summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorBjoern Schiessle <schiessle@owncloud.com>2014-03-04 16:42:40 +0100
committerBjoern Schiessle <schiessle@owncloud.com>2014-03-05 13:16:25 +0100
commit2e73c957e5b3ae4030e41520088fb078354ae8b1 (patch)
tree7c6243510a969fc370141f452f3e8575b09db316 /apps
parent79ae3c4527b492bee76b2951ca14e8259147b181 (diff)
downloadnextcloud-server-2e73c957e5b3ae4030e41520088fb078354ae8b1.tar.gz
nextcloud-server-2e73c957e5b3ae4030e41520088fb078354ae8b1.zip
don't allow to create a file or folder named 'Shared' in the root folder, also exclude all combinations of lower and upper case letters
Diffstat (limited to 'apps')
-rw-r--r--apps/files/ajax/move.php2
-rw-r--r--apps/files/js/file-upload.js34
-rw-r--r--apps/files/js/filelist.js9
-rw-r--r--apps/files/js/files.js7
-rw-r--r--apps/files/tests/js/filesSpec.js35
5 files changed, 61 insertions, 26 deletions
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php
index 93063e52eb0..04a260265c2 100644
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -18,7 +18,7 @@ if(\OC\Files\Filesystem::file_exists($target . '/' . $file)) {
exit;
}
-if ($dir != '' || $file != 'Shared') {
+if ($target != '' || strtolower($file) != 'shared') {
$targetFile = \OC\Files\Filesystem::normalizePath($target . '/' . $file);
$sourceFile = \OC\Files\Filesystem::normalizePath($dir . '/' . $file);
if(\OC\Files\Filesystem::rename($sourceFile, $targetFile)) {
diff --git a/apps/files/js/file-upload.js b/apps/files/js/file-upload.js
index f962a7044a8..aa85644cefb 100644
--- a/apps/files/js/file-upload.js
+++ b/apps/files/js/file-upload.js
@@ -82,7 +82,7 @@ OC.Upload = {
*/
isProcessing:function() {
var count = 0;
-
+
jQuery.each(this._uploads,function(i, data) {
if (data.state() === 'pending') {
count++;
@@ -208,13 +208,13 @@ $(document).ready(function() {
add: function(e, data) {
OC.Upload.log('add', e, data);
var that = $(this);
-
+
// we need to collect all data upload objects before starting the upload so we can check their existence
// and set individual conflict actions. unfortunately there is only one variable that we can use to identify
// the selection a data upload is part of, so we have to collect them in data.originalFiles
// turning singleFileUploads off is not an option because we want to gracefully handle server errors like
// already exists
-
+
// create a container where we can store the data objects
if ( ! data.originalFiles.selection ) {
// initialize selection and remember number of files to upload
@@ -225,34 +225,34 @@ $(document).ready(function() {
};
}
var selection = data.originalFiles.selection;
-
+
// add uploads
if ( selection.uploads.length < selection.filesToUpload ) {
// remember upload
selection.uploads.push(data);
}
-
+
//examine file
var file = data.files[0];
try {
// FIXME: not so elegant... need to refactor that method to return a value
- Files.isFileNameValid(file.name);
+ Files.isFileNameValid(file.name, FileList.getCurrentDirectory());
}
catch (errorMessage) {
data.textStatus = 'invalidcharacters';
data.errorThrown = errorMessage;
}
-
+
if (file.type === '' && file.size === 4096) {
data.textStatus = 'dirorzero';
data.errorThrown = t('files', 'Unable to upload {filename} as it is a directory or has 0 bytes',
{filename: file.name}
);
}
-
+
// add size
selection.totalBytes += file.size;
-
+
// check PHP upload limit
if (selection.totalBytes > $('#upload_limit').val()) {
data.textStatus = 'sizeexceedlimit';
@@ -270,7 +270,7 @@ $(document).ready(function() {
'size2': humanFileSize($('#free_space').val())
});
}
-
+
// end upload for whole selection on error
if (data.errorThrown) {
// trigger fileupload fail
@@ -281,12 +281,12 @@ $(document).ready(function() {
// check existing files when all is collected
if ( selection.uploads.length >= selection.filesToUpload ) {
-
+
//remove our selection hack:
delete data.originalFiles.selection;
var callbacks = {
-
+
onNoConflicts: function (selection) {
$.each(selection.uploads, function(i, upload) {
upload.submit();
@@ -309,7 +309,7 @@ $(document).ready(function() {
};
