safeBasename('über genious'));
+		$this->assertSame('uber', F::safeBasename('über.genious'));
+		$this->assertSame('uber.genious', F::safeBasename('über.genious', false));
 
 		// with leading dash
 		$this->assertSame('super', F::safeBasename('-super.jpg'));
@@ -801,6 +806,7 @@ public function testSafeExtension()
 
 		$this->assertSame('txt', F::safeExtension('über genious.txt'));
 		$this->assertSame('taxt', F::safeExtension('über genious.täxt'));
+		$this->assertSame('taxt', F::safeExtension('täxt', false));
 		$this->assertSame('', F::safeExtension('über genious'));
 		$this->assertSame('jpg', F::safeExtension('-super.jpg'));
 	}