Peter M. Groen / knowledgetree

Commit 3aaa6d6da3ffd353ca67a922e86171a12da8bdee

Authored by Megan Watson
1 parent 141dbeb6

BBS-1009 

"Folder or files with the Test Character set as their names cannot be manipulated in WebDAV in any way."
Added validation functions for special characters - /\?,.:"'*. Validation is on adding / renaming folders and documents.

Committed by: Megan Watson
Reviewed by: Conrad Vermeulen



git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7391 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 7 changed files with 133 additions and 3 deletions
lib/validation/dispatchervalidation.inc.php
  View file @3aaa6d6
... ... @@ -225,6 +225,26 @@ class KTDispatcherValidation {
225 225 return $sString;
226 226 }
227 227  
  228 + function validateIllegalCharacters($sString, $aOptions = null) {
  229 + $sString = trim($sString);
  230 + if (empty($sString)) {
  231 + $aOptions['message'] = KTUtil::arrayGet($aOptions,
  232 + 'message', _kt("An empty string was given"));
  233 + $this->handleError($aOptions);
  234 + }
  235 +
  236 + // illegal characters: /\ <>|%+':"?*
  237 + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]";
  238 + if(preg_match($pattern, $sString)){
  239 + $sChars = "\/<>|%+*':\"?";
  240 + $sMessage = sprintf(_kt('The value you have entered is invalid. The following characters are not allowed: %s'), $sChars);
  241 + $aOptions['message'] = KTUtil::arrayGet($aOptions, 'illegal_character_message', $sMessage);
  242 + $this->handleError($aOptions);
  243 + }
  244 +
  245 + return $sString;
  246 + }
  247 +
228 248 // validate a STRING to an integer
229 249 function validateInteger($sInteger, $aOptions = null) {
230 250 $sInteger = trim($sInteger);
... ...
plugins/ktcore/KTCorePlugin.php
  View file @3aaa6d6
... ... @@ -174,6 +174,7 @@ class KTCorePlugin extends KTPlugin {
174 174  
175 175 // validators
176 176 $this->registerValidator('KTStringValidator', 'ktcore.validators.string', 'KTValidators.php');
  177 + $this->registerValidator('KTIllegalCharValidator', 'ktcore.validators.illegal_char', 'KTValidators.php');
177 178 $this->registerValidator('KTEntityValidator', 'ktcore.validators.entity', 'KTValidators.php');
178 179 $this->registerValidator('KTRequiredValidator', 'ktcore.validators.required', 'KTValidators.php');
179 180 $this->registerValidator('KTEmailValidator', 'ktcore.validators.emailaddress', 'KTValidators.php');
... ... @@ -183,6 +184,7 @@ class KTCorePlugin extends KTPlugin {
183 184 $this->registerValidator('KTFieldsetValidator', 'ktcore.validators.fieldset', 'KTValidators.php');
184 185 $this->registerValidator('KTFileValidator', 'ktcore.validators.file', 'KTValidators.php');
185 186 $this->registerValidator('KTRequiredFileValidator', 'ktcore.validators.requiredfile', 'KTValidators.php');
  187 + $this->registerValidator('KTFileIllegalCharValidator', 'ktcore.validators.fileillegalchar', 'KTValidators.php');
186 188 $this->registerValidator('KTArrayValidator', 'ktcore.validators.array', 'KTValidators.php');
187 189  
188 190 // criterion
... ...
plugins/ktcore/KTFolderActions.php
  View file @3aaa6d6
... ... @@ -96,7 +96,12 @@ class KTFolderAddFolderAction extends KTFolderAction {
96 96 $oForm->setValidators(array(
97 97 array('ktcore.validators.string', array(
98 98 'test' => 'name',
99   - 'output' => 'name')),
  99 + 'output' => 'name',
