diff options
author | John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> | 2023-09-22 14:22:04 +0200 |
---|---|---|
committer | John Molakvoæ <skjnldsv@protonmail.com> | 2023-10-04 11:12:44 +0200 |
commit | dbeb526bbab64e051958e1194e32903c2420e40d (patch) | |
tree | 3e976dec8699518e0f5db13051430aedd0225807 /apps | |
parent | 4756807f2e72b1dcd8ba11e038bcd5e01d41044a (diff) | |
download | nextcloud-server-dbeb526bbab64e051958e1194e32903c2420e40d.tar.gz nextcloud-server-dbeb526bbab64e051958e1194e32903c2420e40d.zip |
fix(files): disallow illegal characters
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files/lib/Controller/ViewController.php | 6 | ||||
-rw-r--r-- | apps/files/src/components/FileEntry.vue | 10 | ||||
-rw-r--r-- | apps/files/src/components/NavigationQuota.vue | 4 | ||||
-rw-r--r-- | apps/files/tests/Controller/ViewControllerTest.php | 7 |
4 files changed, 24 insertions, 3 deletions
diff --git a/apps/files/lib/Controller/ViewController.php b/apps/files/lib/Controller/ViewController.php index 8764e1fabd6..d4a75b514eb 100644 --- a/apps/files/lib/Controller/ViewController.php +++ b/apps/files/lib/Controller/ViewController.php @@ -52,6 +52,7 @@ use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\Collaboration\Resources\LoadAdditionalScriptsEvent as ResourcesLoadAdditionalScriptsEvent; +use OCP\Constants; use OCP\EventDispatcher\IEventDispatcher; use OCP\Files\Folder; use OCP\Files\IRootFolder; @@ -246,6 +247,11 @@ class ViewController extends Controller { $filesSortingConfig = json_decode($this->config->getUserValue($userId, 'files', 'files_sorting_configs', '{}'), true); $this->initialState->provideInitialState('filesSortingConfig', $filesSortingConfig); + // Forbidden file characters + /** @var string[] */ + $forbiddenCharacters = $this->config->getSystemValue('forbidden_chars', []); + $this->initialState->provideInitialState('forbiddenCharacters', Constants::FILENAME_INVALID_CHARS . implode('', $forbiddenCharacters)); + $event = new LoadAdditionalScriptsEvent(); $this->eventDispatcher->dispatchTyped($event); $this->eventDispatcher->dispatchTyped(new ResourcesLoadAdditionalScriptsEvent()); diff --git a/apps/files/src/components/FileEntry.vue b/apps/files/src/components/FileEntry.vue index 275e8bb3aef..537279cabfe 100644 --- a/apps/files/src/components/FileEntry.vue +++ b/apps/files/src/components/FileEntry.vue @@ -232,12 +232,15 @@ import CustomElementRender from './CustomElementRender.vue' import CustomSvgIconRender from './CustomSvgIconRender.vue' import FavoriteIcon from './FavoriteIcon.vue' import logger from '../logger.js' +import { loadState } from '@nextcloud/initial-state' // The registered actions list const actions = getFileActions() Vue.directive('onClickOutside', vOnClickOutside) +const forbiddenCharacters = loadState('files', 'forbiddenCharacters', '') as string + export default Vue.extend({ name: 'FileEntry', @@ -810,6 +813,13 @@ export default Vue.extend({ throw new Error(this.t('files', '{newName} already exists.', { newName: name })) } + const toCheck = trimmedName.split('') + toCheck.forEach(char => { + if (forbiddenCharacters.indexOf(char) !== -1) { + throw new Error(this.t('files', '"{char}" is not allowed inside a file name.', { char })) + } + }) + return true }, checkIfNodeExists(name) { diff --git a/apps/files/src/components/NavigationQuota.vue b/apps/files/src/components/NavigationQuota.vue index 4a877049fa8..25bdcde1b45 100644 --- a/apps/files/src/components/NavigationQuota.vue +++ b/apps/files/src/components/NavigationQuota.vue @@ -51,8 +51,8 @@ export default { computed: { storageStatsTitle() { - const usedQuotaByte = formatFileSize(this.storageStats?.used) - const quotaByte = formatFileSize(this.storageStats?.quota) + const usedQuotaByte = formatFileSize(this.storageStats?.used, false, false) + const quotaByte = formatFileSize(this.storageStats?.quota, false, false) // If no quota set if (this.storageStats?.quota < 0) { diff --git a/apps/files/tests/Controller/ViewControllerTest.php b/apps/files/tests/Controller/ViewControllerTest.php index b997bbcad65..1f8a609106f 100644 --- a/apps/files/tests/Controller/ViewControllerTest.php +++ b/apps/files/tests/Controller/ViewControllerTest.php @@ -51,7 +51,6 @@ use OCP\IURLGenerator; use OCP\IUser; use OCP\IUserSession; use OCP\Share\IManager; -use OCP\Template; use Test\TestCase; /** @@ -153,6 +152,12 @@ class ViewControllerTest extends TestCase { 'owner' => 'MyName', 'ownerDisplayName' => 'MyDisplayName', ]); + + $this->config + ->expects($this->any()) + ->method('getSystemValue') + ->with('forbidden_chars', []) + ->willReturn([]); $this->config ->method('getUserValue') ->willReturnMap([ |