aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/util.php
diff options
context:
space:
mode:
authorVincent Petry <pvince81@owncloud.com>2014-01-10 16:14:37 +0100
committerVincent Petry <pvince81@owncloud.com>2014-02-18 17:54:32 +0100
commit797e0a614cc44e627a54dfd39ce4047d176ebd9b (patch)
treefd0ed9c7d0d181a31da0f842414f3ed5ec5b9ea9 /tests/lib/util.php
parenta573fe7d769f5eea26f52b818eee11779090bb50 (diff)
downloadnextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.tar.gz
nextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.zip
Added extra checks for invalid file chars in newfile.php and newfolder.php
- added PHP utility function to check for file name validity - fixes issue where a user can create a file called ".." from the files UI - added extra checks to make sure newfile.php and newfolder.php also check for invalid characters
Diffstat (limited to 'tests/lib/util.php')
-rw-r--r--tests/lib/util.php48
1 files changed, 48 insertions, 0 deletions
diff --git a/tests/lib/util.php b/tests/lib/util.php
index bfe68f5f680..ee336aa1118 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -170,4 +170,52 @@ class Test_Util extends PHPUnit_Framework_TestCase {
array('442aa682de2a64db1e010f50e60fd9c9', 'local::C:\Users\ADMINI~1\AppData\Local\Temp\2/442aa682de2a64db1e010f50e60fd9c9/')
);
}
+
+ /**
+ * @dataProvider filenameValidationProvider
+ */
+ public function testFilenameValidation($file, $valid) {
+ // private API
+ $this->assertEquals($valid, \OC_Util::isValidFileName($file));
+ // public API
+ $this->assertEquals($valid, \OCP\Util::isValidFileName($file));
+ }
+
+ public function filenameValidationProvider() {
+ return array(
+ // valid names
+ array('boringname', true),
+ array('something.with.extension', true),
+ array('now with spaces', true),
+ array('.a', true),
+ array('..a', true),
+ array('.dotfile', true),
+ array('single\'quote', true),
+ array(' spaces before', true),
+ array('spaces after ', true),
+ array('allowed chars including the crazy ones $%&_-^@!,()[]{}=;#', true),
+ array('汉字也能用', true),
+ array('und Ümläüte sind auch willkommen', true),
+ // disallowed names
+ array('', false),
+ array(' ', false),
+ array('.', false),
+ array('..', false),
+ array('back\\slash', false),
+ array('sl/ash', false),
+ array('lt<lt', false),
+ array('gt>gt', false),
+ array('col:on', false),
+ array('double"quote', false),
+ array('pi|pe', false),
+ array('dont?ask?questions?', false),
+ array('super*star', false),
+ array('new\nline', false),
+ // better disallow these to avoid unexpected trimming to have side effects
+ array(' ..', false),
+ array('.. ', false),
+ array('. ', false),
+ array(' .', false),
+ );
+ }
}