From bd9685936fb8c568f3cc85d86149074fd82b9a42 Mon Sep 17 00:00:00 2001
From: conradverm <conradverm@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Mon, 18 Feb 2008 13:48:55 +0000
Subject: [PATCH] KTS-2742 "Create/identify a function to test for acceptable characters that should be supported in file names and folder names." Fixed.

---
 ktapi/KTAPIDocument.inc.php           |  5 +++++
 ktapi/KTAPIFolder.inc.php             |  6 ++++++
 ktwebservice/nunit/document_rename.cs | 10 +++++++++-
 ktwebservice/nunit/folder.cs          | 13 +++++++------
 lib/util/ktutil.inc                   | 34 ++++++++++++++++++++++++++++++++++
 5 files changed, 61 insertions(+), 7 deletions(-)

diff --git a/ktapi/KTAPIDocument.inc.php b/ktapi/KTAPIDocument.inc.php
index 99e9c4f..d8ad531 100644
--- a/ktapi/KTAPIDocument.inc.php
+++ b/ktapi/KTAPIDocument.inc.php
@@ -159,6 +159,8 @@ class KTAPI_Document extends KTAPI_FolderItem
 			return new PEAR_Error(KTAPI_ERROR_DOCUMENT_NOT_CHECKED_OUT);
 		}
 
+		$filename = KTUtil::replaceInvalidCharacters($filename);
+
 		$options = array('major_update'=>$major_update);
 
 		$currentfilename = $this->document->getFileName();
@@ -664,6 +666,7 @@ class KTAPI_Document extends KTAPI_FolderItem
 		{
 			return $user;
 		}
+		$newname = KTUtil::replaceInvalidCharacters($newname);
 
 		DBUtil::startTransaction();
 		$res = KTDocumentUtil::rename($this->document, $newname, $user);
@@ -743,6 +746,7 @@ class KTAPI_Document extends KTAPI_FolderItem
 		{
 			return $user;
 		}
+		$newname = KTUtil::replaceInvalidCharacters($newname);
 
 		if ($this->document->getName() != $newname)
 		{
@@ -1164,6 +1168,7 @@ class KTAPI_Document extends KTAPI_FolderItem
 					$documents['immutable'] = in_array(strtolower($value), array('1','true','on','yes'))?'1':'0';
 					break;
 				case 'filename':
+					$value = KTUtil::replaceInvalidCharacters($value);
 					$document_content['filename'] = $value;
 					break;
 				case 'major_version':
diff --git a/ktapi/KTAPIFolder.inc.php b/ktapi/KTAPIFolder.inc.php
index aa49c9f..739c4e2 100644
--- a/ktapi/KTAPIFolder.inc.php
+++ b/ktapi/KTAPIFolder.inc.php
@@ -180,6 +180,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
 			{
 				continue;
 			}
+			$foldername = KTUtil::replaceInvalidCharacters($foldername);
 			$foldername = sanitizeForSQL($foldername);
 			$sql = "SELECT id FROM folders WHERE
 					(name='$foldername' and parent_id=$folderid) OR
@@ -234,6 +235,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
 
 		$foldername = dirname($documentname);
 		$documentname = basename($documentname);
+		$documentname = KTUtil::replaceInvalidCharacters($documentname);
 
 		$ktapi_folder = $this;
 
@@ -592,7 +594,9 @@ class KTAPI_Folder extends KTAPI_FolderItem
 			return $user;
 		}
 
+		$title = KTUtil::replaceInvalidCharacters($title);
 		$filename = basename($filename);
+		$filename = KTUtil::replaceInvalidCharacters($filename);
 		$documenttypeid = KTAPI::get_documenttypeid($documenttype);
 		if (PEAR::isError($documenttypeid))
 		{
@@ -649,6 +653,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
 		{
 			return $user;
 		}
+		$foldername = KTUtil::replaceInvalidCharacters($foldername);
 
 		DBUtil::startTransaction();
 		$result = KTFolderUtil::add($this->folder, $foldername, $user);
@@ -705,6 +710,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
 		{
 			return $user;
 		}
+		$newname = KTUtil::replaceInvalidCharacters($newname);
 
