Peter M. Groen / knowledgetree

Commit 3aaa6d6da3ffd353ca67a922e86171a12da8bdee

Authored by Megan Watson
1 parent 141dbeb6

BBS-1009 

"Folder or files with the Test Character set as their names cannot be manipulated in WebDAV in any way."
Added validation functions for special characters - /\?,.:"'*. Validation is on adding / renaming folders and documents.

Committed by: Megan Watson
Reviewed by: Conrad Vermeulen



git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7391 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 7 changed files with 133 additions and 3 deletions
lib/validation/dispatchervalidation.inc.php
  View file @3aaa6d6
@@ -225,6 +225,26 @@ class KTDispatcherValidation { @@ -225,6 +225,26 @@ class KTDispatcherValidation {
225 return $sString; 225 return $sString;
226 } 226 }
227 227
  228 + function validateIllegalCharacters($sString, $aOptions = null) {
  229 + $sString = trim($sString);
  230 + if (empty($sString)) {
  231 + $aOptions['message'] = KTUtil::arrayGet($aOptions,
  232 + 'message', _kt("An empty string was given"));
  233 + $this->handleError($aOptions);
  234 + }
  235 +
  236 + // illegal characters: /\ <>|%+':"?*
  237 + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]";
  238 + if(preg_match($pattern, $sString)){
  239 + $sChars = "\/<>|%+*':\"?";
  240 + $sMessage = sprintf(_kt('The value you have entered is invalid. The following characters are not allowed: %s'), $sChars);
  241 + $aOptions['message'] = KTUtil::arrayGet($aOptions, 'illegal_character_message', $sMessage);
  242 + $this->handleError($aOptions);
  243 + }
  244 +
  245 + return $sString;
  246 + }
  247 +
228 // validate a STRING to an integer 248 // validate a STRING to an integer
229 function validateInteger($sInteger, $aOptions = null) { 249 function validateInteger($sInteger, $aOptions = null) {
230 $sInteger = trim($sInteger); 250 $sInteger = trim($sInteger);
plugins/ktcore/KTCorePlugin.php
  View file @3aaa6d6
@@ -174,6 +174,7 @@ class KTCorePlugin extends KTPlugin { @@ -174,6 +174,7 @@ class KTCorePlugin extends KTPlugin {
174 174
175 // validators 175 // validators
176 $this->registerValidator('KTStringValidator', 'ktcore.validators.string', 'KTValidators.php'); 176 $this->registerValidator('KTStringValidator', 'ktcore.validators.string', 'KTValidators.php');
  177 + $this->registerValidator('KTIllegalCharValidator', 'ktcore.validators.illegal_char', 'KTValidators.php');
177 $this->registerValidator('KTEntityValidator', 'ktcore.validators.entity', 'KTValidators.php'); 178 $this->registerValidator('KTEntityValidator', 'ktcore.validators.entity', 'KTValidators.php');
178 $this->registerValidator('KTRequiredValidator', 'ktcore.validators.required', 'KTValidators.php'); 179 $this->registerValidator('KTRequiredValidator', 'ktcore.validators.required', 'KTValidators.php');
179 $this->registerValidator('KTEmailValidator', 'ktcore.validators.emailaddress', 'KTValidators.php'); 180 $this->registerValidator('KTEmailValidator', 'ktcore.validators.emailaddress', 'KTValidators.php');
@@ -183,6 +184,7 @@ class KTCorePlugin extends KTPlugin { @@ -183,6 +184,7 @@ class KTCorePlugin extends KTPlugin {
183 $this->registerValidator('KTFieldsetValidator', 'ktcore.validators.fieldset', 'KTValidators.php'); 184 $this->registerValidator('KTFieldsetValidator', 'ktcore.validators.fieldset', 'KTValidators.php');
184 $this->registerValidator('KTFileValidator', 'ktcore.validators.file', 'KTValidators.php'); 185 $this->registerValidator('KTFileValidator', 'ktcore.validators.file', 'KTValidators.php');
185 $this->registerValidator('KTRequiredFileValidator', 'ktcore.validators.requiredfile', 'KTValidators.php'); 186 $this->registerValidator('KTRequiredFileValidator', 'ktcore.validators.requiredfile', 'KTValidators.php');
  187 + $this->registerValidator('KTFileIllegalCharValidator', 'ktcore.validators.fileillegalchar', 'KTValidators.php');
186 $this->registerValidator('KTArrayValidator', 'ktcore.validators.array', 'KTValidators.php'); 188 $this->registerValidator('KTArrayValidator', 'ktcore.validators.array', 'KTValidators.php');
187 189
188 // criterion 190 // criterion
plugins/ktcore/KTFolderActions.php
  View file @3aaa6d6
@@ -96,7 +96,12 @@ class KTFolderAddFolderAction extends KTFolderAction { @@ -96,7 +96,12 @@ class KTFolderAddFolderAction extends KTFolderAction {
