diff --git a/lib/validation/dispatchervalidation.inc.php b/lib/validation/dispatchervalidation.inc.php index 40422e5..5e539be 100644 --- a/lib/validation/dispatchervalidation.inc.php +++ b/lib/validation/dispatchervalidation.inc.php @@ -225,6 +225,26 @@ class KTDispatcherValidation { return $sString; } + function validateIllegalCharacters($sString, $aOptions = null) { + $sString = trim($sString); + if (empty($sString)) { + $aOptions['message'] = KTUtil::arrayGet($aOptions, + 'message', _kt("An empty string was given")); + $this->handleError($aOptions); + } + + // illegal characters: /\ <>|%+':"?* + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]"; + if(preg_match($pattern, $sString)){ + $sChars = "\/<>|%+*':\"?"; + $sMessage = sprintf(_kt('The value you have entered is invalid. The following characters are not allowed: %s'), $sChars); + $aOptions['message'] = KTUtil::arrayGet($aOptions, 'illegal_character_message', $sMessage); + $this->handleError($aOptions); + } + + return $sString; + } + // validate a STRING to an integer function validateInteger($sInteger, $aOptions = null) { $sInteger = trim($sInteger); diff --git a/plugins/ktcore/KTCorePlugin.php b/plugins/ktcore/KTCorePlugin.php index 24bc338..5a9b5bc 100644 --- a/plugins/ktcore/KTCorePlugin.php +++ b/plugins/ktcore/KTCorePlugin.php @@ -174,6 +174,7 @@ class KTCorePlugin extends KTPlugin { // validators $this->registerValidator('KTStringValidator', 'ktcore.validators.string', 'KTValidators.php'); + $this->registerValidator('KTIllegalCharValidator', 'ktcore.validators.illegal_char', 'KTValidators.php'); $this->registerValidator('KTEntityValidator', 'ktcore.validators.entity', 'KTValidators.php'); $this->registerValidator('KTRequiredValidator', 'ktcore.validators.required', 'KTValidators.php'); $this->registerValidator('KTEmailValidator', 'ktcore.validators.emailaddress', 'KTValidators.php'); @@ -183,6 +184,7 @@ class KTCorePlugin extends KTPlugin { $this->registerValidator('KTFieldsetValidator', 'ktcore.validators.fieldset', 'KTValidators.php'); $this->registerValidator('KTFileValidator', 'ktcore.validators.file', 'KTValidators.php'); $this->registerValidator('KTRequiredFileValidator', 'ktcore.validators.requiredfile', 'KTValidators.php'); + $this->registerValidator('KTFileIllegalCharValidator', 'ktcore.validators.fileillegalchar', 'KTValidators.php'); $this->registerValidator('KTArrayValidator', 'ktcore.validators.array', 'KTValidators.php'); // criterion diff --git a/plugins/ktcore/KTFolderActions.php b/plugins/ktcore/KTFolderActions.php index 8c4e096..bb42722 100644 --- a/plugins/ktcore/KTFolderActions.php +++ b/plugins/ktcore/KTFolderActions.php @@ -96,7 +96,12 @@ class KTFolderAddFolderAction extends KTFolderAction { $oForm->setValidators(array( array('ktcore.validators.string', array( 'test' => 'name', - 'output' => 'name')), + 'output' => 'name', + )), + array('ktcore.validators.illegal_char', array( + 'test' => 'name', + 'output' => 'name', + )), )); return $oForm; diff --git a/plugins/ktcore/KTValidators.php b/plugins/ktcore/KTValidators.php index 5faccfb..de68cbb 100644 --- a/plugins/ktcore/KTValidators.php +++ b/plugins/ktcore/KTValidators.php @@ -89,6 +89,53 @@ class KTStringValidator extends KTValidator { } } +class KTIllegalCharValidator extends KTValidator { + var $sNamespace = 'ktcore.validators.illegal_char'; + var $sWarning; + + function configure($aOptions) { + $res = parent::configure($aOptions); + if (PEAR::isError($res)) { + return $res; + } + + $sChars = "\/*<>|%+':\"?"; + $sWarning = sprintf(_kt('The value you have entered is invalid. The following characters are not allowed: %s'), $sChars); + $this->sWarning = KTUtil::arrayGet($aOptions, 'illegal_character_warning', $sWarning); + + $this->bTrim = KTUtil::arrayGet($aOptions, 'trim', true, false); + } + + function validate($data) { + $results = array(); + $errors = array(); + + // very simple if we're required and not present, fail + // otherwise, its ok. + $val = KTUtil::arrayGet($data, $this->sInputVariable); + + if ($this->bTrim) { + $val = trim($val); + } + + // illegal characters: \/ *<>|%+':"? + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]"; + // "'^[^:]+:(?:[0-9a-z\.\?&-_=\+\/]+[\.]{1})*(?:[0-9a-z\.\?&-_=\+\/]+\.)[a-z]{2,3}.