diff --git a/api/routes/kolloquiums.js b/api/routes/kolloquiums.js
index 241463ef093d4a5f933c3721cf8e87fdad948d57..d12858ae114112ad2e679375e4694cf397e34d78 100644
--- a/api/routes/kolloquiums.js
+++ b/api/routes/kolloquiums.js
@@ -9,6 +9,35 @@ function getDirectories(path) {
});
}
+// function removeDangerousSymbols(title) {
+// return title
+// }
+
+function removeDangerousSymbols(fname) {
+ // https://stackoverflow.com/a/31976060
+ // https://gist.github.com/doctaphred/d01d05291546186941e1b7ddc02034d3
+
+ const fname_original = fname;
+
+ // resolve multi-line, whitespace trimming
+ fname = fname.split(/[\r\n]/).map(s => s.trim()).filter(s => s.length).join(" ");
+ // forbidden characters
+ // (after multi-line, because new-line-chars are themselves forbidden characters)
+ fname = fname.replaceAll(/[<>.:"\/\\\|?*\x00-\x1F]/g, '');
+ // advanced trim
+ fname = fname.replace(/\.$/, "");
+ // empty filename
+ if (!fname.length) {
+ fname = '_';
+ }
+ // forbidden filenames
+ if (fname.match(/^(CON|PRN|AUX|NUL|COM1|COM2|COM3|COM4|COM5|COM6|COM7|COM8|COM9|LPT1|LPT2|LPT3|LPT4|LPT5|LPT6|LPT7|LPT8|LPT9)(\..+)?$/)) {
+ fname = `_${fname}`;
+ }
+
+ return fname;
+}
+
fs.mkdir('Kolloquiums',function(err) {
if (err && err.code === "EEXIST") {
console.log('Kolloquiums Directory already existed')
@@ -33,14 +62,16 @@ router.use('/getKolloquiums', (req, res) => {
router.use('/deleteKolloquium', (req, res) => {
console.log('deleting Kolloquium')
let { title } = req.body
- if(title == '') {
+ if(!title || title.trim().length == 0) {
console.error('Folder has no name')
return res.json({
status: 'error',
message: 'Folder has no name'
})
}
- fs.rmdir("Kolloquiums/" + title, function(err) {
+
+ let safeTitle = removeDangerousSymbols(title)
+ fs.rmdir("Kolloquiums/" + safeTitle, function(err) {
if (err) {
console.error(err);
return res.json({
@@ -51,7 +82,7 @@ router.use('/deleteKolloquium', (req, res) => {
});
return res.json({
status: 'success',
- message: 'removed Kolloquium ' + title
+ message: 'removed Kolloquium ' + safeTitle
})
})
@@ -60,12 +91,20 @@ router.use('/createKolloquium', (req, res) => {
console.log('creating Kolloquium')
console.log(req.body)
let { title } = req.body
- fs.mkdir('Kolloquiums/' + title,function(err) {
+ if( !title || title.trim().length == 0) {
+ console.error('Title was empty')
+ return res.json({
+ status: 'error',
+ message: 'Title was empty'
+ })
+ }
+ let safeTitle = removeDangerousSymbols(title)
+ fs.mkdir('Kolloquiums/' + safeTitle, function(err) {
if (err && err.code === "EEXIST") {
- console.warn('Directory "' + title + '" already existed')
+ console.warn('Directory "' + safeTitle + '" already existed')
return res.json({
status: 'warning',
- message: 'Directory "' + title + '" already existed'
+ message: 'Directory "' + safeTitle + '" already existed'
})
}
else if (err && err.code != "EEXIST") {
@@ -76,10 +115,10 @@ router.use('/createKolloquium', (req, res) => {
})
}
else {
- console.log('Directory "' + title + '" created successfully!');
+ console.log('Directory "' + safeTitle + '" created successfully!');
return res.json({
status: 'success',
- message: 'Directory "' + title + '" created successfully!'
+ message: 'Directory "' + safeTitle + '" created successfully!'
})
}
});
@@ -90,14 +129,16 @@ router.use('/renameKolloquium', (req, res) => {
console.log('renaming Kolloquium')
console.log(req.body);
let { oldTitle, newTitle } = req.body
- if( oldTitle == '' || newTitle == '') {
+ if( !oldTitle || oldTitle.trim().length == 0 || !newTitle || newTitle.trim().length == 0) {
console.error('at least one of the names was empty')
return res.json({
status: 'error',
message: 'at least one of the names was empty'
})
}
- fs.rename('Kolloquiums/' + oldTitle, 'Kolloquiums/' + newTitle, (err) => {
+ let oldSafeTitle = removeDangerousSymbols(oldTitle)
+ let newSafeTitle = removeDangerousSymbols(newTitle)
+ fs.rename('Kolloquiums/' + oldSafeTitle, 'Kolloquiums/' + newSafeTitle, (err) => {
if(err) {
console.error(err);
return res.json({
diff --git a/pages/index.vue b/pages/index.vue
index 9917d0dc46d5e989eb665778c070b6cb7e6f706d..b5ce5998056ad03095407d1da19eb4b50403ef8d 100644
--- a/pages/index.vue
+++ b/pages/index.vue
@@ -22,7 +22,7 @@
@update:title="kolloquium.title=$event"
:inEdit="kolloquium.inEdit"
@update:inEdit="toggleEdit(kolloquium, $event)"
- @deleteKolloquium="deleteKolloquium(kolloquium)"
+ @deleteKolloquium="deleteKolloquium(kolloquium.title)"
/>
<ListItem
@click.native="createNewKolloquium()"
@@ -112,14 +112,14 @@ export default {
if(createNew){
kolloquium.title = title
kolloquium.isNew = false
- if (!title || title == '') {
+ if (!title || title.trim().length == 0) {
this.deleteKolloquium(title)
return
}
this.$axios.post('api/createKolloquium', { title: title })
}
else if (changeName) {
- if (title == '') {
+ if (!title || title.trim().length == 0) {
return
}
kolloquium.title = title
@@ -127,10 +127,10 @@ export default {
}
},
deleteKolloquium(kolloquiumToDelete) {
- this.kolloquiums = this.kolloquiums.filter(kolloquium => kolloquium.title != kolloquiumToDelete.title);
+ this.kolloquiums = this.kolloquiums.filter(kolloquium => kolloquium.title != kolloquiumToDelete);
this.selectedKolloquium = ""
if(kolloquiumToDelete != ''){
- this.$axios.post('api/deleteKolloquium', { title: kolloquiumToDelete.title })
+ this.$axios.post('api/deleteKolloquium', { title: kolloquiumToDelete })
}
},
},