github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

use the SafePath.coffee file in the client too

Browse source
This commit is contained in:
Brian Gough 2018-02-07 15:50:29 +00:00
parent 76281a3d79
commit c14380d563
2 changed files with 50 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
services/web/public/coffee/ide/directives/SafePath.coffee Normal file
View file

@ -0,0 +1,47 @@
# This file is shared between the frontend and server code of web, so that
# filename validation is the same in both implementations.
# Both copies must be kept in sync:
# app/coffee/Features/Project/SafePath.coffee
# public/coffee/ide/directives/SafePath.coffee
load = () ->
BADCHAR_RX = ///
[
\/ # no slashes
\* # no asterisk
\u0000-\u001F # no control characters (0-31)
\u007F # no delete
\u0080-\u009F # no unicode control characters (C1)
\uD800-\uDFFF # no unicode surrogate characters
]
///g
BADFILE_RX = ///
(^\.$) # reject . as a filename
| (^\.\.$) # reject .. as a filename
| (^\s+) # reject leading space
| (\s+$) # reject trailing space
///g
MAX_PATH = 1024 # Maximum path length, in characters. This is fairly arbitrary.
SafePath =
clean: (filename) ->
filename = filename.replace BADCHAR_RX, '_'
# for BADFILE_RX replace any matches with an equal number of underscores
filename = filename.replace BADFILE_RX, (match) ->
return new Array(match.length + 1).join("_")
return filename
isCleanFilename: (filename) ->
return SafePath.isAllowedLength(filename) &&
not filename.match(BADCHAR_RX) &&
not filename.match(BADFILE_RX)
isAllowedLength: (pathname) ->
return pathname.length > 0 && pathname.length <= MAX_PATH
if define?
define [], load
else
module.exports = load()

28
services/web/public/coffee/ide/directives/validFile.coffee
View file

@ -1,26 +1,7 @@
define [ define [
"base" "base"
], (App) -> "ide/directives/SafePath"
], (App, SafePath) ->
# copied from app/coffee/Features/Project/SafePath.coffee
BADCHAR_RX = ///
[
\/ # no slashes
\* # no asterisk
\u0000-\u001F # no control characters (0-31)
\u007F # no delete
\u0080-\u009F # no unicode control characters (C1)
\uD800-\uDFFF # no unicode surrogate characters
]
///g
BADFILE_RX = ///
(^\.$) # reject . as a filename
| (^\.\.$) # reject .. as a filename
| (^\s+) # reject leading space
| (\s+$) # reject trailing space
///g
MAX_PATH = 1024 # Maximum path length, in characters. This is fairly arbitrary. MAX_PATH = 1024 # Maximum path length, in characters. This is fairly arbitrary.
@ -29,8 +10,5 @@ define [
require: 'ngModel' require: 'ngModel'
link: (scope, element, attrs, ngModelCtrl) -> link: (scope, element, attrs, ngModelCtrl) ->
ngModelCtrl.$validators.validFile = (filename) -> ngModelCtrl.$validators.validFile = (filename) ->
isValid = filename.length > 0 && filename.length < MAX_PATH && return SafePath.isCleanFilename filename
not filename.match(BADCHAR_RX) &&
not filename.match(BADFILE_RX)
return isValid
} }