Merge pull request #3950 from nextcloud/downstream-27149

Forbid to upload part files via web UI
2017-03-20 11:44:57 +01:00 · 2017-03-20 11:44:57 +01:00 · ac1aff7d92
parent c4b6ff0bab 1e61c17932
commit ac1aff7d92
6 changed files with 23 additions and 2 deletions
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@ -101,7 +101,10 @@
 				throw t('files', '"{name}" is an invalid file name.', {name: name});
 			} else if (trimmedName.length === 0) {
 				throw t('files', 'File name cannot be empty.');
+			} else if (OC.fileIsBlacklisted(trimmedName)) {
+				throw t('files', '"{name}" is not an allowed filetype', {name: name});
 			}
+
 			return true;
 		},
 		displayStorageWarnings: function() {
--- a/apps/files/tests/js/filesSpec.js
+++ b/apps/files/tests/js/filesSpec.js
@ -58,7 +58,9 @@ describe('OCA.Files.Files tests', function() {
 				' ..',
 				'.. ',
 				'. ',
-				' .'
+				' .',
+				'foo.part',
+				'bar.filepart'
 			];
 			for ( var i = 0; i < fileNames.length; i++ ) {
 				var threwException = false;
--- a/core/js/js.js
+++ b/core/js/js.js
@ -224,6 +224,14 @@ var OCP = {},
 		return link;
 	},

+	/**
+	 * Check if a user file is allowed to be handled.
+	 * @param {string} file to check
+	 */
+	fileIsBlacklisted: function(file) {
+		return !!(file.match(oc_config.blacklist_files_regex));
+	},
+
 	/**
 	 * Redirect to the target URL, can also be used for downloads.
 	 * @param {string} targetURL URL to redirect to
--- a/core/js/tests/specHelper.js
+++ b/core/js/tests/specHelper.js
@ -94,7 +94,8 @@ window.oc_appswebroots = {
 };
 window.oc_config = {
 	session_lifetime: 600 * 1000,
-	session_keepalive: false
+	session_keepalive: false,
+	blacklist_files_regex: '\.(part|filepart)$',
 };
 window.oc_appconfig = {
 	core: {}
--- a/lib/private/Template/JSConfigHelper.php
+++ b/lib/private/Template/JSConfigHelper.php
@ -209,6 +209,7 @@ class JSConfigHelper {
 				'modRewriteWorking'	=> ($this->config->getSystemValue('htaccess.IgnoreFrontController', false) === true || getenv('front_controller_active') === 'true'),
 				'sharing.maxAutocompleteResults' => intval($this->config->getSystemValue('sharing.maxAutocompleteResults', 0)),
 				'sharing.minSearchStringLength' => intval($this->config->getSystemValue('sharing.minSearchStringLength', 0)),
+				'blacklist_files_regex' => \OCP\Files\FileInfo::BLACKLIST_FILES_REGEX,
 			]),
 			"oc_appconfig" => json_encode([
 				'core' => [
--- a/lib/public/Files/FileInfo.php
+++ b/lib/public/Files/FileInfo.php
@ -63,6 +63,12 @@ interface FileInfo {
 	 */
 	const MIMETYPE_FOLDER = 'httpd/unix-directory';

+	/**
+	 * @const \OCP\Files\FileInfo::BLACKLIST_FILES_REGEX Return regular expression to test filenames against (blacklisting)
+	 * @since 12.0.0
+	 */
+	const BLACKLIST_FILES_REGEX = '\.(part|filepart)$';
+
 	/**
 	 * Get the Etag of the file or folder
 	 *