From: Dan Brown <redacted>
Date: Fri, 3 Apr 2020 23:48:32 +0000 (+0100)
Subject: Updated drawing uploads to use user id in image name
X-Git-Tag: v0.29.0~1^2~23
X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/3500182c5ffaf103d320071060af4d8b5d53efa9

Updated drawing uploads to use user id in image name

- Instead of user name.
- Due to issues with advanced charts like emoji zero-width-joiners.
- Could also have security concerns on untrusted instances with certain
webserver config due to double extension possibilities.

Closes #1993
---

diff --git a/app/Uploads/ImageRepo.php b/app/Uploads/ImageRepo.php
index 981c04673..b7a21809f 100644
--- a/app/Uploads/ImageRepo.php
+++ b/app/Uploads/ImageRepo.php
@@ -138,7 +138,7 @@ class ImageRepo
      */
     public function saveDrawing(string $base64Uri, int $uploadedTo): Image
     {
-        $name = 'Drawing-' . user()->getShortName(40) . '-' . strval(time()) . '.png';
+        $name = 'Drawing-' . strval(user()->id) . '-' . strval(time()) . '.png';
         return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
     }