summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2017-04-20 10:50:56 +0200
committerGitHub <noreply@github.com>2017-04-20 10:50:56 +0200
commitb469882595e9dca6d8d32d01c1784162cda6a2d8 (patch)
tree38696d3a63859f9c7364c48cdeab90ef25debcad
parent799b229a68d3478809c084d58b69288061139ab1 (diff)
parentbf58d24b5cf5879df5685a3ece63ad8bb0203feb (diff)
downloadnextcloud-server-b469882595e9dca6d8d32d01c1784162cda6a2d8.tar.gz
nextcloud-server-b469882595e9dca6d8d32d01c1784162cda6a2d8.zip
Merge pull request #4212 from individual-it/master
validate file name before uploading in upload only folder
-rw-r--r--apps/files_sharing/js/files_drop.js88
-rw-r--r--apps/files_sharing/tests/js/fileDropSpec.js99
-rw-r--r--tests/karma.config.js3
3 files changed, 151 insertions, 39 deletions
diff --git a/apps/files_sharing/js/files_drop.js b/apps/files_sharing/js/files_drop.js
index 64051844d03..ddfcfcd3d8b 100644
--- a/apps/files_sharing/js/files_drop.js
+++ b/apps/files_sharing/js/files_drop.js
@@ -20,9 +20,11 @@
var Drop = {
/** @type {Function} **/
_template: undefined,
-
- initialize: function () {
-
+
+ addFileToUpload: function(e, data) {
+ var errors = [];
+ var output = this.template();
+
var filesClient = new OC.Files.Client({
host: OC.getHost(),
port: OC.getPort(),
@@ -32,7 +34,45 @@
root: OC.getRootPath() + '/public.php/webdav',
useHTTPS: OC.getProtocol() === 'https'
});
-
+
+ var name = data.files[0].name;
+ try {
+ // FIXME: not so elegant... need to refactor that method to return a value
+ Files.isFileNameValid(name);
+ }
+ catch (errorMessage) {
+ OC.Notification.show(errorMessage, {type: 'error'});
+ return false;
+ }
+ var base = OC.getProtocol() + '://' + OC.getHost();
+ data.url = base + OC.getRootPath() + '/public.php/webdav/' + encodeURI(name);
+
+ data.multipart = false;
+
+ if (!data.headers) {
+ data.headers = {};
+ }
+
+ var userName = filesClient.getUserName();
+ var password = filesClient.getPassword();
+ if (userName) {
+ // copy username/password from DAV client
+ data.headers['Authorization'] =
+ 'Basic ' + btoa(userName + ':' + (password || ''));
+ }
+
+ $('#drop-upload-done-indicator').addClass('hidden');
+ $('#drop-upload-progress-indicator').removeClass('hidden');
+ _.each(data['files'], function(file) {
+ $('#public-upload ul').append(output({isUploading: true, name: escapeHTML(file.name)}));
+ $('[data-toggle="tooltip"]').tooltip();
+ data.submit();
+ });
+
+ return true;
+ },
+
+ initialize: function () {
$(document).bind('drop dragover', function (e) {
// Prevent the default browser drop action:
e.preventDefault();
@@ -43,35 +83,9 @@
dropZone: $('#public-upload'),
sequentialUploads: true,
add: function(e, data) {
- var errors = [];
-
- var name = data.files[0].name;
-
- var base = OC.getProtocol() + '://' + OC.getHost();
- data.url = base + OC.getRootPath() + '/public.php/webdav/' + encodeURI(name);
-
- data.multipart = false;
-
- if (!data.headers) {
- data.headers = {};
- }
-
- var userName = filesClient.getUserName();
- var password = filesClient.getPassword();
- if (userName) {
- // copy username/password from DAV client
- data.headers['Authorization'] =
- 'Basic ' + btoa(userName + ':' + (password || ''));
- }
-
- $('#drop-upload-done-indicator').addClass('hidden');
- $('#drop-upload-progress-indicator').removeClass('hidden');
- _.each(data['files'], function(file) {
- $('#public-upload ul').append(output({isUploading: true, name: escapeHTML(file.name)}));
- $('[data-toggle="tooltip"]').tooltip();
- data.submit();
- });
-
+ Drop.addFileToUpload(e, data);
+ //we return true to keep trying to upload next file even
+ //if addFileToUpload did not like the privious one
