From 3500182c5ffaf103d320071060af4d8b5d53efa9 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Sat, 4 Apr 2020 00:48:32 +0100
Subject: [PATCH] Updated drawing uploads to use user id in image name

- Instead of user name.
- Due to issues with advanced charts like emoji zero-width-joiners.
- Could also have security concerns on untrusted instances with certain
webserver config due to double extension possibilities.

Closes #1993
---
 app/Uploads/ImageRepo.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Uploads/ImageRepo.php b/app/Uploads/ImageRepo.php
index 981c04673..b7a21809f 100644
--- a/app/Uploads/ImageRepo.php
+++ b/app/Uploads/ImageRepo.php
@@ -138,7 +138,7 @@ class ImageRepo
      */
     public function saveDrawing(string $base64Uri, int $uploadedTo): Image
     {
-        $name = 'Drawing-' . user()->getShortName(40) . '-' . strval(time()) . '.png';
+        $name = 'Drawing-' . strval(user()->id) . '-' . strval(time()) . '.png';
         return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
     }