Check for Illegal characters in file name #1423

2023-01-25 13:46:45 +01:00 · 2023-01-25 13:46:45 +01:00 · 0bc77ca3a7
commit 0bc77ca3a7
parent 8168ecf8f1
4 changed files with 20 additions and 8 deletions
--- a/app/controllers/dmsf_files_controller.rb
+++ b/app/controllers/dmsf_files_controller.rb
@ -115,10 +115,10 @@ class DmsfFilesController < ApplicationController
    if params[:dmsf_file_revision]
      unless @file.locked_for_user?
        revision = DmsfFileRevision.new
-        revision.title = params[:dmsf_file_revision][:title]
+        revision.title = params[:dmsf_file_revision][:title].scrub.strip
-        revision.name = params[:dmsf_file_revision][:name]
+        revision.name = params[:dmsf_file_revision][:name].scrub.strip
-        revision.description = params[:dmsf_file_revision][:description]
+        revision.description = params[:dmsf_file_revision][:description].scrub.strip
-        revision.comment = params[:dmsf_file_revision][:comment]
+        revision.comment = params[:dmsf_file_revision][:comment].scrub.strip
        revision.dmsf_file = @file
        last_revision = @file.last_revision
        revision.source_revision = last_revision
@ -191,7 +191,11 @@ class DmsfFilesController < ApplicationController
            rescue => e
              Rails.logger.error "Could not send email notifications: #{e.message}"
            end
          else
            ok = false
          end
        else
          ok = false
        end
      end
    end
--- a/app/controllers/dmsf_links_controller.rb
+++ b/app/controllers/dmsf_links_controller.rb
@ -112,7 +112,7 @@ class DmsfLinksController < ApplicationController
          params[:dmsf_link][:target_folder_id]) ? params[:dmsf_link][:target_folder_id].to_i : nil
        @dmsf_link.target_type = DmsfFolder.model_name.to_s
      end
-      @dmsf_link.name = params[:dmsf_link][:name]
+      @dmsf_link.name = params[:dmsf_link][:name].scrub.strip
      result = @dmsf_link.save
      if result
        flash[:notice] = l(:notice_successful_create)
--- a/app/models/dmsf_folder.rb
+++ b/app/models/dmsf_folder.rb
@ -490,8 +490,8 @@ class DmsfFolder < ActiveRecord::Base
  def update_from_params(params)
    # Attributes
-    self.title = params[:dmsf_folder][:title].strip
+    self.title = params[:dmsf_folder][:title].scrub.strip
-    self.description = params[:dmsf_folder][:description].strip
+    self.description = params[:dmsf_folder][:description].scrub.strip
    self.dmsf_folder_id = params[:parent_id].present? ? params[:parent_id] : params[:dmsf_folder][:dmsf_folder_id]
    self.system = params[:dmsf_folder][:system].present?
    # Custom fields
@ -530,7 +530,7 @@ class DmsfFolder < ActiveRecord::Base
    # 1. Invalid characters are replaced with dots.
    # 2. Two or more dots in a row are replaced with a single dot.
    # 3. Windows' WebClient does not like a dot at the end.
-    title.gsub(/[#{INVALID_CHARACTERS}]/, '.').gsub(/\.{2,}/, '.').chomp('.')
+    title.scrub.gsub(/[#{INVALID_CHARACTERS}]/, '.').gsub(/\.{2,}/, '.').chomp('.')
  end
  def permission_for_role(role)
--- a/test/unit/dmsf_folder_test.rb
+++ b/test/unit/dmsf_folder_test.rb
@ -263,4 +263,12 @@ class DmsfFolderTest < RedmineDmsf::Test::UnitTest
    assert @folder1.watched_by?(@jsmith)
  end
  def test_update_from_params_with_invalid_string_sequence
    invalid_string_sequence = "Invalid sequence\x81"
    params = { dmsf_folder: { title: invalid_string_sequence, description: invalid_string_sequence } }
    assert @folder1.update_from_params(params)
    assert_equal invalid_string_sequence.scrub, @folder1.title
    assert_equal invalid_string_sequence.scrub, @folder1.description
  end
 end