From becb76d69b5c42db7c9c5a6ece53fe3516fe20c6 Mon Sep 17 00:00:00 2001
From: James Allen <james@sharelatex.com>
Date: Thu, 1 Mar 2018 11:42:44 +0000
Subject: [PATCH] Don't allow backslashes in file names

---
 services/web/app/coffee/Features/Project/SafePath.coffee   | 3 ++-
 services/web/public/coffee/ide/directives/SafePath.coffee  | 3 ++-
 services/web/test/unit/coffee/Project/SafePathTests.coffee | 7 +++----
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/services/web/app/coffee/Features/Project/SafePath.coffee b/services/web/app/coffee/Features/Project/SafePath.coffee
index fff60a3724..0de57fc590 100644
--- a/services/web/app/coffee/Features/Project/SafePath.coffee
+++ b/services/web/app/coffee/Features/Project/SafePath.coffee
@@ -7,7 +7,8 @@
 load = () ->
 	BADCHAR_RX = ///
 		[
-			\/ # no slashes
+			\/ # no forward slashes
+			\\ # no back slashes
 			\* # no asterisk
 			\u0000-\u001F # no control characters (0-31)
 			\u007F        # no delete
diff --git a/services/web/public/coffee/ide/directives/SafePath.coffee b/services/web/public/coffee/ide/directives/SafePath.coffee
index fff60a3724..0de57fc590 100644
--- a/services/web/public/coffee/ide/directives/SafePath.coffee
+++ b/services/web/public/coffee/ide/directives/SafePath.coffee
@@ -7,7 +7,8 @@
 load = () ->
 	BADCHAR_RX = ///
 		[
-			\/ # no slashes
+			\/ # no forward slashes
+			\\ # no back slashes
 			\* # no asterisk
 			\u0000-\u001F # no control characters (0-31)
 			\u007F        # no delete
diff --git a/services/web/test/unit/coffee/Project/SafePathTests.coffee b/services/web/test/unit/coffee/Project/SafePathTests.coffee
index 82f645997c..6e0c55a5bc 100644
--- a/services/web/test/unit/coffee/Project/SafePathTests.coffee
+++ b/services/web/test/unit/coffee/Project/SafePathTests.coffee
@@ -79,10 +79,9 @@ describe 'SafePath', ->
 		# 	result = @SafePath.isCleanFilename 'hello.'
 		# 	result.should.equal false
 
-
-		# it 'should not accept \\', ->
-		# 	result = @SafePath.isCleanFilename 'foo\\bar'
-		# 	result.should.equal false
+		it 'should not accept \\', ->
+			result = @SafePath.isCleanFilename 'foo\\bar'
+			result.should.equal false
 
 	describe 'isAllowedLength', ->
 		it 'should accept a valid path "main.tex"', ->