Peter M. Groen / knowledgetree

Commit bd9685936fb8c568f3cc85d86149074fd82b9a42

Authored by conradverm
1 parent f47d81b4

KTS-2742 

"Create/identify a function to test for acceptable characters that should be supported in file names and folder names."
Fixed.

Committed By: Conrad Vermeulen
Reviewed By: Megan Watson

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8084 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 5 changed files with 61 additions and 7 deletions
ktapi/KTAPIDocument.inc.php
  View file @bd96859
@@ -159,6 +159,8 @@ class KTAPI_Document extends KTAPI_FolderItem @@ -159,6 +159,8 @@ class KTAPI_Document extends KTAPI_FolderItem
159 return new PEAR_Error(KTAPI_ERROR_DOCUMENT_NOT_CHECKED_OUT); 159 return new PEAR_Error(KTAPI_ERROR_DOCUMENT_NOT_CHECKED_OUT);
160 } 160 }
161 161
  162 + $filename = KTUtil::replaceInvalidCharacters($filename);
  163 +
162 $options = array('major_update'=>$major_update); 164 $options = array('major_update'=>$major_update);
163 165
164 $currentfilename = $this->document->getFileName(); 166 $currentfilename = $this->document->getFileName();
@@ -664,6 +666,7 @@ class KTAPI_Document extends KTAPI_FolderItem @@ -664,6 +666,7 @@ class KTAPI_Document extends KTAPI_FolderItem
664 { 666 {
665 return $user; 667 return $user;
666 } 668 }
  669 + $newname = KTUtil::replaceInvalidCharacters($newname);
667 670
668 DBUtil::startTransaction(); 671 DBUtil::startTransaction();
669 $res = KTDocumentUtil::rename($this->document, $newname, $user); 672 $res = KTDocumentUtil::rename($this->document, $newname, $user);
@@ -743,6 +746,7 @@ class KTAPI_Document extends KTAPI_FolderItem @@ -743,6 +746,7 @@ class KTAPI_Document extends KTAPI_FolderItem
743 { 746 {
744 return $user; 747 return $user;
745 } 748 }
  749 + $newname = KTUtil::replaceInvalidCharacters($newname);
746 750
747 if ($this->document->getName() != $newname) 751 if ($this->document->getName() != $newname)
748 { 752 {
@@ -1164,6 +1168,7 @@ class KTAPI_Document extends KTAPI_FolderItem @@ -1164,6 +1168,7 @@ class KTAPI_Document extends KTAPI_FolderItem
1164 $documents['immutable'] = in_array(strtolower($value), array('1','true','on','yes'))?'1':'0'; 1168 $documents['immutable'] = in_array(strtolower($value), array('1','true','on','yes'))?'1':'0';
1165 break; 1169 break;
1166 case 'filename': 1170 case 'filename':
  1171 + $value = KTUtil::replaceInvalidCharacters($value);
1167 $document_content['filename'] = $value; 1172 $document_content['filename'] = $value;
1168 break; 1173 break;
1169 case 'major_version': 1174 case 'major_version':
ktapi/KTAPIFolder.inc.php
  View file @bd96859
@@ -180,6 +180,7 @@ class KTAPI_Folder extends KTAPI_FolderItem @@ -180,6 +180,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
180 { 180 {
181 continue; 181 continue;
182 } 182 }
  183 + $foldername = KTUtil::replaceInvalidCharacters($foldername);
183 $foldername = sanitizeForSQL($foldername); 184 $foldername = sanitizeForSQL($foldername);
184 $sql = "SELECT id FROM folders WHERE 185 $sql = "SELECT id FROM folders WHERE
185 (name='$foldername' and parent_id=$folderid) OR 186 (name='$foldername' and parent_id=$folderid) OR
@@ -234,6 +235,7 @@ class KTAPI_Folder extends KTAPI_FolderItem @@ -234,6 +235,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
234 235
235 $foldername = dirname($documentname); 236 $foldername = dirname($documentname);
236 $documentname = basename($documentname); 237 $documentname = basename($documentname);
  238 + $documentname = KTUtil::replaceInvalidCharacters($documentname);
237 239
238 $ktapi_folder = $this; 240 $ktapi_folder = $this;
239 241
@@ -592,7 +594,9 @@ class KTAPI_Folder extends KTAPI_FolderItem @@ -592,7 +594,9 @@ class KTAPI_Folder extends KTAPI_FolderItem
592 return $user; 594 return $user;
593 } 595 }
594 596
  597 + $title = KTUtil::replaceInvalidCharacters($title);
595 $filename = basename($filename); 598 $filename = basename($filename);
  599 + $filename = KTUtil::replaceInvalidCharacters($filename);
596 $documenttypeid = KTAPI::get_documenttypeid($documenttype); 600 $documenttypeid = KTAPI::get_documenttypeid($documenttype);
597 if (PEAR::isError($documenttypeid)) 601 if (PEAR::isError($documenttypeid))
