From 929e066051f00ec40c557c953dc174f052318773 Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Sat, 21 Nov 2015 14:00:53 +0100
Subject: Sanitize filename of pdf file before creating it.

---
 spec/pdf_form_spec.rb     | 19 +++++++++++++++++++
 spec/registration_spec.rb |  4 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 spec/pdf_form_spec.rb

(limited to 'spec')

diff --git a/spec/pdf_form_spec.rb b/spec/pdf_form_spec.rb
new file mode 100644
index 0000000..334678a
--- /dev/null
+++ b/spec/pdf_form_spec.rb
@@ -0,0 +1,19 @@
+require "spec_helper"
+
+describe "create_pdf_file_name" do
+  describe "returns a filename that" do
+    let(:band) { Struct.new(:name, :city).new("A: blöddy/band, name!", "Øksendal, Flünsbørg") }
+
+    before :each do
+      @filename = create_pdf_file_name(band)
+    end
+
+    it "contains no spaces" do
+      expect(@filename).not_to match(/[ ]+/)
+    end
+
+    it "contains no symbols" do
+      expect(@filename.gsub('.pdf', '')).not_to match(/[,.:!^'*\/\\]+/)
+    end
+  end
+end
diff --git a/spec/registration_spec.rb b/spec/registration_spec.rb
index 522b155..4ccb24d 100644
--- a/spec/registration_spec.rb
+++ b/spec/registration_spec.rb
@@ -74,7 +74,7 @@ describe RegistrationApp do
 
       it "generates a PDF file" do
         expect(Prawn::Document).to have_received('new').with({ :page_size => "A4" })
-        expect(@doc_spy).to have_received('render_file').with(/uploads\/[0-9]{4}-[0-9]{2}-[0-9]{2}-#{band_params['name']}-#{band_params['city']}\.pdf/)
+        expect(@doc_spy).to have_received('render_file').with(/uploads\/[0-9]{4}-[0-9]{2}-[0-9]{2}-#{sanitize(band_params['name'])}-#{sanitize(band_params['city'])}\.pdf/)
       end
 
       describe 'sends an email to Norsk Urskog' do
@@ -87,7 +87,7 @@ describe RegistrationApp do
         end
 
         it 'contains the url to the pdf file' do
-          expect(message.body).to match(/example.org\/uploads\/[0-9]{4}-[0-9]{2}-[0-9]{2}-#{band_params['name']}-#{band_params['city']}\.pdf/)
+          expect(message.body).to match(/example.org\/uploads\/[0-9]{4}-[0-9]{2}-[0-9]{2}-#{sanitize(band_params['name'])}-#{sanitize(band_params['city'])}\.pdf/)
         end
       end
     end
-- 
cgit v1.2.3