diff options
author | Joas Schilling <coding@schilljs.com> | 2017-04-20 10:50:56 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-20 10:50:56 +0200 |
commit | b469882595e9dca6d8d32d01c1784162cda6a2d8 (patch) | |
tree | 38696d3a63859f9c7364c48cdeab90ef25debcad | |
parent | 799b229a68d3478809c084d58b69288061139ab1 (diff) | |
parent | bf58d24b5cf5879df5685a3ece63ad8bb0203feb (diff) | |
download | nextcloud-server-b469882595e9dca6d8d32d01c1784162cda6a2d8.tar.gz nextcloud-server-b469882595e9dca6d8d32d01c1784162cda6a2d8.zip |
Merge pull request #4212 from individual-it/master
validate file name before uploading in upload only folder
-rw-r--r-- | apps/files_sharing/js/files_drop.js | 88 | ||||
-rw-r--r-- | apps/files_sharing/tests/js/fileDropSpec.js | 99 | ||||
-rw-r--r-- | tests/karma.config.js | 3 |
3 files changed, 151 insertions, 39 deletions
diff --git a/apps/files_sharing/js/files_drop.js b/apps/files_sharing/js/files_drop.js index 64051844d03..ddfcfcd3d8b 100644 --- a/apps/files_sharing/js/files_drop.js +++ b/apps/files_sharing/js/files_drop.js @@ -20,9 +20,11 @@ var Drop = { /** @type {Function} **/ _template: undefined, - - initialize: function () { - + + addFileToUpload: function(e, data) { + var errors = []; + var output = this.template(); + var filesClient = new OC.Files.Client({ host: OC.getHost(), port: OC.getPort(), @@ -32,7 +34,45 @@ root: OC.getRootPath() + '/public.php/webdav', useHTTPS: OC.getProtocol() === 'https' }); - + + var name = data.files[0].name; + try { + // FIXME: not so elegant... need to refactor that method to return a value + Files.isFileNameValid(name); + } + catch (errorMessage) { + OC.Notification.show(errorMessage, {type: 'error'}); + return false; + } + var base = OC.getProtocol() + '://' + OC.getHost(); + data.url = base + OC.getRootPath() + '/public.php/webdav/' + encodeURI(name); + + data.multipart = false; + + if (!data.headers) { + data.headers = {}; + } + + var userName = filesClient.getUserName(); + var password = filesClient.getPassword(); + if (userName) { + // copy username/password from DAV client + data.headers['Authorization'] = + 'Basic ' + btoa(userName + ':' + (password || '')); + } + + $('#drop-upload-done-indicator').addClass('hidden'); + $('#drop-upload-progress-indicator').removeClass('hidden'); + _.each(data['files'], function(file) { + $('#public-upload ul').append(output({isUploading: true, name: escapeHTML(file.name)})); + $('[data-toggle="tooltip"]').tooltip(); + data.submit(); + }); + + return true; + }, + + initialize: function () { $(document).bind('drop dragover', function (e) { // Prevent the default browser drop action: e.preventDefault(); @@ -43,35 +83,9 @@ dropZone: $('#public-upload'), sequentialUploads: true, add: function(e, data) { - var errors = []; - - var name = data.files[0].name; - - var base = OC.getProtocol() + '://' + OC.getHost(); - data.url = base + OC.getRootPath() + '/public.php/webdav/' + encodeURI(name); - - data.multipart = false; - - if (!data.headers) { - data.headers = {}; - } - - var userName = filesClient.getUserName(); - var password = filesClient.getPassword(); - if (userName) { - // copy username/password from DAV client - data.headers['Authorization'] = - 'Basic ' + btoa(userName + ':' + (password || '')); - } - - $('#drop-upload-done-indicator').addClass('hidden'); - $('#drop-upload-progress-indicator').removeClass('hidden'); - _.each(data['files'], function(file) { - $('#public-upload ul').append(output({isUploading: true, name: escapeHTML(file.name)})); - $('[data-toggle="tooltip"]').tooltip(); - data.submit(); - }); - + Drop.addFileToUpload(e, data); + //we return true to keep trying to upload next file