Project

General

Profile

Actions
Copy link

Patch #44186

open

Restrict the length of attachment file extensions

Added by Kenta Kumojima about 23 hours ago. Updated about 10 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Attachments
Target version:
Candidate for next major release

Description

When uploading a file with a very long extension, disk_filename might become too long to be stored on the server's filesystem, resulting in an exception such as:

Started POST "/uploads.js?attachment_id=2&filename=file.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&content_type=" for 127.0.0.1 at 2026-06-16 22:30:27 +0900
Processing by AttachmentsController#upload as JS
  Parameters: {"attachment_id" => "2", "filename" => "file.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "content_type" => ""}

...

Completed 500 Internal Server Error in 57ms (ActiveRecord: 26.1ms (4 queries, 0 cached) | GC: 0.7ms)

Errno::ENAMETOOLONG (File name too long @ rb_sysopen - /app/redmine/files/2026/06/260616221802_ca16d684c42688ce3d106a0ff9454c3a.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa):

app/models/attachment.rb:611:in 'File#initialize'
app/models/attachment.rb:611:in 'IO.open'
app/models/attachment.rb:611:in 'Attachment.create_diskfile'
app/models/attachment.rb:150:in 'Attachment#files_to_final_location'
app/controllers/attachments_controller.rb:116:in 'AttachmentsController#upload'
lib/redmine/sudo_mode.rb:78:in 'Redmine::SudoMode::Controller#sudo_mode'

This patch uses the original file extension only when the resulting disk_filename (including the extension) is short enough.
This issue is similar to #24186. This patch follows the same filename length limit as that issue.

Files

fix_shorten_filename_with_long_extension.patch (2.13 KB) fix_shorten_filename_with_long_extension.patch Kenta Kumojima, 2026-06-16 15:34

Related issues

Related to Redmine - Patch #24186: Restrict the length attachment filenames on diskClosedJean-Philippe LangActions
Actions
Copy link

Also available in: Atom PDF