* VRFS-980 - escape special characters in the filename of the avatar

2014-02-07 23:56:39 +00:00 · 2014-02-07 23:56:39 +00:00 · 64de2bc4cb
parent 12d294f62f
commit 64de2bc4cb
2 changed files with 19 additions and 8 deletions
--- a/ruby/lib/jam_ruby/models/band.rb
+++ b/ruby/lib/jam_ruby/models/band.rb
@ -197,21 +197,27 @@ module JamRuby
      return band
    end

+    def escape_filename(path)
+      dir = File.dirname(path)
+      file = File.basename(path)
+      "#{dir}/#{ERB::Util.url_encode(file)}"
+    end
+
    def update_photo(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, aws_bucket)
      self.updating_photo = true

      cropped_s3_path = cropped_fpfile["key"]
      cropped_large_s3_path = cropped_large_fpfile["key"]

-      return self.update_attributes(
+      self.update_attributes(
                                    :original_fpfile_photo => original_fpfile,
                                    :cropped_fpfile_photo => cropped_fpfile,
                                    :cropped_large_fpfile_photo => cropped_large_fpfile,
                                    :cropped_s3_path_photo => cropped_s3_path,
                                    :cropped_large_s3_path_photo => cropped_large_s3_path,
                                    :crop_selection_photo => crop_selection,
-                                    :photo_url => S3Util.url(aws_bucket, cropped_s3_path, :secure => false),
-                                    :large_photo_url => S3Util.url(aws_bucket, cropped_large_s3_path, :secure => false))
+                                    :photo_url => S3Util.url(aws_bucket, escape_filename(cropped_s3_path), :secure => false),
+                                    :large_photo_url => S3Util.url(aws_bucket, escape_filename(cropped_large_s3_path), :secure => false))
    end

    def delete_photo(aws_bucket)
--- a/ruby/lib/jam_ruby/models/user.rb
+++ b/ruby/lib/jam_ruby/models/user.rb
@ -328,8 +328,7 @@ module JamRuby
    # using the generic avatar if no user photo available
    def resolved_photo_url
      if self.photo_url == nil || self.photo_url == ''
-        # lame that this isn't environment, but boy this is hard to pass all the way down from jam-web!
-        "http://www.jamkazam.com/assets/shared/avatar_generic.png"
+        "#{APP_CONFIG.external_root_url}/assets/shared/avatar_generic.png"
      else
        return self.photo_url
      end
@ -899,21 +898,27 @@ module JamRuby
      self.save
    end

+    def escape_filename(path)
+      dir = File.dirname(path)
+      file = File.basename(path)
+      "#{dir}/#{ERB::Util.url_encode(file)}"
+    end
+
    def update_avatar(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, aws_bucket)
      self.updating_avatar = true

      cropped_s3_path = cropped_fpfile["key"]
      cropped_large_s3_path = cropped_large_fpfile["key"]

-      return self.update_attributes(
+      self.update_attributes(
            :original_fpfile => original_fpfile,
            :cropped_fpfile => cropped_fpfile,
            :cropped_large_fpfile => cropped_large_fpfile,
            :cropped_s3_path => cropped_s3_path,
            :cropped_large_s3_path => cropped_large_s3_path,
            :crop_selection => crop_selection,
-            :photo_url => S3Util.url(aws_bucket, cropped_s3_path, :secure => false),
-            :large_photo_url => S3Util.url(aws_bucket, cropped_large_s3_path, :secure => false)
+            :photo_url => S3Util.url(aws_bucket, escape_filename(cropped_s3_path), :secure => false),
+            :large_photo_url => S3Util.url(aws_bucket, escape_filename(cropped_large_s3_path), :secure => false)
        )
    end