about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-09-14 16:41:59 +0200
committerGitHub <noreply@github.com>2017-09-14 16:41:59 +0200
commit04046a4983a136c76c81b97a6ab141afcb404afe (patch)
treee262a0019ed5eeddeb7c3b61bcf0814296281918 /app
parenta4c500176bcecb18192c7522c7c977e652426273 (diff)
Fix #4908 - Do not keep remote file names, generate random (#4934)
Diffstat (limited to 'app')
-rw-r--r--app/models/concerns/remotable.rb4
1 files changed, 3 insertions, 1 deletions
diff --git a/app/models/concerns/remotable.rb b/app/models/concerns/remotable.rb
index 270043a9e..990035b34 100644
--- a/app/models/concerns/remotable.rb
+++ b/app/models/concerns/remotable.rb
@@ -27,9 +27,11 @@ module Remotable
 
           matches  = response.headers['content-disposition']&.match(/filename="([^"]*)"/)
           filename = matches.nil? ? parsed_url.path.split('/').last : matches[1]
+          basename = SecureRandom.hex(8)
+          extname  = File.extname(filename)
 
           send("#{attachment_name}=", StringIO.new(response.to_s))
-          send("#{attachment_name}_file_name=", filename)
+          send("#{attachment_name}_file_name=", basename + extname)
 
           self[attribute_name] = url if has_attribute?(attribute_name)
         rescue HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError, Paperclip::Errors::NotIdentifiedByImageMagickError, Addressable::URI::InvalidURIError => e