fix: get_filename() is now guaranteed to return a valid filename (#6537)

With iOS and Desktop copying the file to a to a temp file with the name of `get_filename()`, it should be sanitized first. The PR can be reviewed commit-by-commit or all at once.
2026-04-21 15:36:30 +03:00 · 2025-02-13 12:26:23 +01:00
parent 81e9628ab7
commit 9b6ef5e54f
6 changed files with 124 additions and 50 deletions
--- a/src/receive_imf/receive_imf_tests.rs
+++ b/src/receive_imf/receive_imf_tests.rs
@@ -5582,3 +5582,38 @@ async fn test_two_group_securejoins() -> Result<()> {

    Ok(())
 }
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_sanitize_filename_in_received() -> Result<()> {
+    let alice = &TestContext::new_alice().await;
+    let raw = b"Message-ID: Mr.XA6y3og8-az.WGbH9_dNcQx@testr
+To: <tmp_5890965001269692@testrun.org>
+From: \"=?utf-8?q??=\" <tmp_6272287793210918@testrun.org>
+Content-Type: multipart/mixed; boundary=\"mwkNRwaJw1M5n2xcr2ODfAqvTjcj9Z\"
+
+
+--mwkNRwaJw1M5n2xcr2ODfAqvTjcj9Z
+Content-Type: text/plain; charset=utf-8
+
+-- 
+Sent with my Delta Chat Messenger: https://delta.chat
+
+--mwkNRwaJw1M5n2xcr2ODfAqvTjcj9Z
+Content-Type: text/html
+Content-Disposition: attachment; filename=\"te\xE2\x80\xACst/../../test.H|TML\xE2\x80\xAC \"
+Content-Transfer-Encoding: base64
+
+PGh0bWw+PGJvZHk+dGV4dDwvYm9keT5kYXRh
+
+--mwkNRwaJw1M5n2xcr2ODfAqvTjcj9Z--";
+
+    let msg = receive_imf(alice, raw, false).await?.unwrap();
+    let msg = Message::load_from_db(alice, msg.msg_ids[0]).await?;
+
+    assert_eq!(msg.get_filename().unwrap(), "test.HTML");
+
+    let blob = msg.param.get_blob(Param::File, alice).await?.unwrap();
+    assert_eq!(blob.suffix().unwrap(), "html");
+
+    Ok(())
+}