better filename handling in objectseralizer (php)

2016-01-11 16:16:49 +08:00 · 2016-01-11 16:16:49 +08:00 · eebf743fad
commit eebf743fad
parent 3c48202bee
3 changed files with 285 additions and 252 deletions
--- a/modules/swagger-codegen/src/main/resources/php/ObjectSerializer.mustache
+++ b/modules/swagger-codegen/src/main/resources/php/ObjectSerializer.mustache
@ -79,6 +79,23 @@ class ObjectSerializer
        return $sanitized;
    }

+    /**
+     * Sanitize filename by removing path.
+     * e.g. ../../sun.gif becomes sun.gif 
+     *
+     * @param string $filename filename to be sanitized
+     *
+     * @return string the sanitized filename
+     */
+    public function sanitizeFilename($filename)
+    {
+        if (preg_match("/.*[\/\\\\](.*)$/", $filename, $match)) {
+            return $match[1];
+        } else {
+            return $filename;
+        }
+    }
+
    /**
     * Take value and turn it into a string suitable for inclusion in
     * the path, by url-encoding.
@ -232,7 +249,7 @@ class ObjectSerializer
        } elseif ($class === '\SplFileObject') {
            // determine file name
            if (array_key_exists('Content-Disposition', $httpHeaders) && preg_match('/inline; filename=[\'"]?([^\'"\s]+)[\'"]?$/i', $httpHeaders['Content-Disposition'], $match)) {
-                $filename = Configuration::getDefaultConfiguration()->getTempFolderPath().$match[1];
+                $filename = Configuration::getDefaultConfiguration()->getTempFolderPath() . sanitizeFilename($match[1]);
            } else {
                $filename = tempnam(Configuration::getDefaultConfiguration()->getTempFolderPath(), '');
            }
--- a/samples/client/petstore/php/SwaggerClient-php/lib/ObjectSerializer.php
+++ b/samples/client/petstore/php/SwaggerClient-php/lib/ObjectSerializer.php
@ -79,6 +79,23 @@ class ObjectSerializer
        return $sanitized;
    }

+    /**
+     * Sanitize filename by removing path.
+     * e.g. ../../sun.gif becomes sun.gif 
+     *
+     * @param string $filename filename to be sanitized
+     *
+     * @return string the sanitized filename
+     */
+    public function sanitizeFilename($filename)
+    {
+        if (preg_match("/.*[\/\\\\](.*)$/", $filename, $match)) {
+            return $match[1];
+        } else {
+            return $filename;
+        }
+    }
+
    /**
     * Take value and turn it into a string suitable for inclusion in
     * the path, by url-encoding.
@ -232,7 +249,7 @@ class ObjectSerializer
        } elseif ($class === '\SplFileObject') {
            // determine file name
            if (array_key_exists('Content-Disposition', $httpHeaders) && preg_match('/inline; filename=[\'"]?([^\'"\s]+)[\'"]?$/i', $httpHeaders['Content-Disposition'], $match)) {
-                $filename = Configuration::getDefaultConfiguration()->getTempFolderPath().$match[1];
+                $filename = Configuration::getDefaultConfiguration()->getTempFolderPath() . sanitizeFilename($match[1]);
            } else {
                $filename = tempnam(Configuration::getDefaultConfiguration()->getTempFolderPath(), '');
            }
--- a/samples/client/petstore/php/SwaggerClient-php/tests/PetApiTest.php
+++ b/samples/client/petstore/php/SwaggerClient-php/tests/PetApiTest.php
@ -253,7 +253,6 @@ class PetApiTest extends \PHPUnit_Framework_TestCase
  
        $this->assertInternalType("int", $get_response['sold']);
        $this->assertInternalType("int", $get_response['pending']);
-
    }
  
 }