From 4b196328836c3e08c6eb2788d64838a294c8f0fd Mon Sep 17 00:00:00 2001
From: Massimiliano Arione <garakkio@gmail.com>
Date: Sat, 14 Dec 2024 09:16:51 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20address=20extension=20change=20i?=
 =?UTF-8?q?n=20the=20code=20and=20in=20the=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix #1479
---
 UPGRADE.md                                 | 11 +++++++++++
 src/Naming/Polyfill/FileExtensionTrait.php | 12 ++++++++++++
 tests/Naming/SmartUniqidNamerTest.php      |  2 +-
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/UPGRADE.md b/UPGRADE.md
index 7e7484fc..dc3c45fb 100644
--- a/UPGRADE.md
+++ b/UPGRADE.md
@@ -1,3 +1,14 @@
+# Upgrading from v2.4 to v2.5
+
+* To address the question raised in the previous version, now the original extension '.csv' is retained
+  even if the mime type is guessed as 'text/plain'.
+
+# Upgrading from v2.3 to v2.4
+
+* To address a security question, the original extension of the uploaded file is not preserved anymore.
+  Instead, it is replaced by the extension of the matching mime type. This could cause a different
+  behaviour only if you use some non-standard extension, otherwise it should not change anything.
+
 # Upgrading from v2.1 to v2.2
 
 * The signature of `StorageInterface::resolveStream` method was changed. The $fieldName parameter is now nullable. 
diff --git a/src/Naming/Polyfill/FileExtensionTrait.php b/src/Naming/Polyfill/FileExtensionTrait.php
index 32f1db93..60536921 100644
--- a/src/Naming/Polyfill/FileExtensionTrait.php
+++ b/src/Naming/Polyfill/FileExtensionTrait.php
@@ -8,6 +8,11 @@
 
 trait FileExtensionTrait
 {
+    // extensions safe to keep
+    private static array $keep = [
+        'txt' => 'csv',
+    ];
+
     /**
      * Guess the extension of the given file.
      */
@@ -18,6 +23,13 @@ private function getExtension(File $file): ?string
         }
 
         if ('' !== ($extension = $file->guessExtension())) {
+            if (isset(self::$keep[$extension])) {
+                $originalExtension = \pathinfo($file->getClientOriginalName(), \PATHINFO_EXTENSION);
+                if (self::$keep[$extension] === $originalExtension) {
+                    return $originalExtension;
+                }
+            }
+
             return $extension;
         }
 
diff --git a/tests/Naming/SmartUniqidNamerTest.php b/tests/Naming/SmartUniqidNamerTest.php
index 851ffc0a..497de51d 100644
--- a/tests/Naming/SmartUniqidNamerTest.php
+++ b/tests/Naming/SmartUniqidNamerTest.php
@@ -24,6 +24,7 @@ public static function fileDataProvider(): array
             'double uppercase extension' => ['lala.JPEG.JPEG', 'jpg', '/lala-jpeg-[[:xdigit:]]{22}\.jpg/'],
             'dot in filename' => ['filename has . spaces (2).jpg', 'jpg', '/filename-has-spaces-2-[[:xdigit:]]{22}\.jpg/'],
             'file with no extension with null mimetype' => ['lala', null, '/lala-[[:xdigit:]]{22}$/'],
+            'csv retains extension even if guessed as txt' => ['lala.csv', 'txt', '/lala-[[:xdigit:]]{22}\.csv/'],
         ];
     }
 
@@ -34,7 +35,6 @@ public function testNameReturnsAnUniqueName(string $originalName, ?string $guess
     {
         $file = $this->getUploadedFileMock();
         $file
-            ->expects(self::once())
             ->method('getClientOriginalName')
             ->willReturn($originalName)
         ;