Issue #3032376 by alexpott, dww, Berdir: Files renamed by \_file_save_upload_single() do not have the correct filename on the File entity

larowlan · larowlan · commit 5d400ccab96e · 2019-02-25T20:46:29.000+10:00
(cherry picked from commit 9431a1c)
diff --git a/modules/file/file.module b/modules/file/file.module
@@ -1076,6 +1076,10 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va
     }
   }
 
+  // Update the filename with any changes as a result of security or renaming
+  // due to an existing file.
+  $file->setFilename(\Drupal::service('file_system')->basename($file->destination));
+
   // If we made it this far it's safe to record this file in the database.
   $file->save();
 
diff --git a/modules/file/src/Tests/FileFieldWidgetTest.php b/modules/file/src/Tests/FileFieldWidgetTest.php
@@ -259,7 +259,7 @@ public function testMultiValuedWidget() {
       '%field' => $field_name,
       '@max' => $cardinality,
       '@count' => count($upload_files_node_creation) + count($upload_files_node_revision),
-      '%list' => implode(', ', array_fill(0, 3, $test_file->getFilename())),
+      '%list' => implode(', ', ['text-0_2.txt', 'text-0_3.txt', 'text-0_4.txt']),
     ];
     $this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args));
     $node_storage->resetCache([$nid]);
@@ -291,7 +291,7 @@ public function testMultiValuedWidget() {
       '%field' => $field_name,
       '@max' => $cardinality,
       '@count' => count($upload_files),
-      '%list' => $test_file->getFileName(),
+      '%list' => 'text-0_12.txt',
     ];
     $this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args));
   }
diff --git a/modules/file/tests/src/Functional/SaveUploadTest.php b/modules/file/tests/src/Functional/SaveUploadTest.php
@@ -206,6 +206,7 @@ public function testHandleDangerousFile() {
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '.txt' . '</em>';
     $this->assertRaw($message, 'Dangerous file was renamed.');
+    $this->assertSession()->pageTextContains('File name is php-2.php.txt.');
     $this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed.");
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
 
@@ -221,7 +222,7 @@ public function testHandleDangerousFile() {
     $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found no security message.');
-    $this->assertRaw(t('File name is @filename', ['@filename' => $this->phpfile->filename]), 'Dangerous file was not renamed when insecure uploads is TRUE.');
+    $this->assertSession()->pageTextContains('File name is php-2.php.');
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
 
     // Check that the correct hooks were called.
@@ -291,6 +292,7 @@ public function testExistingRename() {
     $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
+    $this->assertSession()->pageTextContains('File name is image-test_0.png.');
 
     // Check that the correct hooks were called.
     $this->assertFileHooksCalled(['validate', 'insert']);
@@ -307,6 +309,7 @@ public function testExistingReplace() {
     $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
+    $this->assertSession()->pageTextContains('File name is image-test.png.');
 
     // Check that the correct hooks were called.
     $this->assertFileHooksCalled(['validate', 'load', 'update']);
diff --git a/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php b/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php
@@ -139,7 +139,7 @@ public function testPrivateFiles() {
     $assert_session->pageTextContains('You are not authorized to access this page');
 
     $this->drupalGet('node/2/layout');
-    $file4 = $this->createPrivateFile('drupal.txt');
+    $file4 = $this->createPrivateFile('drupal_4.txt');
     $this->addInlineFileBlockToLayout('The file', $file4);
     $this->assertSaveLayout();
 

Original file line number	Diff line number	Diff line change
`@@ -1076,6 +1076,10 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va`
`1076`	`1076`	`}`
`1077`	`1077`	`}`
`1078`	`1078`
	`1079`	`+ // Update the filename with any changes as a result of security or renaming`
	`1080`	`+ // due to an existing file.`
	`1081`	`+ $file->setFilename(\Drupal::service('file_system')->basename($file->destination));`
	`1082`	`+`
`1079`	`1083`	`// If we made it this far it's safe to record this file in the database.`
`1080`	`1084`	`$file->save();`
`1081`	`1085`