diff --git a/app/models/filedrop_file.rb b/app/models/filedrop_file.rb index 39f72ba6246ae5507bdfd1de72e11154488d1803..235a5b14589009f47cb49679fc09a675a83cd85b 100644 --- a/app/models/filedrop_file.rb +++ b/app/models/filedrop_file.rb @@ -1,5 +1,6 @@ class FiledropFile < ApplicationRecord belongs_to :session + validates :checksum, presence: true, format: { with: /\A[0-9a-fA-F]+\z/, message: "only allows hexadecimal characters" } def sanitize_filename(filename) filename.gsub(/[^\w\s.-]/, '_') @@ -36,6 +37,6 @@ class FiledropFile < ApplicationRecord session.ref_id ) FileUtils.mkdir_p(dir) - return File.join(dir, name) + return File.join(dir, checksum) end end diff --git a/app/models/session.rb b/app/models/session.rb index c53117272523c053cc16b7e0fbe2b21612f3992e..ffeaad4c34f04f49351d35da8e2bcd27cfe8bb03 100644 --- a/app/models/session.rb +++ b/app/models/session.rb @@ -13,6 +13,7 @@ class Session < ApplicationRecord scope :future, -> { where(starts_at: Time.now..) } validates :ref_id, uniqueness: { scope: :conference_id } + validates :ref_id, format: { with: /\A[0-9a-fA-F-]+\z/, message: "only allows hexadecimal characters and minus" } after_update :notify_if_changed