From 0bc77ca3a73f0424ff38c5063f72a551fead2ba7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Pi=C4=8Dman?= Date: Wed, 25 Jan 2023 13:46:45 +0100 Subject: [PATCH] Check for Illegal characters in file name #1423 --- app/controllers/dmsf_files_controller.rb | 12 ++++++++---- app/controllers/dmsf_links_controller.rb | 2 +- app/models/dmsf_folder.rb | 6 +++--- test/unit/dmsf_folder_test.rb | 8 ++++++++ 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/app/controllers/dmsf_files_controller.rb b/app/controllers/dmsf_files_controller.rb index 51f91228..cc137fe4 100644 --- a/app/controllers/dmsf_files_controller.rb +++ b/app/controllers/dmsf_files_controller.rb @@ -115,10 +115,10 @@ class DmsfFilesController < ApplicationController if params[:dmsf_file_revision] unless @file.locked_for_user? revision = DmsfFileRevision.new - revision.title = params[:dmsf_file_revision][:title] - revision.name = params[:dmsf_file_revision][:name] - revision.description = params[:dmsf_file_revision][:description] - revision.comment = params[:dmsf_file_revision][:comment] + revision.title = params[:dmsf_file_revision][:title].scrub.strip + revision.name = params[:dmsf_file_revision][:name].scrub.strip + revision.description = params[:dmsf_file_revision][:description].scrub.strip + revision.comment = params[:dmsf_file_revision][:comment].scrub.strip revision.dmsf_file = @file last_revision = @file.last_revision revision.source_revision = last_revision @@ -191,7 +191,11 @@ class DmsfFilesController < ApplicationController rescue => e Rails.logger.error "Could not send email notifications: #{e.message}" end + else + ok = false end + else + ok = false end end end diff --git a/app/controllers/dmsf_links_controller.rb b/app/controllers/dmsf_links_controller.rb index a40869d9..67933d0f 100644 --- a/app/controllers/dmsf_links_controller.rb +++ b/app/controllers/dmsf_links_controller.rb @@ -112,7 +112,7 @@ class DmsfLinksController < ApplicationController params[:dmsf_link][:target_folder_id]) ? params[:dmsf_link][:target_folder_id].to_i : nil @dmsf_link.target_type = DmsfFolder.model_name.to_s end - @dmsf_link.name = params[:dmsf_link][:name] + @dmsf_link.name = params[:dmsf_link][:name].scrub.strip result = @dmsf_link.save if result flash[:notice] = l(:notice_successful_create) diff --git a/app/models/dmsf_folder.rb b/app/models/dmsf_folder.rb index c69ebea3..f4aaf212 100644 --- a/app/models/dmsf_folder.rb +++ b/app/models/dmsf_folder.rb @@ -490,8 +490,8 @@ class DmsfFolder < ActiveRecord::Base def update_from_params(params) # Attributes - self.title = params[:dmsf_folder][:title].strip - self.description = params[:dmsf_folder][:description].strip + self.title = params[:dmsf_folder][:title].scrub.strip + self.description = params[:dmsf_folder][:description].scrub.strip self.dmsf_folder_id = params[:parent_id].present? ? params[:parent_id] : params[:dmsf_folder][:dmsf_folder_id] self.system = params[:dmsf_folder][:system].present? # Custom fields @@ -530,7 +530,7 @@ class DmsfFolder < ActiveRecord::Base # 1. Invalid characters are replaced with dots. # 2. Two or more dots in a row are replaced with a single dot. # 3. Windows' WebClient does not like a dot at the end. - title.gsub(/[#{INVALID_CHARACTERS}]/, '.').gsub(/\.{2,}/, '.').chomp('.') + title.scrub.gsub(/[#{INVALID_CHARACTERS}]/, '.').gsub(/\.{2,}/, '.').chomp('.') end def permission_for_role(role) diff --git a/test/unit/dmsf_folder_test.rb b/test/unit/dmsf_folder_test.rb index b73ba8cb..5925e760 100644 --- a/test/unit/dmsf_folder_test.rb +++ b/test/unit/dmsf_folder_test.rb @@ -263,4 +263,12 @@ class DmsfFolderTest < RedmineDmsf::Test::UnitTest assert @folder1.watched_by?(@jsmith) end + def test_update_from_params_with_invalid_string_sequence + invalid_string_sequence = "Invalid sequence\x81" + params = { dmsf_folder: { title: invalid_string_sequence, description: invalid_string_sequence } } + assert @folder1.update_from_params(params) + assert_equal invalid_string_sequence.scrub, @folder1.title + assert_equal invalid_string_sequence.scrub, @folder1.description + end + end \ No newline at end of file