even + //if addFileToUpload did not like the privious one return true; }, done: function(e, data) { @@ -116,15 +130,13 @@ } }; + OCA.FilesSharingDrop = Drop; + $(document).ready(function() { if($('#upload-only-interface').val() === "1") { $('.avatardiv').avatar($('#sharingUserId').val(), 128, true); } - OCA.Files_Sharing_Drop = Drop; - OCA.Files_Sharing_Drop.initialize(); + OCA.FilesSharingDrop.initialize(); }); - - })(jQuery); - diff --git a/apps/files_sharing/tests/js/fileDropSpec.js b/apps/files_sharing/tests/js/fileDropSpec.js new file mode 100644 index 00000000000..6a5ccabb7c9 --- /dev/null +++ b/apps/files_sharing/tests/js/fileDropSpec.js @@ -0,0 +1,99 @@ +/** + * + * @copyright Copyright (c) 2017, Artur Neumann (info@individual-it.net) + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +describe("files Drop tests", function() { + //some testing data + var sharingToken = "fVCiSMhScgWfiuv"; + var testFiles = [ + { name: 'test.txt', expectedValidationResult: true }, + { name: 'testनेपाल.txt', expectedValidationResult: true }, + { name: 'test.part', expectedValidationResult: false }, + { name: 'test.filepart', expectedValidationResult: false }, + { name: '.', expectedValidationResult: false }, + { name: '..', expectedValidationResult: false }, + ]; + + //this pre/post positions should not change the result of the file name validation + var prePostPositions = [""," "," "," "]; + + //use the testFiles and the pre/post positions to generate more testing data + var replicatedTestFiles = []; + prePostPositions.map(function (prePostPosition) { + testFiles.map(function (testFile) { + replicatedTestFiles.push( + { + name: testFile.name + prePostPosition, + expectedValidationResult: testFile.expectedValidationResult + } + ); + replicatedTestFiles.push( + { + name: prePostPosition + testFile.name, + expectedValidationResult: testFile.expectedValidationResult + } + ); + replicatedTestFiles.push( + { + name: prePostPosition + testFile.name + prePostPosition, + expectedValidationResult: testFile.expectedValidationResult + } + ); + }); + }); + + beforeEach (function () { + //fake input for the sharing token + $('#testArea').append( + '<input name="sharingToken" value="" id="sharingToken" type="hidden">' + ); + }); + + + replicatedTestFiles.map(function (testFile) { + it("validates the filenames correctly", function() { + testFile = { name: 'test.txt', expectedValidationResult: true }; + data = { + 'submit': function() {}, + 'files': [testFile] + } + expect(OCA.FilesSharingDrop.addFileToUpload('',data)). + toBe( + testFile.expectedValidationResult, + 'wrongly validated file named "'+testFile.name+'"' + ); + }); + + if (testFile.expectedValidationResult === true) { + it("should set correct PUT URL, Auth header and submit", function () { + data = { + 'submit': sinon.stub(), + 'files': [testFile] + } + $('#sharingToken').val(sharingToken); + + OCA.FilesSharingDrop.addFileToUpload('',data); + expect(data.submit.calledOnce).toEqual(true); + expect(data.url).toContain("/public.php/webdav/" + encodeURI(testFile.name)); + expect(data.headers['Authorization']).toEqual('Basic ' + btoa(sharingToken+":")); + }); + } + }); +}); diff --git a/tests/karma.config.js b/tests/karma.config.js index 91052f62cd2..014a8709615 100644 --- a/tests/karma.config.js +++ b/tests/karma.config.js @@ -56,7 +56,8 @@ module.exports = function(config) { 'apps/files_sharing/js/share.js', 'apps/files_sharing/js/sharebreadcrumbview.js', 'apps/files_sharing/js/public.js', - 'apps/files_sharing/js/sharetabview.js' + 'apps/files_sharing/js/sharetabview.js', + 'apps/files_sharing/js/files_drop.js' ], testFiles: ['apps/files_sharing/tests/js/*.js'] }, |