diff options
author | Vincent Petry <pvince81@owncloud.com> | 2014-01-10 16:14:37 +0100 |
---|---|---|
committer | Vincent Petry <pvince81@owncloud.com> | 2014-02-18 17:54:32 +0100 |
commit | 797e0a614cc44e627a54dfd39ce4047d176ebd9b (patch) | |
tree | fd0ed9c7d0d181a31da0f842414f3ed5ec5b9ea9 /tests/lib/util.php | |
parent | a573fe7d769f5eea26f52b818eee11779090bb50 (diff) | |
download | nextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.tar.gz nextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.zip |
Added extra checks for invalid file chars in newfile.php and newfolder.php
- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
check for invalid characters
Diffstat (limited to 'tests/lib/util.php')
-rw-r--r-- | tests/lib/util.php | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/tests/lib/util.php b/tests/lib/util.php index bfe68f5f680..ee336aa1118 100644 --- a/tests/lib/util.php +++ b/tests/lib/util.php @@ -170,4 +170,52 @@ class Test_Util extends PHPUnit_Framework_TestCase { array('442aa682de2a64db1e010f50e60fd9c9', 'local::C:\Users\ADMINI~1\AppData\Local\Temp\2/442aa682de2a64db1e010f50e60fd9c9/') ); } + + /** + * @dataProvider filenameValidationProvider + */ + public function testFilenameValidation($file, $valid) { + // private API + $this->assertEquals($valid, \OC_Util::isValidFileName($file)); + // public API + $this->assertEquals($valid, \OCP\Util::isValidFileName($file)); + } + + public function filenameValidationProvider() { + return array( + // valid names + array('boringname', true), + array('something.with.extension', true), + array('now with spaces', true), + array('.a', true), + array('..a', true), + array('.dotfile', true), + array('single\'quote', true), + array(' spaces before', true), + array('spaces after ', true), + array('allowed chars including the crazy ones $%&_-^@!,()[]{}=;#', true), + array('汉字也能用', true), + array('und Ümläüte sind auch willkommen', true), + // disallowed names + array('', false), + array(' ', false), + array('.', false), + array('..', false), + array('back\\slash', false), + array('sl/ash', false), + array('lt<lt', false), + array('gt>gt', false), + array('col:on', false), + array('double"quote', false), + array('pi|pe', false), + array('dont?ask?questions?', false), + array('super*star', false), + array('new\nline', false), + // better disallow these to avoid unexpected trimming to have side effects + array(' ..', false), + array('.. ', false), + array('. ', false), + array(' .', false), + ); + } } |