From 63efacbb636bf44ffe90c159b65a127ce018affd Mon Sep 17 00:00:00 2001
From: Lee Rowlands <lee.rowlands@previousnext.com.au>
Date: Wed, 18 Dec 2019 20:33:37 +1000
Subject: [PATCH] SA-CORE-2019-010 by larowlan, greggles, mlhess, kim.pepper,
 alexpott, dww, xjm, David_Rothstein

---
 core/modules/file/file.module                   |  2 +-
 .../Functional/FileManagedFileElementTest.php   | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index d98b0f6fba84..c0abe888b433 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -992,7 +992,7 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va
   $values = [
     'uid' => $user->id(),
     'status' => 0,
-    'filename' => $file_info->getClientOriginalName(),
+    'filename' => trim($file_info->getClientOriginalName(), '.'),
     'uri' => $file_info->getRealPath(),
     'filesize' => $file_info->getSize(),
   ];
diff --git a/core/modules/file/tests/src/Functional/FileManagedFileElementTest.php b/core/modules/file/tests/src/Functional/FileManagedFileElementTest.php
index ac9350912c38..348cee7d3a99 100644
--- a/core/modules/file/tests/src/Functional/FileManagedFileElementTest.php
+++ b/core/modules/file/tests/src/Functional/FileManagedFileElementTest.php
@@ -2,6 +2,8 @@
 
 namespace Drupal\Tests\file\Functional;
 
+use Drupal\file\Entity\File;
+
 /**
  * Tests the 'managed_file' element type.
  *
@@ -156,6 +158,21 @@ public function testManagedFileRemoved() {
     $this->assertRaw('The file referenced by the Managed <em>file &amp; butter</em> field does not exist.');
   }
 
+  /**
+   * Tests file names have leading . removed.
+   */
+  public function testFileNameTrim() {
+    file_put_contents('public://.leading-period.txt', $this->randomString(32));
+    $last_fid_prior = $this->getLastFileId();
+    $this->drupalPostForm('file/test/0/0/0', [
+      'files[file]' => \Drupal::service('file_system')->realpath('public://.leading-period.txt'),
+    ], t('Save'));
+    $next_fid = $this->getLastFileId();
+    $this->assertGreaterThan($last_fid_prior, $next_fid);
+    $file = File::load($next_fid);
+    $this->assertEquals('leading-period.txt', $file->getFilename());
+  }
+
   /**
    * Ensure a file entity can be saved when the file does not exist on disk.
    */
-- 
GitLab