96 $oForm->setValidators(array( 96 $oForm->setValidators(array(
97 array('ktcore.validators.string', array( 97 array('ktcore.validators.string', array(
98 'test' => 'name', 98 'test' => 'name',
99 - 'output' => 'name')), 99 + 'output' => 'name',
  100 + )),
  101 + array('ktcore.validators.illegal_char', array(
  102 + 'test' => 'name',
  103 + 'output' => 'name',
  104 + )),
100 )); 105 ));
101 106
102 return $oForm; 107 return $oForm;
plugins/ktcore/KTValidators.php
  View file @3aaa6d6
@@ -89,6 +89,53 @@ class KTStringValidator extends KTValidator { @@ -89,6 +89,53 @@ class KTStringValidator extends KTValidator {
89 } 89 }
90 } 90 }
91 91
  92 +class KTIllegalCharValidator extends KTValidator {
  93 + var $sNamespace = 'ktcore.validators.illegal_char';
  94 + var $sWarning;
  95 +
  96 + function configure($aOptions) {
  97 + $res = parent::configure($aOptions);
  98 + if (PEAR::isError($res)) {
  99 + return $res;
  100 + }
  101 +
  102 + $sChars = "\/*<>|%+':\"?";
  103 + $sWarning = sprintf(_kt('The value you have entered is invalid. The following characters are not allowed: %s'), $sChars);
  104 + $this->sWarning = KTUtil::arrayGet($aOptions, 'illegal_character_warning', $sWarning);
  105 +
  106 + $this->bTrim = KTUtil::arrayGet($aOptions, 'trim', true, false);
  107 + }
  108 +
  109 + function validate($data) {
  110 + $results = array();
  111 + $errors = array();
  112 +
  113 + // very simple if we're required and not present, fail
  114 + // otherwise, its ok.
  115 + $val = KTUtil::arrayGet($data, $this->sInputVariable);
  116 +
  117 + if ($this->bTrim) {
  118 + $val = trim($val);
  119 + }
  120 +
  121 + // illegal characters: \/ *<>|%+':"?
  122 + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]";
  123 + // "'^[^:]+:(?:[0-9a-z\.\?&-_=\+\/]+[\.]{1})*(?:[0-9a-z\.\?&-_=\+\/]+\.)[a-z]{2,3}.*$'i"
  124 + if(preg_match($pattern, $val)){
  125 + $errors[$this->sBasename] = $this->sWarning;
  126 + }
  127 +
  128 + if ($this->bProduceOutput) {
  129 + $results[$this->sOutputVariable] = $val;
  130 + }
  131 +
  132 + return array(
  133 + 'errors' => $errors,
  134 + 'results' => $results,
  135 + );
  136 + }
  137 +}
  138 +
92 class KTEntityValidator extends KTValidator { 139 class KTEntityValidator extends KTValidator {
93 var $sNamespace = 'ktcore.validators.entity'; 140 var $sNamespace = 'ktcore.validators.entity';
94 141
@@ -429,6 +476,52 @@ class KTFileValidator extends KTValidator { @@ -429,6 +476,52 @@ class KTFileValidator extends KTValidator {
429 } 476 }
430 } 477 }
431 478
  479 +class KTFileIllegalCharValidator extends KTValidator {
  480 + var $sNamespace = 'ktcore.validators.fileillegalchar';
  481 + var $sWarning;
  482 +
  483 + function configure($aOptions) {
  484 + $res = parent::configure($aOptions);
  485 + if (PEAR::isError($res)) {
  486 + return $res;
  487 + }
  488 +
  489 + $sChars = "\/*<>|%+':\"?";
  490 + $sWarning = sprintf(_kt('The name of the document selected is invalid. The following characters are not allowed: %s'), $sChars);
  491 + $this->sWarning = KTUtil::arrayGet($aOptions, 'file_illegal_character_warning', $sWarning);
  492 +
  493 + $this->bTrim = KTUtil::arrayGet($aOptions, 'trim', true, false);
  494 + }
  495 +
  496 + function validate($data) {
  497 + $results = array();
  498 + $errors = array();
  499 +
  500 + $aFile = (array) KTUtil::arrayGet($data, $this->sInputVariable);
  501 +
  502 + // Get the file name
  503 + $val = $aFile['name'];
  504 + if ($this->bTrim) {
  505 + $val = trim($val);
  506 + }
  507 +
  508 + // illegal characters: \/ *<>|%+':"?
  509 + $pattern = "[\*|\%|\\\|\/|\<|\>|\+|\:|\?|\||\'|\"]";
  510 + if(preg_match($pattern, $val)){
  511 + $errors[$this->sBasename] = $this->sWarning;
  512 + }
  513 +
  514 + if ($this->bProduceOutput) {
  515 + $results[$this->sOutputVariable] = $aFile;
  516 + }
  517 +
  518 + return array(
  519 + 'errors' => $errors,
  520 + 'results' => $results,
  521 + );
  522 + }
  523 +}
  524 +
432 525
433 class KTArrayValidator extends KTValidator { 526 class KTArrayValidator extends KTValidator {
434 var $sNamespace = 'ktcore.validators.array'; 527 var $sNamespace = 'ktcore.validators.array';
plugins/ktcore/document/Rename.php
  View file @3aaa6d6
