adding storage specific filename verification - refs #13640

2 files changed, 20 insertions, 32 deletions

diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index 062de5a2523..e1f75ae91d0 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -10,7 +10,7 @@ global $eventSource;
 
 // Get the params
 $dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : '';
-$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
+$fileName = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
 
 $l10n = \OC::$server->getL10N('files');
 
@@ -18,23 +18,14 @@ $result = array(
 	'success' 	=> false,
 	'data'		=> NULL
 );
-$trimmedFileName = trim($filename);
 
-if($trimmedFileName === '') {
-	$result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.'));
+try {
+	\OC\Files\Filesystem::getView()->verifyPath($dir, $fileName);
+} catch (\OCP\Files\InvalidPathException $ex) {
+	$result['data'] = [
+		'message' => $ex->getMessage()];
 	OCP\JSON::error($result);
-	exit();
-}
-if($trimmedFileName === '.' || $trimmedFileName === '..') {
-	$result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName));
-	OCP\JSON::error($result);
-	exit();
-}
-
-if(!OCP\Util::isValidFileName($filename)) {
-	$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
-	OCP\JSON::error($result);
-	exit();
+	return;
 }
 
 if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
@@ -46,12 +37,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
 	exit();
 }
 
-$target = $dir.'/'.$filename;
+$target = $dir.'/'.$fileName;
 
 if (\OC\Files\Filesystem::file_exists($target)) {
 	$result['data'] = array('message' => (string)$l10n->t(
 			'The name %s is already used in the folder %s. Please choose a different name.',
-			array($filename, $dir))
+			array($fileName, $dir))
 		);
 	OCP\JSON::error($result);
 	exit();
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index e5e038b715c..3a252c5ba3c 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -9,7 +9,7 @@ OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
-$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
+$folderName = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
 
 $l10n = \OC::$server->getL10N('files');
 
@@ -18,16 +18,13 @@ $result = array(
 	'data'		=> NULL
 	);
 
-if(trim($foldername) === '') {
-	$result['data'] = array('message' => $l10n->t('Folder name cannot be empty.'));
+try {
+	\OC\Files\Filesystem::getView()->verifyPath($dir, $folderName);
+} catch (\OCP\Files\InvalidPathException $ex) {
+	$result['data'] = [
+		'message' => $ex->getMessage()];
 	OCP\JSON::error($result);
-	exit();
-}
-
-if(!OCP\Util::isValidFileName($foldername)) {
-	$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
-	OCP\JSON::error($result);
-	exit();
+	return;
 }
 
 if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
@@ -39,12 +36,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
 	exit();
 }
 
-$target = $dir . '/' . $foldername;
+$target = $dir . '/' . $folderName;
 		
 if (\OC\Files\Filesystem::file_exists($target)) {
 	$result['data'] = array('message' => $l10n->t(
 			'The name %s is already used in the folder %s. Please choose a different name.',
-			array($foldername, $dir))
+			array($folderName, $dir))
 		);
 	OCP\JSON::error($result);
 	exit();
@@ -52,9 +49,9 @@ if (\OC\Files\Filesystem::file_exists($target)) {
 
 if(\OC\Files\Filesystem::mkdir($target)) {
 	if ( $dir !== '/') {
-		$path = $dir.'/'.$foldername;
+		$path = $dir.'/'.$folderName;
 	} else {
-		$path = '/'.$foldername;
+		$path = '/'.$folderName;
 	}
 	$meta = \OC\Files\Filesystem::getFileInfo($path);
 	$meta['type'] = 'dir'; // missing ?!