github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2599 from overleaf/bg-fix-safepath-check

Browse source 
fix safepath check

GitOrigin-RevId: b5bb636d2bd958ab142fa94683ad9cf58369a77d
This commit is contained in:
Brian Gough 2020-02-13 13:43:28 +00:00 committed by Copybot
parent 1c6ad2b7db
commit 69a98355ce
3 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/web/app/src/Features/Project/SafePath.js
View file

@ -89,8 +89,8 @@ prototype\
isCleanFilename(filename) { isCleanFilename(filename) {
return ( return (
SafePath.isAllowedLength(filename) && SafePath.isAllowedLength(filename) &&
!BADCHAR_RX.test(filename) && !filename.match(BADCHAR_RX) &&
!BADFILE_RX.test(filename) !filename.match(BADFILE_RX)
) )
}, },

4
services/web/frontend/js/ide/directives/SafePath.js
View file

@ -86,8 +86,8 @@ prototype\
isCleanFilename(filename) { isCleanFilename(filename) {
return ( return (
SafePath.isAllowedLength(filename) && SafePath.isAllowedLength(filename) &&
!BADCHAR_RX.test(filename) && !filename.match(BADCHAR_RX) &&
!BADFILE_RX.test(filename) !filename.match(BADFILE_RX)
) )
}, },

12
services/web/test/unit/src/Project/SafePathTests.js
View file

@ -112,6 +112,18 @@ describe('SafePath', function() {
const result = this.SafePath.isCleanFilename('foo\\bar') const result = this.SafePath.isCleanFilename('foo\\bar')
return result.should.equal(false) return result.should.equal(false)
}) })
it('should reject filenames regardless of order (/g) for bad characters', function() {
const result1 = this.SafePath.isCleanFilename('foo*bar.tex') // * is not allowed
const result2 = this.SafePath.isCleanFilename('*foobar.tex') // bad char location is before previous match
return result1.should.equal(false) && result2.should.equal(false)
})
it('should reject filenames regardless of order (/g) for bad filenames', function() {
const result1 = this.SafePath.isCleanFilename('foo ') // trailing space
const result2 = this.SafePath.isCleanFilename(' foobar') // leading space, match location is before previous match
return result1.should.equal(false) && result2.should.equal(false)
})
}) })
describe('isCleanPath', function() { describe('isCleanPath', function() {