 		DBUtil::startTransaction();
 		$result = KTFolderUtil::rename($this->folder, $newname, $user);
diff --git a/ktwebservice/nunit/document_rename.cs b/ktwebservice/nunit/document_rename.cs
index 656bec0..825b21e 100644
--- a/ktwebservice/nunit/document_rename.cs
+++ b/ktwebservice/nunit/document_rename.cs
@@ -35,6 +35,14 @@ namespace MonoTests.KnowledgeTree
 			response = this._kt.rename_document_title(this._session, this._doc1.docId, "test title");
 			Assert.AreEqual(0, response.status_code);
 			Assert.AreEqual("test title", response.title);
-	    	}
+	    }
+
+	    [Test]
+		public void RenameWithInvalidCharactersTest()
+		{
+			kt_document_detail response = this._kt.rename_document_filename(this._session, this._doc1.docId, "te<s'`me");
+			Assert.AreEqual(0, response.status_code);
+			Assert.AreEqual("te-s--me", response.filename);
+	    }
 	}
 }
diff --git a/ktwebservice/nunit/folder.cs b/ktwebservice/nunit/folder.cs
index 6d4d8eb..20b1495 100644
--- a/ktwebservice/nunit/folder.cs
+++ b/ktwebservice/nunit/folder.cs
@@ -99,9 +99,9 @@ namespace MonoTests.KnowledgeTree
 			kt_folder_detail response2 = this._kt.get_folder_detail(this._session, this._subfolder_id);
 			Assert.AreEqual(0, response2.status_code);
 			Assert.AreEqual(this._subfolder_id, response2.id);
-			Assert.AreEqual("subfolde'r2", response2.folder_name);
+			Assert.AreEqual("subfolde-r2", response2.folder_name);
 			Assert.AreEqual(this._folder_id, response2.parent_id);
-			Assert.AreEqual("kt_unit_test/subfolde'r2", response2.full_path);
+			Assert.AreEqual("kt_unit_test/subfolde-r2", response2.full_path);
 	    }
 
 		[Test]
@@ -120,15 +120,16 @@ namespace MonoTests.KnowledgeTree
 
 	    		response = this._kt.create_folder(this._session, 1, "kt ' unit \" test");
 		       	Assert.AreEqual(0,response.status_code);
-		       	Assert.AreEqual("kt ' unit \" test",response.folder_name);
+		       	Assert.AreEqual("kt - unit - test",response.folder_name);
 
+		       	// this fails because the previous folder makes a folder with the same name because of invalid character substitution
 	    		response = this._kt.create_folder(this._session, 1, "kt - unit - test");
-		       	Assert.AreEqual(0,response.status_code);
-		       	Assert.AreEqual("kt - unit - test",response.folder_name);
+		       	Assert.AreEqual(22,response.status_code);
+//		       	Assert.AreEqual("kt - unit - test",response.folder_name);
 
 		       	response = this._kt.get_folder_detail_by_name(this._session, "/kt ' unit \" test");
 		       	Assert.AreEqual(0,response.status_code);
-		       	Assert.AreEqual("kt ' unit \" test",response.folder_name);
+		       	Assert.AreEqual("kt - unit - test",response.folder_name);
 		}
 
 		[Test]
diff --git a/lib/util/ktutil.inc b/lib/util/ktutil.inc
index d69ef1a..1596777 100644
--- a/lib/util/ktutil.inc
+++ b/lib/util/ktutil.inc
@@ -117,6 +117,40 @@ class KTUtil {
 		}
 	}
 
+
+
+	static $invalidFilenameCharacters = array('\\','/',':','*','?','"','<','>','|','%','+','\'','`');
+
+	/**
+	 * Checks if a filename is valid
+	 *
+	 * @param string $filename
+	 * @return boolean
+	 */
+	static function isValidFilename($filename)
+	{
+		foreach(KTUtil::$invalidFilenameCharacters as $char)
+		{
+			if (strpos($filename, $char) !== false)
+			{
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	static function replaceInvalidCharacters($filename)
+	{
+		foreach(KTUtil::$invalidFilenameCharacters as $char)
+		{
+			$filename = str_replace($char, '-', $filename);
+		}
+
+		return $filename;
+	}
+
+
     function extractGPC () {
         foreach (func_get_args() as $var) {
             if (array_key_exists($var, $_REQUEST)) {
--
libgit2 0.21.4