OC.Upload.checkExistingFiles(selection, callbacks);
-
+
}
return true; // continue adding files
@@ -439,7 +439,7 @@ $(document).ready(function() {
});
fileupload.on('fileuploadstop', function(e, data) {
OC.Upload.log('progress handle fileuploadstop', e, data);
-
+
$('#uploadprogresswrapper input.stop').fadeOut();
$('#uploadprogressbar').fadeOut();
Files.updateStorageStatistics();
@@ -531,7 +531,7 @@ $(document).ready(function() {
if ($(this).children('p').length === 0) {
return;
}
-
+
$('#new .error').tipsy('hide');
$('#new li').each(function(i,element) {
@@ -545,7 +545,7 @@ $(document).ready(function() {
var text=$(this).children('p').text();
$(this).data('text',text);
$(this).children('p').remove();
-
+
// add input field
var form = $('<form></form>');
var input = $('<input type="text">');
@@ -562,7 +562,7 @@ $(document).ready(function() {
throw t('files', 'URL cannot be empty');
} else if (type !== 'web' && !Files.isFileNameValid(filename)) {
// Files.isFileNameValid(filename) throws an exception itself
- } else if ($('#dir').val() === '/' && filename === 'Shared') {
+ } else if (FileList.getCurrentDirectory() === '/' && filename.toLowerCase() === 'shared') {
throw t('files', 'In the home folder \'Shared\' is a reserved filename');
} else if (FileList.inList(filename)) {
throw t('files', '{new_name} already exists', {new_name: filename});
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index 550c10dba3e..020ee275b7d 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -419,15 +419,12 @@ window.FileList={
len = input.val().length;
}
input.selectRange(0, len);
-
var checkInput = function () {
var filename = input.val();
if (filename !== oldname) {
- if (!Files.isFileNameValid(filename)) {
- // Files.isFileNameValid(filename) throws an exception itself
- } else if($('#dir').val() === '/' && filename === 'Shared') {
- throw t('files','In the home folder \'Shared\' is a reserved filename');
- } else if (FileList.inList(filename)) {
+ // Files.isFileNameValid(filename) throws an exception itself
+ Files.isFileNameValid(filename, FileList.getCurrentDirectory());
+ if (FileList.inList(filename)) {
throw t('files', '{new_name} already exists', {new_name: filename});
}
}
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index f4546120702..48e5771ae8a 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -87,9 +87,12 @@ var Files = {
* Throws a string exception with an error message if
* the file name is not valid
*/
- isFileNameValid: function (name) {
+ isFileNameValid: function (name, root) {
var trimmedName = name.trim();
- if (trimmedName === '.' || trimmedName === '..') {
+ if (trimmedName === '.'
+ || trimmedName === '..'
+ || (root === '/' && trimmedName.toLowerCase() === 'shared'))
+ {
throw t('files', '"{name}" is an invalid file name.', {name: name});
} else if (trimmedName.length === 0) {
throw t('files', 'File name cannot be empty.');
diff --git a/apps/files/tests/js/filesSpec.js b/apps/files/tests/js/filesSpec.js
index 018c8ef0f3c..95bf87e03ec 100644
--- a/apps/files/tests/js/filesSpec.js
+++ b/apps/files/tests/js/filesSpec.js
@@ -48,6 +48,41 @@ describe('Files tests', function() {
expect(error).toEqual(false);
}
});
+ it('Validates correct file names do not create Shared folder in root', function() {
+ // create shared file in subfolder
+ var error = false;
+ try {
+ expect(Files.isFileNameValid('shared', '/foo')).toEqual(true);
+ expect(Files.isFileNameValid('Shared', '/foo')).toEqual(true);
+ }
+ catch (e) {
+ error = e;
+ }
+ expect(error).toEqual(false);
+
+ // create shared file in root
+ var threwException = false;
+ try {
+ Files.isFileNameValid('Shared', '/');
+ console.error('Invalid file name not detected');
+ }
+ catch (e) {
+ threwException = true;
+ }
+ expect(threwException).toEqual(true);
+
+ // create shared file in root
+ var threwException = false;
+ try {
+ Files.isFileNameValid('shared', '/');
+ console.error('Invalid file name not detected');
+ }
+ catch (e) {
+ threwException = true;
+ }
+ expect(threwException).toEqual(true);
+
+ });
it('Detects invalid file names', function() {
var fileNames = [
'',