diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-07-03 16:33:40 +0200 |
|---|---|---|
| committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-07-09 15:04:34 +0200 |
| commit | 46f1efac41055d8fb349843140fefd021333de7b (patch) | |
| tree | a04a9070ed71062952437299576bc102a334ce9a /config | |
| parent | 025a7849b487351d0240d89833b3ab825897097d (diff) | |
| download | nextcloud-server-46f1efac41055d8fb349843140fefd021333de7b.tar.gz nextcloud-server-46f1efac41055d8fb349843140fefd021333de7b.zip | |
feat: Add `IFilenameValidator` to have one consistent place for filename validation
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Diffstat (limited to 'config')
| -rw-r--r-- | config/config.sample.php | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 77fd2490a14..76b6532a19c 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1976,26 +1976,38 @@ $CONFIG = [ 'updatedirectory' => '', /** - * Blacklist a specific file or files and disallow the upload of files + * Block a specific file or files and disallow the upload of files * with this name. ``.htaccess`` is blocked by default. + * * WARNING: USE THIS ONLY IF YOU KNOW WHAT YOU ARE DOING. * + * Note that this list is case-insensitive. + * * Defaults to ``array('.htaccess')`` */ -'blacklisted_files' => ['.htaccess'], +'forbidden_filenames' => ['.htaccess'], /** - * Blacklist characters from being used in filenames. This is useful if you + * Block characters from being used in filenames. This is useful if you * have a filesystem or OS which does not support certain characters like windows. * - * The '/' and '\' characters are always forbidden. + * The '/' and '\' characters are always forbidden, as well as all characters in the ASCII range [0-31]. * - * Example for windows systems: ``array('?', '<', '>', ':', '*', '|', '"', chr(0), "\n", "\r")`` + * Example for windows systems: ``array('?', '<', '>', ':', '*', '|', '"')`` * see https://en.wikipedia.org/wiki/Comparison_of_file_systems#Limits * * Defaults to ``array()`` */ -'forbidden_chars' => [], +'forbidden_filename_characters' => [], + +/** + * Deny extensions from being used for filenames. + * + * The '.part' extension is always forbidden, as this is used internally by Nextcloud. + * + * Defaults to ``array('.filepart', '.part')`` + */ +'forbidden_filename_extensions' => ['.part', '.filepart'], /** * If you are applying a theme to Nextcloud, enter the name of the theme here. |