mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-16 02:52:31 -04:00
use the SafePath.coffee file in the client too
This commit is contained in:
parent
76281a3d79
commit
c14380d563
2 changed files with 50 additions and 25 deletions
47
services/web/public/coffee/ide/directives/SafePath.coffee
Normal file
47
services/web/public/coffee/ide/directives/SafePath.coffee
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
# This file is shared between the frontend and server code of web, so that
|
||||||
|
# filename validation is the same in both implementations.
|
||||||
|
# Both copies must be kept in sync:
|
||||||
|
# app/coffee/Features/Project/SafePath.coffee
|
||||||
|
# public/coffee/ide/directives/SafePath.coffee
|
||||||
|
|
||||||
|
load = () ->
|
||||||
|
BADCHAR_RX = ///
|
||||||
|
[
|
||||||
|
\/ # no slashes
|
||||||
|
\* # no asterisk
|
||||||
|
\u0000-\u001F # no control characters (0-31)
|
||||||
|
\u007F # no delete
|
||||||
|
\u0080-\u009F # no unicode control characters (C1)
|
||||||
|
\uD800-\uDFFF # no unicode surrogate characters
|
||||||
|
]
|
||||||
|
///g
|
||||||
|
|
||||||
|
BADFILE_RX = ///
|
||||||
|
(^\.$) # reject . as a filename
|
||||||
|
| (^\.\.$) # reject .. as a filename
|
||||||
|
| (^\s+) # reject leading space
|
||||||
|
| (\s+$) # reject trailing space
|
||||||
|
///g
|
||||||
|
|
||||||
|
MAX_PATH = 1024 # Maximum path length, in characters. This is fairly arbitrary.
|
||||||
|
|
||||||
|
SafePath =
|
||||||
|
clean: (filename) ->
|
||||||
|
filename = filename.replace BADCHAR_RX, '_'
|
||||||
|
# for BADFILE_RX replace any matches with an equal number of underscores
|
||||||
|
filename = filename.replace BADFILE_RX, (match) ->
|
||||||
|
return new Array(match.length + 1).join("_")
|
||||||
|
return filename
|
||||||
|
|
||||||
|
isCleanFilename: (filename) ->
|
||||||
|
return SafePath.isAllowedLength(filename) &&
|
||||||
|
not filename.match(BADCHAR_RX) &&
|
||||||
|
not filename.match(BADFILE_RX)
|
||||||
|
|
||||||
|
isAllowedLength: (pathname) ->
|
||||||
|
return pathname.length > 0 && pathname.length <= MAX_PATH
|
||||||
|
|
||||||
|
if define?
|
||||||
|
define [], load
|
||||||
|
else
|
||||||
|
module.exports = load()
|
|
@ -1,26 +1,7 @@
|
||||||
define [
|
define [
|
||||||
"base"
|
"base"
|
||||||
], (App) ->
|
"ide/directives/SafePath"
|
||||||
|
], (App, SafePath) ->
|
||||||
# copied from app/coffee/Features/Project/SafePath.coffee
|
|
||||||
|
|
||||||
BADCHAR_RX = ///
|
|
||||||
[
|
|
||||||
\/ # no slashes
|
|
||||||
\* # no asterisk
|
|
||||||
\u0000-\u001F # no control characters (0-31)
|
|
||||||
\u007F # no delete
|
|
||||||
\u0080-\u009F # no unicode control characters (C1)
|
|
||||||
\uD800-\uDFFF # no unicode surrogate characters
|
|
||||||
]
|
|
||||||
///g
|
|
||||||
|
|
||||||
BADFILE_RX = ///
|
|
||||||
(^\.$) # reject . as a filename
|
|
||||||
| (^\.\.$) # reject .. as a filename
|
|
||||||
| (^\s+) # reject leading space
|
|
||||||
| (\s+$) # reject trailing space
|
|
||||||
///g
|
|
||||||
|
|
||||||
MAX_PATH = 1024 # Maximum path length, in characters. This is fairly arbitrary.
|
MAX_PATH = 1024 # Maximum path length, in characters. This is fairly arbitrary.
|
||||||
|
|
||||||
|
@ -29,8 +10,5 @@ define [
|
||||||
require: 'ngModel'
|
require: 'ngModel'
|
||||||
link: (scope, element, attrs, ngModelCtrl) ->
|
link: (scope, element, attrs, ngModelCtrl) ->
|
||||||
ngModelCtrl.$validators.validFile = (filename) ->
|
ngModelCtrl.$validators.validFile = (filename) ->
|
||||||
isValid = filename.length > 0 && filename.length < MAX_PATH &&
|
return SafePath.isCleanFilename filename
|
||||||
not filename.match(BADCHAR_RX) &&
|
|
||||||
not filename.match(BADFILE_RX)
|
|
||||||
return isValid
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue