fix(files): disallow illegal characters

Signed-off-by: John Molakvoæ (skjnldsv) <[email protected]>
nextcloud · Oct 4, 2023 · 019c48c · 019c48c
1 parent 4756807
commit 019c48c
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 3 deletions.
diff --git a/apps/files/lib/Controller/ViewController.php b/apps/files/lib/Controller/ViewController.php
@@ -52,6 +52,7 @@
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\Collaboration\Resources\LoadAdditionalScriptsEvent as ResourcesLoadAdditionalScriptsEvent;
+use OCP\Constants;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
@@ -246,6 +247,10 @@ public function index($dir = '', $view = '', $fileid = null, $fileNotFound = fal
 		$filesSortingConfig = json_decode($this->config->getUserValue($userId, 'files', 'files_sorting_configs', '{}'), true);
 		$this->initialState->provideInitialState('filesSortingConfig', $filesSortingConfig);
 
+		// Forbidden file characters
+		$forbiddenCharacters = $this->config->getSystemValue('forbidden_chars', []);
+		$this->initialState->provideInitialState('forbiddenCharacters', Constants::FILENAME_INVALID_CHARS . implode('', $forbiddenCharacters));
+
 		$event = new LoadAdditionalScriptsEvent();
 		$this->eventDispatcher->dispatchTyped($event);
 		$this->eventDispatcher->dispatchTyped(new ResourcesLoadAdditionalScriptsEvent());

diff --git a/apps/files/src/components/FileEntry.vue b/apps/files/src/components/FileEntry.vue
@@ -232,12 +232,15 @@ import CustomElementRender from './CustomElementRender.vue'
 import CustomSvgIconRender from './CustomSvgIconRender.vue'
 import FavoriteIcon from './FavoriteIcon.vue'
 import logger from '../logger.js'
+import { loadState } from '@nextcloud/initial-state'
 
 // The registered actions list
 const actions = getFileActions()
 
 Vue.directive('onClickOutside', vOnClickOutside)
 
+const forbiddenCharacters = loadState('files', 'forbiddenCharacters', '') as string
+
 export default Vue.extend({
 	name: 'FileEntry',
 
@@ -810,6 +813,13 @@ export default Vue.extend({
 				throw new Error(this.t('files', '{newName} already exists.', { newName: name }))
 			}
 
+			const toCheck = trimmedName.split('')
+			toCheck.forEach(char => {
+				if (forbiddenCharacters.indexOf(char) !== -1) {
+					throw new Error(this.t('files', '"{char}" is not allowed inside a file name.', { char }))
+				}
+			})
+
 			return true
 		},
 		checkIfNodeExists(name) {

diff --git a/config/config.sample.php b/config/config.sample.php
@@ -1933,6 +1933,16 @@
  */
 'blacklisted_files' => ['.htaccess'],
 
+/**
+ * Blacklist characters from being used in filenames. This is useful if you
+ * have a filesystem or OS which does not support certain characters like windows.
+ *
+ * Example for windows systems: ``array('?', '<', '>', ':', '*', '|', '"', chr(0), "\n", "\r")``
+ * 
+ * Defaults to ``array()``
+ */
+'forbidden_chars' => [],
+
 /**
  * If you are applying a theme to Nextcloud, enter the name of the theme here.
  * The default location for themes is ``nextcloud/themes/``.

diff --git a/dist/files-main.js b/dist/files-main.js
diff --git a/dist/files-main.js.map b/dist/files-main.js.map