*$'i" + if(preg_match($pattern, $val)){ + $errors[$this->sBasename] = $this->sWarning; + } + + if ($this->bProduceOutput) { + $results[$this->sOutputVariable] = $val; + } + + return array( + 'errors' => $errors, + 'results' => $results, + ); + } +} + class KTEntityValidator extends KTValidator { var $sNamespace = 'ktcore.validators.entity'; @@ -429,6 +476,52 @@ class KTFileValidator extends KTValidator { } } +class KTFileIllegalCharValidator extends KTValidator { + var $sNamespace = 'ktcore.validators.fileillegalchar'; + var $sWarning; + + function configure($aOptions) { + $res = parent::configure($aOptions); + if (PEAR::isError($res)) { + return $res; + } + + $sChars = "\/*<>|%+':\"?"; + $sWarning = sprintf(_kt('The name of the document selected is invalid. The following characters are not allowed: %s'), $sChars); + $this->sWarning = KTUtil::arrayGet($aOptions, 'file_illegal_character_warning', $sWarning); + + $this->bTrim = KTUtil::arrayGet($aOptions, 'trim', true, false); + } + + function validate($data) { + $results = array(); + $errors = array(); + + $aFile = (array) KTUtil::arrayGet($data, $this->sInputVariable); + + // Get the file name + $val = $aFile['name']; + if ($this->bTrim) { + $val = trim($val); + } + + // illegal characters: \/ *<>|%+':"? + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]"; + if(preg_match($pattern, $val)){ + $errors[$this->sBasename] = $this->sWarning; + } + + if ($this->bProduceOutput) { + $results[$this->sOutputVariable] = $aFile; + } + + return array( + 'errors' => $errors, + 'results' => $results, + ); + } +} + class KTArrayValidator extends KTValidator { var $sNamespace = 'ktcore.validators.array'; diff --git a/plugins/ktcore/document/Rename.php b/plugins/ktcore/document/Rename.php index 571382a..7c0ac13 100644 --- a/plugins/ktcore/document/Rename.php +++ b/plugins/ktcore/document/Rename.php @@ -77,7 +77,7 @@ class KTDocumentRenameAction extends KTDocumentAction { $fields = array(); $fields[] = new KTStaticTextWidget(_kt('Current file name'), _kt('The current file name is shown below:'), 'oldfilename', $this->oDocument->getFileName(), $this->oPage, false); - $fields[] = new KTStringWidget(_kt('New file name'), _kt('The name to which the current file should be renamed.'), 'filename', "", $this->oPage, true); + $fields[] = new KTStringWidget(_kt('New file name'), _kt('The name to which the current file should be renamed.'), 'filename', $this->oDocument->getFileName(), $this->oPage, true); $oTemplate->setData(array( 'context' => &$this, @@ -95,6 +95,7 @@ class KTDocumentRenameAction extends KTDocumentAction { 'max_str_len' => 255, ); $this->oValidator->validateString($sFilename, $aOptions); + $this->oValidator->validateIllegalCharacters($sFilename, $aOptions); $res = KTDocumentUtil::rename($this->oDocument, $sFilename, $this->oUser); if (PEAR::isError($res)) { diff --git a/plugins/ktcore/folder/Rename.php b/plugins/ktcore/folder/Rename.php index 5806bb0..61dfc5f 100644 --- a/plugins/ktcore/folder/Rename.php +++ b/plugins/ktcore/folder/Rename.php @@ -55,7 +55,7 @@ class KTFolderRenameAction extends KTFolderAction { $oTemplate =& $this->oValidator->validateTemplate('ktcore/folder/rename'); $fields = array(); - $fields[] = new KTStringWidget(_kt('New folder name'), _kt('The name to which the current folder should be renamed.'), 'foldername', "", $this->oPage, true); + $fields[] = new KTStringWidget(_kt('New folder name'), _kt('The name to which the current folder should be renamed.'), 'foldername', $this->oFolder->getName(), $this->oPage, true); $oTemplate->setData(array( 'context' => &$this, @@ -72,6 +72,7 @@ class KTFolderRenameAction extends KTFolderAction { $sFolderName = KTUtil::arrayGet($_REQUEST, 'foldername'); $aErrorOptions['defaultmessage'] = _kt("No folder name given"); $sFolderName = $this->oValidator->validateString($sFolderName, $aErrorOptions); + $sFolderName = $this->oValidator->validateIllegalCharacters($sFolderName, $aErrorOptions); $sOldFolderName = $this->oFolder->getName(); if ($this->oFolder->getId() != 1) { diff --git a/plugins/ktcore/folder/addDocument.php b/plugins/ktcore/folder/addDocument.php index 5c00889..60f99dc 100644 --- a/plugins/ktcore/folder/addDocument.php +++ b/plugins/ktcore/folder/addDocument.php @@ -132,10 +132,18 @@ class KTFolderAddDocumentAction extends KTFolderAction { 'test' => 'file', 'output' => 'file', )), + array('ktcore.validators.fileillegalchar', array( + 'test' => 'file', + 'output' => 'file', + )), array('ktcore.validators.string', array( 'test' => 'document_name', 'output' => 'document_name', )), + array('ktcore.validators.illegal_char', array( + 'test' => 'document_name', + 'output' => 'document_name', + )), array('ktcore.validators.entity', array( 'test' => 'document_type', 'output' => 'document_type',