Skip to content

Commit

Permalink
fix: FilenameValidator::isForbidden should only check forbidden files
Browse files Browse the repository at this point in the history
And not forbidden basenames as this is used for different purposes.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
  • Loading branch information
susnux committed Aug 21, 2024
1 parent 1907eee commit 58ac74b
Showing 1 changed file with 18 additions and 9 deletions.
27 changes: 18 additions & 9 deletions lib/private/Files/FilenameValidator.php
Original file line number Diff line number Diff line change
Expand Up @@ -198,9 +198,7 @@ public function validateFilename(string $filename): void {
}
}

if ($this->isForbidden($filename)) {
throw new ReservedWordException();
}
$this->checkForbiddenName($filename);

$this->checkForbiddenExtension($filename);

Expand All @@ -227,18 +225,25 @@ public function isForbidden(string $path): bool {
return true;
}

// Filename is not forbidden
return false;
}

protected function checkForbiddenName($filename): void {
if ($this->isForbidden($filename)) {
throw new ReservedWordException($this->l10n->t('"%1$s" is a forbidden file or folder name.', [$filename]));
}

// Check for forbidden basenames - basenames are the part of the file until the first dot
// (except if the dot is the first character as this is then part of the basename "hidden files")
$basename = substr($filename, 0, strpos($filename, '.', 1) ?: null);
$forbiddenNames = $this->getForbiddenBasenames();
if (in_array($basename, $forbiddenNames)) {
return true;
throw new ReservedWordException($this->l10n->t('"%1$s" is a forbidden prefix for file or folder names.', [$filename]));
}

// Filename is not forbidden
return false;
}


/**
* Check if a filename contains any of the forbidden characters
* @param string $filename
Expand All @@ -252,7 +257,7 @@ protected function checkForbiddenCharacters(string $filename): void {

foreach ($this->getForbiddenCharacters() as $char) {
if (str_contains($filename, $char)) {
throw new InvalidCharacterInPathException($this->l10n->t('Invalid character "%1$s" in filename', [$char]));
throw new InvalidCharacterInPathException($this->l10n->t('"%1$s" is not allowed inside a file or folder name.', [$char]));
}
}
}
Expand All @@ -268,7 +273,11 @@ protected function checkForbiddenExtension(string $filename): void {
$forbiddenExtensions = $this->getForbiddenExtensions();
foreach ($forbiddenExtensions as $extension) {
if (str_ends_with($filename, $extension)) {
throw new InvalidPathException($this->l10n->t('Invalid filename extension "%1$s"', [$extension]));
if (str_starts_with($extension, '.')) {
throw new InvalidPathException($this->l10n->t('"%1$s" is a forbidden file type.', [$extension]));
} else {
throw new InvalidPathException($this->l10n->t('Filenames must not end with "%1$s".', [$extension]));
}
}
}
}
Expand Down

0 comments on commit 58ac74b

Please sign in to comment.