fix(files): disallow illegal characters

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>

4 files changed, 24 insertions, 3 deletions

diff --git a/apps/files/lib/Controller/ViewController.php b/apps/files/lib/Controller/ViewController.php
index 8764e1fabd6..d4a75b514eb 100644
--- a/apps/files/lib/Controller/ViewController.php
+++ b/apps/files/lib/Controller/ViewController.php
@@ -52,6 +52,7 @@ use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\Collaboration\Resources\LoadAdditionalScriptsEvent as ResourcesLoadAdditionalScriptsEvent;
+use OCP\Constants;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
@@ -246,6 +247,11 @@ class ViewController extends Controller {
 		$filesSortingConfig = json_decode($this->config->getUserValue($userId, 'files', 'files_sorting_configs', '{}'), true);
 		$this->initialState->provideInitialState('filesSortingConfig', $filesSortingConfig);
 
+		// Forbidden file characters
+		/** @var string[] */
+		$forbiddenCharacters = $this->config->getSystemValue('forbidden_chars', []);
+		$this->initialState->provideInitialState('forbiddenCharacters', Constants::FILENAME_INVALID_CHARS . implode('', $forbiddenCharacters));
+
 		$event = new LoadAdditionalScriptsEvent();
 		$this->eventDispatcher->dispatchTyped($event);
 		$this->eventDispatcher->dispatchTyped(new ResourcesLoadAdditionalScriptsEvent());
diff --git a/apps/files/src/components/FileEntry.vue b/apps/files/src/components/FileEntry.vue
index 275e8bb3aef..537279cabfe 100644
--- a/apps/files/src/components/FileEntry.vue
+++ b/apps/files/src/components/FileEntry.vue
@@ -232,12 +232,15 @@ import CustomElementRender from './CustomElementRender.vue'
 import CustomSvgIconRender from './CustomSvgIconRender.vue'
 import FavoriteIcon from './FavoriteIcon.vue'
 import logger from '../logger.js'
+import { loadState } from '@nextcloud/initial-state'
 
 // The registered actions list
 const actions = getFileActions()
 
 Vue.directive('onClickOutside', vOnClickOutside)
 
+const forbiddenCharacters = loadState('files', 'forbiddenCharacters', '') as string
+
 export default Vue.extend({
 	name: 'FileEntry',
 
@@ -810,6 +813,13 @@ export default Vue.extend({
 				throw new Error(this.t('files', '{newName} already exists.', { newName: name }))
 			}
 
+			const toCheck = trimmedName.split('')
+			toCheck.forEach(char => {
+				if (forbiddenCharacters.indexOf(char) !== -1) {
+					throw new Error(this.t('files', '"{char}" is not allowed inside a file name.', { char }))
+				}
+			})
+
 			return true
 		},
 		checkIfNodeExists(name) {
diff --git a/apps/files/src/components/NavigationQuota.vue b/apps/files/src/components/NavigationQuota.vue
index 4a877049fa8..25bdcde1b45 100644
--- a/apps/files/src/components/NavigationQuota.vue
+++ b/apps/files/src/components/NavigationQuota.vue
@@ -51,8 +51,8 @@ export default {
 
 	computed: {
 		storageStatsTitle() {
-			const usedQuotaByte = formatFileSize(this.storageStats?.used)
-			const quotaByte = formatFileSize(this.storageStats?.quota)
+			const usedQuotaByte = formatFileSize(this.storageStats?.used, false, false)
+			const quotaByte = formatFileSize(this.storageStats?.quota, false, false)
 
 			// If no quota set
 			if (this.storageStats?.quota < 0) {
diff --git a/apps/files/tests/Controller/ViewControllerTest.php b/apps/files/tests/Controller/ViewControllerTest.php
index b997bbcad65..1f8a609106f 100644
--- a/apps/files/tests/Controller/ViewControllerTest.php
+++ b/apps/files/tests/Controller/ViewControllerTest.php
@@ -51,7 +51,6 @@ use OCP\IURLGenerator;
 use OCP\IUser;
 use OCP\IUserSession;
 use OCP\Share\IManager;
-use OCP\Template;
 use Test\TestCase;
 
 /**
@@ -153,6 +152,12 @@ class ViewControllerTest extends TestCase {
 				'owner' => 'MyName',
 				'ownerDisplayName' => 'MyDisplayName',
 			]);
+
+		$this->config
+		->expects($this->any())
+			->method('getSystemValue')
+			->with('forbidden_chars', [])
+			->willReturn([]);
 		$this->config
 			->method('getUserValue')
 			->willReturnMap([