Skip to content
Snippets Groups Projects
Commit 8bea1604 authored by Nick Anton Christoph Kleine-Tebbe's avatar Nick Anton Christoph Kleine-Tebbe
Browse files

file/folder names checked for dangerous characters

parent 5a9f188e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
api/routes/kolloquiums.js
+ 51
10
View file @ 8bea1604
......@@ -9,6 +9,35 @@ function getDirectories(path) {
});
}
// function removeDangerousSymbols(title) {
// return title
// }
function removeDangerousSymbols(fname) {
// https://stackoverflow.com/a/31976060
// https://gist.github.com/doctaphred/d01d05291546186941e1b7ddc02034d3
const fname_original = fname;
// resolve multi-line, whitespace trimming
fname = fname.split(/[\r\n]/).map(s => s.trim()).filter(s => s.length).join(" ");
// forbidden characters
// (after multi-line, because new-line-chars are themselves forbidden characters)
fname = fname.replaceAll(/[<>.:"\/\\\|?*\x00-\x1F]/g, '');
// advanced trim
fname = fname.replace(/\.$/, "");
// empty filename
if (!fname.length) {
fname = '_';
}
// forbidden filenames
if (fname.match(/^(CON|PRN|AUX|NUL|COM1|COM2|COM3|COM4|COM5|COM6|COM7|COM8|COM9|LPT1|LPT2|LPT3|LPT4|LPT5|LPT6|LPT7|LPT8|LPT9)(\..+)?$/)) {
fname = `_${fname}`;
}
return fname;
}
fs.mkdir('Kolloquiums',function(err) {
if (err && err.code === "EEXIST") {
console.log('Kolloquiums Directory already existed')
......@@ -33,14 +62,16 @@ router.use('/getKolloquiums', (req, res) => {
router.use('/deleteKolloquium', (req, res) => {
console.log('deleting Kolloquium')
let { title } = req.body
if(title == '') {
if(!title || title.trim().length == 0) {
console.error('Folder has no name')
return res.json({
status: 'error',
message: 'Folder has no name'
})
}
fs.rmdir("Kolloquiums/" + title, function(err) {
let safeTitle = removeDangerousSymbols(title)
fs.rmdir("Kolloquiums/" + safeTitle, function(err) {
if (err) {
console.error(err);
return res.json({
......@@ -51,7 +82,7 @@ router.use('/deleteKolloquium', (req, res) => {
});
return res.json({
status: 'success',
message: 'removed Kolloquium ' + title
message: 'removed Kolloquium ' + safeTitle
})
})
......@@ -60,12 +91,20 @@ router.use('/createKolloquium', (req, res) => {
console.log('creating Kolloquium')
console.log(req.body)
let { title } = req.body
fs.mkdir('Kolloquiums/' + title,function(err) {
if( !title || title.trim().length == 0) {
console.error('Title was empty')
return res.json({
status: 'error',
message: 'Title was empty'
})
}
let safeTitle = removeDangerousSymbols(title)
fs.mkdir('Kolloquiums/' + safeTitle, function(err) {
if (err && err.code === "EEXIST") {
console.warn('Directory "' + title + '" already existed')
console.warn('Directory "' + safeTitle + '" already existed')
return res.json({
status: 'warning',
message: 'Directory "' + title + '" already existed'
message: 'Directory "' + safeTitle + '" already existed'
})
}
else if (err && err.code != "EEXIST") {
......@@ -76,10 +115,10 @@ router.use('/createKolloquium', (req, res) => {
})
}
else {
console.log('Directory "' + title + '" created successfully!');
console.log('Directory "' + safeTitle + '" created successfully!');
return res.json({
status: 'success',
message: 'Directory "' + title + '" created successfully!'
message: 'Directory "' + safeTitle + '" created successfully!'
})
}
});
......@@ -90,14 +129,16 @@ router.use('/renameKolloquium', (req, res) => {
console.log('renaming Kolloquium')
console.log(req.body);
let { oldTitle, newTitle } = req.body
if( oldTitle == '' || newTitle == '') {
if( !oldTitle || oldTitle.trim().length == 0 || !newTitle || newTitle.trim().length == 0) {
console.error('at least one of the names was empty')
return res.json({
status: 'error',
message: 'at least one of the names was empty'
})
}
fs.rename('Kolloquiums/' + oldTitle, 'Kolloquiums/' + newTitle, (err) => {
let oldSafeTitle = removeDangerousSymbols(oldTitle)
let newSafeTitle = removeDangerousSymbols(newTitle)
fs.rename('Kolloquiums/' + oldSafeTitle, 'Kolloquiums/' + newSafeTitle, (err) => {
if(err) {
console.error(err);
return res.json({
......
pages/index.vue
+ 5
5
View file @ 8bea1604
......@@ -22,7 +22,7 @@
@update:title="kolloquium.title=$event"
:inEdit="kolloquium.inEdit"
@update:inEdit="toggleEdit(kolloquium, $event)"
@deleteKolloquium="deleteKolloquium(kolloquium)"
@deleteKolloquium="deleteKolloquium(kolloquium.title)"
/>
<ListItem
@click.native="createNewKolloquium()"
......@@ -112,14 +112,14 @@ export default {
if(createNew){
kolloquium.title = title
kolloquium.isNew = false
if (!title || title == '') {
if (!title || title.trim().length == 0) {
this.deleteKolloquium(title)
return
}
this.$axios.post('api/createKolloquium', { title: title })
}
else if (changeName) {
if (title == '') {
if (!title || title.trim().length == 0) {
return
}
kolloquium.title = title
......@@ -127,10 +127,10 @@ export default {
}
},
deleteKolloquium(kolloquiumToDelete) {
this.kolloquiums = this.kolloquiums.filter(kolloquium => kolloquium.title != kolloquiumToDelete.title);
this.kolloquiums = this.kolloquiums.filter(kolloquium => kolloquium.title != kolloquiumToDelete);
this.selectedKolloquium = ""
if(kolloquiumToDelete != ''){
this.$axios.post('api/deleteKolloquium', { title: kolloquiumToDelete.title })
this.$axios.post('api/deleteKolloquium', { title: kolloquiumToDelete })
}
},
},
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment