Updated drawing uploads to use user id in image name

- Instead of user name.
- Due to issues with advanced charts like emoji zero-width-joiners.
- Could also have security concerns on untrusted instances with certain
webserver config due to double extension possibilities.

Closes #1993

diff --git a/app/Uploads/ImageRepo.php b/app/Uploads/ImageRepo.php
index 981c046730d7dc7c805475fc9c04252ce042c0ce..b7a21809f18ab7347e44945b8f0933815bf57b7e 100644 (file)
--- a/app/Uploads/ImageRepo.php
+++ b/app/Uploads/ImageRepo.php
@@ -138,7 +138,7 @@ class ImageRepo
      */
     public function saveDrawing(string $base64Uri, int $uploadedTo): Image
     {
-        $name = 'Drawing-' . user()->getShortName(40) . '-' . strval(time()) . '.png';
+        $name = 'Drawing-' . strval(user()->id) . '-' . strval(time()) . '.png';
         return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
     }