mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-16 02:52:31 -04:00
Merge pull request #2599 from overleaf/bg-fix-safepath-check
fix safepath check GitOrigin-RevId: b5bb636d2bd958ab142fa94683ad9cf58369a77d
This commit is contained in:
parent
1c6ad2b7db
commit
69a98355ce
3 changed files with 16 additions and 4 deletions
|
@ -89,8 +89,8 @@ prototype\
|
||||||
isCleanFilename(filename) {
|
isCleanFilename(filename) {
|
||||||
return (
|
return (
|
||||||
SafePath.isAllowedLength(filename) &&
|
SafePath.isAllowedLength(filename) &&
|
||||||
!BADCHAR_RX.test(filename) &&
|
!filename.match(BADCHAR_RX) &&
|
||||||
!BADFILE_RX.test(filename)
|
!filename.match(BADFILE_RX)
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
@ -86,8 +86,8 @@ prototype\
|
||||||
isCleanFilename(filename) {
|
isCleanFilename(filename) {
|
||||||
return (
|
return (
|
||||||
SafePath.isAllowedLength(filename) &&
|
SafePath.isAllowedLength(filename) &&
|
||||||
!BADCHAR_RX.test(filename) &&
|
!filename.match(BADCHAR_RX) &&
|
||||||
!BADFILE_RX.test(filename)
|
!filename.match(BADFILE_RX)
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
@ -112,6 +112,18 @@ describe('SafePath', function() {
|
||||||
const result = this.SafePath.isCleanFilename('foo\\bar')
|
const result = this.SafePath.isCleanFilename('foo\\bar')
|
||||||
return result.should.equal(false)
|
return result.should.equal(false)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('should reject filenames regardless of order (/g) for bad characters', function() {
|
||||||
|
const result1 = this.SafePath.isCleanFilename('foo*bar.tex') // * is not allowed
|
||||||
|
const result2 = this.SafePath.isCleanFilename('*foobar.tex') // bad char location is before previous match
|
||||||
|
return result1.should.equal(false) && result2.should.equal(false)
|
||||||
|
})
|
||||||
|
|
||||||
|
it('should reject filenames regardless of order (/g) for bad filenames', function() {
|
||||||
|
const result1 = this.SafePath.isCleanFilename('foo ') // trailing space
|
||||||
|
const result2 = this.SafePath.isCleanFilename(' foobar') // leading space, match location is before previous match
|
||||||
|
return result1.should.equal(false) && result2.should.equal(false)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe('isCleanPath', function() {
|
describe('isCleanPath', function() {
|
||||||
|
|
Loading…
Reference in a new issue