@@ -77,7 +77,7 @@ class KTDocumentRenameAction extends KTDocumentAction { @@ -77,7 +77,7 @@ class KTDocumentRenameAction extends KTDocumentAction {
77 $fields = array(); 77 $fields = array();
78 78
79 $fields[] = new KTStaticTextWidget(_kt('Current file name'), _kt('The current file name is shown below:'), 'oldfilename', $this->oDocument->getFileName(), $this->oPage, false); 79 $fields[] = new KTStaticTextWidget(_kt('Current file name'), _kt('The current file name is shown below:'), 'oldfilename', $this->oDocument->getFileName(), $this->oPage, false);
80 - $fields[] = new KTStringWidget(_kt('New file name'), _kt('The name to which the current file should be renamed.'), 'filename', "", $this->oPage, true); 80 + $fields[] = new KTStringWidget(_kt('New file name'), _kt('The name to which the current file should be renamed.'), 'filename', $this->oDocument->getFileName(), $this->oPage, true);
81 81
82 $oTemplate->setData(array( 82 $oTemplate->setData(array(
83 'context' => &$this, 83 'context' => &$this,
@@ -95,6 +95,7 @@ class KTDocumentRenameAction extends KTDocumentAction { @@ -95,6 +95,7 @@ class KTDocumentRenameAction extends KTDocumentAction {
95 'max_str_len' => 255, 95 'max_str_len' => 255,
96 ); 96 );
97 $this->oValidator->validateString($sFilename, $aOptions); 97 $this->oValidator->validateString($sFilename, $aOptions);
  98 + $this->oValidator->validateIllegalCharacters($sFilename, $aOptions);
98 99
99 $res = KTDocumentUtil::rename($this->oDocument, $sFilename, $this->oUser); 100 $res = KTDocumentUtil::rename($this->oDocument, $sFilename, $this->oUser);
100 if (PEAR::isError($res)) { 101 if (PEAR::isError($res)) {
plugins/ktcore/folder/Rename.php
  View file @3aaa6d6
@@ -55,7 +55,7 @@ class KTFolderRenameAction extends KTFolderAction { @@ -55,7 +55,7 @@ class KTFolderRenameAction extends KTFolderAction {
55 $oTemplate =& $this->oValidator->validateTemplate('ktcore/folder/rename'); 55 $oTemplate =& $this->oValidator->validateTemplate('ktcore/folder/rename');
56 56
57 $fields = array(); 57 $fields = array();
58 - $fields[] = new KTStringWidget(_kt('New folder name'), _kt('The name to which the current folder should be renamed.'), 'foldername', "", $this->oPage, true); 58 + $fields[] = new KTStringWidget(_kt('New folder name'), _kt('The name to which the current folder should be renamed.'), 'foldername', $this->oFolder->getName(), $this->oPage, true);
59 59
60 $oTemplate->setData(array( 60 $oTemplate->setData(array(
61 'context' => &$this, 61 'context' => &$this,
@@ -72,6 +72,7 @@ class KTFolderRenameAction extends KTFolderAction { @@ -72,6 +72,7 @@ class KTFolderRenameAction extends KTFolderAction {
72 $sFolderName = KTUtil::arrayGet($_REQUEST, 'foldername'); 72 $sFolderName = KTUtil::arrayGet($_REQUEST, 'foldername');
73 $aErrorOptions['defaultmessage'] = _kt("No folder name given"); 73 $aErrorOptions['defaultmessage'] = _kt("No folder name given");
74 $sFolderName = $this->oValidator->validateString($sFolderName, $aErrorOptions); 74 $sFolderName = $this->oValidator->validateString($sFolderName, $aErrorOptions);
  75 + $sFolderName = $this->oValidator->validateIllegalCharacters($sFolderName, $aErrorOptions);
75 $sOldFolderName = $this->oFolder->getName(); 76 $sOldFolderName = $this->oFolder->getName();
76 77
77 if ($this->oFolder->getId() != 1) { 78 if ($this->oFolder->getId() != 1) {
plugins/ktcore/folder/addDocument.php
  View file @3aaa6d6
@@ -132,10 +132,18 @@ class KTFolderAddDocumentAction extends KTFolderAction { @@ -132,10 +132,18 @@ class KTFolderAddDocumentAction extends KTFolderAction {
132 'test' => 'file', 132 'test' => 'file',
133 'output' => 'file', 133 'output' => 'file',
134 )), 134 )),
  135 + array('ktcore.validators.fileillegalchar', array(
  136 + 'test' => 'file',
  137 + 'output' => 'file',
  138 + )),
135 array('ktcore.validators.string', array( 139 array('ktcore.validators.string', array(
136 'test' => 'document_name', 140 'test' => 'document_name',
137 'output' => 'document_name', 141 'output' => 'document_name',
138 )), 142 )),
  143 + array('ktcore.validators.illegal_char', array(
  144 + 'test' => 'document_name',
  145 + 'output' => 'document_name',
  146 + )),
139 array('ktcore.validators.entity', array( 147 array('ktcore.validators.entity', array(
140 'test' => 'document_type', 148 'test' => 'document_type',
141 'output' => 'document_type', 149 'output' => 'document_type',