  100 + )),
  101 + array('ktcore.validators.illegal_char', array(
  102 + 'test' => 'name',
  103 + 'output' => 'name',
  104 + )),
100 105 ));
101 106  
102 107 return $oForm;
... ...
plugins/ktcore/KTValidators.php
  View file @3aaa6d6
... ... @@ -89,6 +89,53 @@ class KTStringValidator extends KTValidator {
89 89 }
90 90 }
91 91  
  92 +class KTIllegalCharValidator extends KTValidator {
  93 + var $sNamespace = 'ktcore.validators.illegal_char';
  94 + var $sWarning;
  95 +
  96 + function configure($aOptions) {
  97 + $res = parent::configure($aOptions);
  98 + if (PEAR::isError($res)) {
  99 + return $res;
  100 + }
  101 +
  102 + $sChars = "\/*<>|%+':\"?";
  103 + $sWarning = sprintf(_kt('The value you have entered is invalid. The following characters are not allowed: %s'), $sChars);
  104 + $this->sWarning = KTUtil::arrayGet($aOptions, 'illegal_character_warning', $sWarning);
  105 +
  106 + $this->bTrim = KTUtil::arrayGet($aOptions, 'trim', true, false);
  107 + }
  108 +
  109 + function validate($data) {
  110 + $results = array();
  111 + $errors = array();
  112 +
  113 + // very simple if we're required and not present, fail
  114 + // otherwise, its ok.
  115 + $val = KTUtil::arrayGet($data, $this->sInputVariable);
  116 +
  117 + if ($this->bTrim) {
  118 + $val = trim($val);
  119 + }
  120 +
  121 + // illegal characters: \/ *<>|%+':"?
  122 + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]";
  123 + // "'^[^:]+:(?:[0-9a-z\.\?&-_=\+\/]+[\.]{1})*(?:[0-9a-z\.\?&-_=\+\/]+\.)[a-z]{2,3}.*$'i"
  124 + if(preg_match($pattern, $val)){
  125 + $errors[$this->sBasename] = $this->sWarning;
  126 + }
  127 +
  128 + if ($this->bProduceOutput) {
  129 + $results[$this->sOutputVariable] = $val;
  130 + }
  131 +
  132 + return array(
  133 + 'errors' => $errors,
  134 + 'results' => $results,
  135 + );
  136 + }
  137 +}
  138 +
92 139 class KTEntityValidator extends KTValidator {
93 140 var $sNamespace = 'ktcore.validators.entity';
94 141  
... ... @@ -429,6 +476,52 @@ class KTFileValidator extends KTValidator {
429 476 }
430 477 }
431 478  
  479 +class KTFileIllegalCharValidator extends KTValidator {
  480 + var $sNamespace = 'ktcore.validators.fileillegalchar';
  481 + var $sWarning;
  482 +
  483 + function configure($aOptions) {
  484 + $res = parent::configure($aOptions);
  485 + if (PEAR::isError($res)) {
  486 + return $res;
  487 + }
  488 +
  489 + $sChars = "\/*<>|%+':\"?";
  490 + $sWarning = sprintf(_kt('The name of the document selected is invalid. The following characters are not allowed: %s'), $sChars);
  491 + $this->sWarning = KTUtil::arrayGet($aOptions, 'file_illegal_character_warning', $sWarning);
  492 +
  493 + $this->bTrim = KTUtil::arrayGet($aOptions, 'trim', true, false);
  494 + }
  495 +
  496 + function validate($data) {
  497 + $results = array();
  498 + $errors = array();
  499 +
  500 + $aFile = (array) KTUtil::arrayGet($data, $this->sInputVariable);
  501 +
  502 + // Get the file name
  503 + $val = $aFile['name'];
  504 + if ($this->bTrim) {
  505 + $val = trim($val);
  506 + }
  507 +
  508 + // illegal characters: \/ *<>|%+':"?
  509 + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]";
  510 + if(preg_match($pattern, $val)){
  511 + $errors[$this->sBasename] = $this->sWarning;
  512 + }
  513 +
  514 + if ($this->bProduceOutput) {
