FIX: Clean up emoji name which is file name (#14980)

FIX: Clean up emoji name which is file name (#14980)

Uppy adds the file name as the “name” parameter in the payload by default, which means that for things like the emoji uploader which have a name param used by the controller, that param will be passed as the file name. We already use the existing file name if the name param is null, so this commit just does further cleanup of the name param, removing the extension if it is a filename so we don’t end up with emoji names like blah_png.

diff --git a/app/controllers/admin/emojis_controller.rb b/app/controllers/admin/emojis_controller.rb
index 8320ea3..486a06c 100644
--- a/app/controllers/admin/emojis_controller.rb
+++ b/app/controllers/admin/emojis_controller.rb
@@ -16,6 +16,7 @@ class Admin::EmojisController < Admin::AdminController
 
     hijack do
       # fix the name
+      name = File.basename(name, ".*")
       name = name.gsub(/[^a-z0-9]+/i, '_')
         .gsub(/_{2,}/, '_')
         .downcase
diff --git a/spec/requests/admin/emojis_controller_spec.rb b/spec/requests/admin/emojis_controller_spec.rb
index 39078a2..45e66fd 100644
--- a/spec/requests/admin/emojis_controller_spec.rb
+++ b/spec/requests/admin/emojis_controller_spec.rb
@@ -92,6 +92,40 @@ RSpec.describe Admin::EmojisController do
       expect(response.status).to eq(200)
       expect(custom_emoji.group).to eq("foo")
     end
+
+    it 'should fix up the emoji name' do
+      Emoji.expects(:clear_cache).times(3)
+
+      post "/admin/customize/emojis.json", params: {
+        name: 'test.png',
+        file: fixture_file_upload("#{Rails.root}/spec/fixtures/images/logo.png")
+      }
+
+      custom_emoji = CustomEmoji.last
+      upload = custom_emoji.upload
+
+      expect(upload.original_filename).to eq('logo.png')
+      expect(custom_emoji.name).to eq("test")
+      expect(response.status).to eq(200)
+
+      post "/admin/customize/emojis.json", params: {
+        name: 'st&#* onk$',
+        file: fixture_file_upload("#{Rails.root}/spec/fixtures/images/logo.png")
+      }
+
+      custom_emoji = CustomEmoji.last
+      expect(custom_emoji.name).to eq("st_onk_")
+      expect(response.status).to eq(200)
+
+      post "/admin/customize/emojis.json", params: {
+        name: 'PaRTYpaRrot',
+        file: fixture_file_upload("#{Rails.root}/spec/fixtures/images/logo.png")
+      }
+
+      custom_emoji = CustomEmoji.last
+      expect(custom_emoji.name).to eq("partyparrot")
+      expect(response.status).to eq(200)
+    end
   end
 
   describe '#destroy' do

GitHub sha: e7a474249059ff63c90ba8db02a50ffbf719eeaf

This commit appears in #14980 which was approved by lis2. It was merged by martin.