diff --git a/apps/files/lib/Controller/ViewController.php b/apps/files/lib/Controller/ViewController.php index ca0760fd5e213..04e7ee6d9aa05 100644 --- a/apps/files/lib/Controller/ViewController.php +++ b/apps/files/lib/Controller/ViewController.php @@ -247,6 +247,10 @@ public function index($dir = '', $view = '', $fileid = null, $fileNotFound = fal $filesSortingConfig = json_decode($this->config->getUserValue($userId, 'files', 'files_sorting_configs', '{}'), true); $this->initialState->provideInitialState('filesSortingConfig', $filesSortingConfig); + // Forbidden file characters + $forbiddenChars = ['?', '<', '>', ':', '*', '|', '"', chr(0), "\n", "\r"]; + $this->initialState->provideInitialState('forbiddenCharacters', $forbiddenChars); + $event = new LoadAdditionalScriptsEvent(); $this->eventDispatcher->dispatchTyped($event); $this->eventDispatcher->dispatchTyped(new ResourcesLoadAdditionalScriptsEvent()); diff --git a/apps/files/src/components/FileEntry.vue b/apps/files/src/components/FileEntry.vue index 2a5db5e858fee..e667c98d7f3f5 100644 --- a/apps/files/src/components/FileEntry.vue +++ b/apps/files/src/components/FileEntry.vue @@ -231,12 +231,15 @@ import CustomElementRender from './CustomElementRender.vue' import CustomSvgIconRender from './CustomSvgIconRender.vue' import FavoriteIcon from './FavoriteIcon.vue' import logger from '../logger.js' +import { loadState } from '@nextcloud/initial-state' // The registered actions list const actions = getFileActions() Vue.directive('onClickOutside', vOnClickOutside) +const forbiddenCharacters = loadState('files', 'forbiddenCharacters', []) + export default Vue.extend({ name: 'FileEntry', @@ -786,6 +789,9 @@ export default Vue.extend({ throw new Error(this.t('files', 'File name cannot be empty.')) } else if (trimmedName.indexOf('/') !== -1) { throw new Error(this.t('files', '"/" is not allowed inside a file name.')) + } else if (forbiddenCharacters.some(char => trimmedName.indexOf(char) !== -1)) { + const char = forbiddenCharacters.find(char => trimmedName.indexOf(char) !== -1) + throw new Error(this.t('files', '"{char}" is not allowed inside a file name.', { char })) } else if (trimmedName.match(OC.config.blacklist_files_regex)) { throw new Error(this.t('files', '"{name}" is not an allowed filetype.', { name })) } else if (this.checkIfNodeExists(name)) {