  515 + $results[$this->sOutputVariable] = $aFile;
  516 + }
  517 +
  518 + return array(
  519 + 'errors' => $errors,
  520 + 'results' => $results,
  521 + );
  522 + }
  523 +}
  524 +
432 525  
433 526 class KTArrayValidator extends KTValidator {
434 527 var $sNamespace = 'ktcore.validators.array';
... ...
plugins/ktcore/document/Rename.php
  View file @3aaa6d6
... ... @@ -77,7 +77,7 @@ class KTDocumentRenameAction extends KTDocumentAction {
77 77 $fields = array();
78 78  
79 79 $fields[] = new KTStaticTextWidget(_kt('Current file name'), _kt('The current file name is shown below:'), 'oldfilename', $this->oDocument->getFileName(), $this->oPage, false);
80   - $fields[] = new KTStringWidget(_kt('New file name'), _kt('The name to which the current file should be renamed.'), 'filename', "", $this->oPage, true);
  80 + $fields[] = new KTStringWidget(_kt('New file name'), _kt('The name to which the current file should be renamed.'), 'filename', $this->oDocument->getFileName(), $this->oPage, true);
81 81  
82 82 $oTemplate->setData(array(
83 83 'context' => &$this,
... ... @@ -95,6 +95,7 @@ class KTDocumentRenameAction extends KTDocumentAction {
95 95 'max_str_len' => 255,
96 96 );
97 97 $this->oValidator->validateString($sFilename, $aOptions);
  98 + $this->oValidator->validateIllegalCharacters($sFilename, $aOptions);
98 99  
99 100 $res = KTDocumentUtil::rename($this->oDocument, $sFilename, $this->oUser);
100 101 if (PEAR::isError($res)) {
... ...
plugins/ktcore/folder/Rename.php
  View file @3aaa6d6
... ... @@ -55,7 +55,7 @@ class KTFolderRenameAction extends KTFolderAction {
55 55 $oTemplate =& $this->oValidator->validateTemplate('ktcore/folder/rename');
56 56  
57 57 $fields = array();
58   - $fields[] = new KTStringWidget(_kt('New folder name'), _kt('The name to which the current folder should be renamed.'), 'foldername', "", $this->oPage, true);
  58 + $fields[] = new KTStringWidget(_kt('New folder name'), _kt('The name to which the current folder should be renamed.'), 'foldername', $this->oFolder->getName(), $this->oPage, true);
59 59  
60 60 $oTemplate->setData(array(
61 61 'context' => &$this,
... ... @@ -72,6 +72,7 @@ class KTFolderRenameAction extends KTFolderAction {
72 72 $sFolderName = KTUtil::arrayGet($_REQUEST, 'foldername');
73 73 $aErrorOptions['defaultmessage'] = _kt("No folder name given");
74 74 $sFolderName = $this->oValidator->validateString($sFolderName, $aErrorOptions);
  75 + $sFolderName = $this->oValidator->validateIllegalCharacters($sFolderName, $aErrorOptions);
75 76 $sOldFolderName = $this->oFolder->getName();
76 77  
77 78 if ($this->oFolder->getId() != 1) {
... ...
plugins/ktcore/folder/addDocument.php
  View file @3aaa6d6
... ... @@ -132,10 +132,18 @@ class KTFolderAddDocumentAction extends KTFolderAction {
132 132 'test' => 'file',
133 133 'output' => 'file',
134 134 )),
  135 + array('ktcore.validators.fileillegalchar', array(
  136 + 'test' => 'file',
  137 + 'output' => 'file',
  138 + )),
135 139 array('ktcore.validators.string', array(
136 140 'test' => 'document_name',
137 141 'output' => 'document_name',
138 142 )),
  143 + array('ktcore.validators.illegal_char', array(
  144 + 'test' => 'document_name',
  145 + 'output' => 'document_name',
  146 + )),
139 147 array('ktcore.validators.entity', array(
140 148 'test' => 'document_type',
141 149 'output' => 'document_type',
... ...