diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-02-18 17:44:13 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-03-09 10:38:37 +0100 |
| commit | 4bac595068c813c56d8d5e580e560527ba80194d (patch) | |
| tree | e7584ca8ff57a9b037388d428e47f390bc1a7fcc /apps/files | |
| parent | 348fe105b13717757bee4150caa9d3546d6a7666 (diff) | |
| download | nextcloud-server-4bac595068c813c56d8d5e580e560527ba80194d.tar.gz nextcloud-server-4bac595068c813c56d8d5e580e560527ba80194d.zip | |
adding storage specific filename verification - refs #13640
Diffstat (limited to 'apps/files')
| -rw-r--r-- | apps/files/ajax/newfile.php | 27 | ||||
| -rw-r--r-- | apps/files/ajax/newfolder.php | 25 | ||||
| -rw-r--r-- | apps/files/js/files.js | 14 |
3 files changed, 27 insertions, 39 deletions
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 062de5a2523..e1f75ae91d0 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -10,7 +10,7 @@ global $eventSource; // Get the params $dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : ''; -$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : ''; +$fileName = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : ''; $l10n = \OC::$server->getL10N('files'); @@ -18,23 +18,14 @@ $result = array( 'success' => false, 'data' => NULL ); -$trimmedFileName = trim($filename); -if($trimmedFileName === '') { - $result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.')); +try { + \OC\Files\Filesystem::getView()->verifyPath($dir, $fileName); +} catch (\OCP\Files\InvalidPathException $ex) { + $result['data'] = [ + 'message' => $ex->getMessage()]; OCP\JSON::error($result); - exit(); -} -if($trimmedFileName === '.' || $trimmedFileName === '..') { - $result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName)); - OCP\JSON::error($result); - exit(); -} - -if(!OCP\Util::isValidFileName($filename)) { - $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); - OCP\JSON::error($result); - exit(); + return; } if (!\OC\Files\Filesystem::file_exists($dir . '/')) { @@ -46,12 +37,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) { exit(); } -$target = $dir.'/'.$filename; +$target = $dir.'/'.$fileName; if (\OC\Files\Filesystem::file_exists($target)) { $result['data'] = array('message' => (string)$l10n->t( 'The name %s is already used in the folder %s. Please choose a different name.', - array($filename, $dir)) + array($fileName, $dir)) ); OCP\JSON::error($result); exit(); diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php index e5e038b715c..3a252c5ba3c 100644 --- a/apps/files/ajax/newfolder.php +++ b/apps/files/ajax/newfolder.php @@ -9,7 +9,7 @@ OCP\JSON::callCheck(); // Get the params $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : ''; -$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : ''; +$folderName = isset($_POST['foldername']) ?(string) $_POST['foldername'] : ''; $l10n = \OC::$server->getL10N('files'); @@ -18,16 +18,13 @@ $result = array( 'data' => NULL ); -if(trim($foldername) === '') { - $result['data'] = array('message' => $l10n->t('Folder name cannot be empty.')); +try { + \OC\Files\Filesystem::getView()->verifyPath($dir, $folderName); +} catch (\OCP\Files\InvalidPathException $ex) { + $result['data'] = [ + 'message' => $ex->getMessage()]; OCP\JSON::error($result); - exit(); -} - -if(!OCP\Util::isValidFileName($foldername)) { - $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); - OCP\JSON::error($result); - exit(); + return; } if (!\OC\Files\Filesystem::file_exists($dir . '/')) { @@ -39,12 +36,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) { exit(); } -$target = $dir . '/' . $foldername; +$target = $dir . '/' . $folderName; if (\OC\Files\Filesystem::file_exists($target)) { $result['data'] = array('message' => $l10n->t( 'The name %s is already used in the folder %s. Please choose a different name.', - array($foldername, $dir)) + array($folderName, $dir)) ); OCP\JSON::error($result); exit(); @@ -52,9 +49,9 @@ if (\OC\Files\Filesystem::file_exists($target)) { if(\OC\Files\Filesystem::mkdir($target)) { if ( $dir !== '/') { - $path = $dir.'/'.$foldername; + $path = $dir.'/'.$folderName; } else { - $path = '/'.$foldername; + $path = '/'.$folderName; } $meta = \OC\Files\Filesystem::getFileInfo($path); $meta['type'] = 'dir'; // missing ?! diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 314b8bf39c6..ddb2a80259c 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -103,13 +103,13 @@ throw t('files', 'File name cannot be empty.'); } // check for invalid characters - var invalidCharacters = - ['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n']; - for (var i = 0; i < invalidCharacters.length; i++) { - if (trimmedName.indexOf(invalidCharacters[i]) !== -1) { - throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."); - } - } + //var invalidCharacters = + // ['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n']; + //for (var i = 0; i < invalidCharacters.length; i++) { + // if (trimmedName.indexOf(invalidCharacters[i]) !== -1) { + // throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."); + // } + //} return true; }, displayStorageWarnings: function() { |