return true;
},
done: function(e, data) {
@@ -116,15 +130,13 @@
}
};
+ OCA.FilesSharingDrop = Drop;
+
$(document).ready(function() {
if($('#upload-only-interface').val() === "1") {
$('.avatardiv').avatar($('#sharingUserId').val(), 128, true);
}
- OCA.Files_Sharing_Drop = Drop;
- OCA.Files_Sharing_Drop.initialize();
+ OCA.FilesSharingDrop.initialize();
});
-
-
})(jQuery);
-
diff --git a/apps/files_sharing/tests/js/fileDropSpec.js b/apps/files_sharing/tests/js/fileDropSpec.js
new file mode 100644
index 00000000000..6a5ccabb7c9
--- /dev/null
+++ b/apps/files_sharing/tests/js/fileDropSpec.js
@@ -0,0 +1,99 @@
+/**
+ *
+ * @copyright Copyright (c) 2017, Artur Neumann (info@individual-it.net)
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+describe("files Drop tests", function() {
+ //some testing data
+ var sharingToken = "fVCiSMhScgWfiuv";
+ var testFiles = [
+ { name: 'test.txt', expectedValidationResult: true },
+ { name: 'testनेपाल.txt', expectedValidationResult: true },
+ { name: 'test.part', expectedValidationResult: false },
+ { name: 'test.filepart', expectedValidationResult: false },
+ { name: '.', expectedValidationResult: false },
+ { name: '..', expectedValidationResult: false },
+ ];
+
+ //this pre/post positions should not change the result of the file name validation
+ var prePostPositions = [""," "," "," "];
+
+ //use the testFiles and the pre/post positions to generate more testing data
+ var replicatedTestFiles = [];
+ prePostPositions.map(function (prePostPosition) {
+ testFiles.map(function (testFile) {
+ replicatedTestFiles.push(
+ {
+ name: testFile.name + prePostPosition,
+ expectedValidationResult: testFile.expectedValidationResult
+ }
+ );
+ replicatedTestFiles.push(
+ {
+ name: prePostPosition + testFile.name,
+ expectedValidationResult: testFile.expectedValidationResult
+ }
+ );
+ replicatedTestFiles.push(
+ {
+ name: prePostPosition + testFile.name + prePostPosition,
+ expectedValidationResult: testFile.expectedValidationResult
+ }
+ );
+ });
+ });
+
+ beforeEach (function () {
+ //fake input for the sharing token
+ $('#testArea').append(
+ '<input name="sharingToken" value="" id="sharingToken" type="hidden">'
+ );
+ });
+
+
+ replicatedTestFiles.map(function (testFile) {
+ it("validates the filenames correctly", function() {
+ testFile = { name: 'test.txt', expectedValidationResult: true };
+ data = {
+ 'submit': function() {},
+ 'files': [testFile]
+ }
+ expect(OCA.FilesSharingDrop.addFileToUpload('',data)).
+ toBe(
+ testFile.expectedValidationResult,
+ 'wrongly validated file named "'+testFile.name+'"'
+ );
+ });
+
+ if (testFile.expectedValidationResult === true) {
+ it("should set correct PUT URL, Auth header and submit", function () {
+ data = {
+ 'submit': sinon.stub(),
+ 'files': [testFile]
+ }
+ $('#sharingToken').val(sharingToken);
+
+ OCA.FilesSharingDrop.addFileToUpload('',data);
+ expect(data.submit.calledOnce).toEqual(true);
+ expect(data.url).toContain("/public.php/webdav/" + encodeURI(testFile.name));
+ expect(data.headers['Authorization']).toEqual('Basic ' + btoa(sharingToken+":"));
+ });
+ }
+ });
+});
diff --git a/tests/karma.config.js b/tests/karma.config.js
index 91052f62cd2..014a8709615 100644
--- a/tests/karma.config.js
+++ b/tests/karma.config.js
@@ -56,7 +56,8 @@ module.exports = function(config) {
'apps/files_sharing/js/share.js',
'apps/files_sharing/js/sharebreadcrumbview.js',
'apps/files_sharing/js/public.js',
- 'apps/files_sharing/js/sharetabview.js'
+ 'apps/files_sharing/js/sharetabview.js',
+ 'apps/files_sharing/js/files_drop.js'
],
testFiles: ['apps/files_sharing/tests/js/*.js']
},