598 { 602 {
@@ -649,6 +653,7 @@ class KTAPI_Folder extends KTAPI_FolderItem @@ -649,6 +653,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
649 { 653 {
650 return $user; 654 return $user;
651 } 655 }
  656 + $foldername = KTUtil::replaceInvalidCharacters($foldername);
652 657
653 DBUtil::startTransaction(); 658 DBUtil::startTransaction();
654 $result = KTFolderUtil::add($this->folder, $foldername, $user); 659 $result = KTFolderUtil::add($this->folder, $foldername, $user);
@@ -705,6 +710,7 @@ class KTAPI_Folder extends KTAPI_FolderItem @@ -705,6 +710,7 @@ class KTAPI_Folder extends KTAPI_FolderItem
705 { 710 {
706 return $user; 711 return $user;
707 } 712 }
  713 + $newname = KTUtil::replaceInvalidCharacters($newname);
708 714
709 DBUtil::startTransaction(); 715 DBUtil::startTransaction();
710 $result = KTFolderUtil::rename($this->folder, $newname, $user); 716 $result = KTFolderUtil::rename($this->folder, $newname, $user);
ktwebservice/nunit/document_rename.cs
  View file @bd96859
@@ -35,6 +35,14 @@ namespace MonoTests.KnowledgeTree @@ -35,6 +35,14 @@ namespace MonoTests.KnowledgeTree
35 response = this._kt.rename_document_title(this._session, this._doc1.docId, "test title"); 35 response = this._kt.rename_document_title(this._session, this._doc1.docId, "test title");
36 Assert.AreEqual(0, response.status_code); 36 Assert.AreEqual(0, response.status_code);
37 Assert.AreEqual("test title", response.title); 37 Assert.AreEqual("test title", response.title);
38 - } 38 + }
  39 +
  40 + [Test]
  41 + public void RenameWithInvalidCharactersTest()
  42 + {
  43 + kt_document_detail response = this._kt.rename_document_filename(this._session, this._doc1.docId, "te<s'`me");
  44 + Assert.AreEqual(0, response.status_code);
  45 + Assert.AreEqual("te-s--me", response.filename);
  46 + }
39 } 47 }
40 } 48 }
ktwebservice/nunit/folder.cs
  View file @bd96859
@@ -99,9 +99,9 @@ namespace MonoTests.KnowledgeTree @@ -99,9 +99,9 @@ namespace MonoTests.KnowledgeTree
99 kt_folder_detail response2 = this._kt.get_folder_detail(this._session, this._subfolder_id); 99 kt_folder_detail response2 = this._kt.get_folder_detail(this._session, this._subfolder_id);
100 Assert.AreEqual(0, response2.status_code); 100 Assert.AreEqual(0, response2.status_code);
101 Assert.AreEqual(this._subfolder_id, response2.id); 101 Assert.AreEqual(this._subfolder_id, response2.id);
102 - Assert.AreEqual("subfolde'r2", response2.folder_name); 102 + Assert.AreEqual("subfolde-r2", response2.folder_name);
103 Assert.AreEqual(this._folder_id, response2.parent_id); 103 Assert.AreEqual(this._folder_id, response2.parent_id);
104 - Assert.AreEqual("kt_unit_test/subfolde'r2", response2.full_path); 104 + Assert.AreEqual("kt_unit_test/subfolde-r2", response2.full_path);
105 } 105 }
106 106
107 [Test] 107 [Test]
@@ -120,15 +120,16 @@ namespace MonoTests.KnowledgeTree @@ -120,15 +120,16 @@ namespace MonoTests.KnowledgeTree
120 120
121 response = this._kt.create_folder(this._session, 1, "kt ' unit \" test"); 121 response = this._kt.create_folder(this._session, 1, "kt ' unit \" test");
122 Assert.AreEqual(0,response.status_code); 122 Assert.AreEqual(0,response.status_code);
123 - Assert.AreEqual("kt ' unit \" test",response.folder_name); 123 + Assert.AreEqual("kt - unit - test",response.folder_name);
124 124
  125 + // this fails because the previous folder makes a folder with the same name because of invalid character substitution
125 response = this._kt.create_folder(this._session, 1, "kt - unit - test"); 126 response = this._kt.create_folder(this._session, 1, "kt - unit - test");
126 - Assert.AreEqual(0,response.status_code);  
127 - Assert.AreEqual("kt - unit - test",response.folder_name); 127 + Assert.AreEqual(22,response.status_code);
  128 +// Assert.AreEqual("kt - unit - test",response.folder_name);
128 129
129 response = this._kt.get_folder_detail_by_name(this._session, "/kt ' unit \" test"); 130 response = this._kt.get_folder_detail_by_name(this._session, "/kt ' unit \" test");
130 Assert.AreEqual(0,response.status_code); 131 Assert.AreEqual(0,response.status_code);
131 - Assert.AreEqual("kt ' unit \" test",response.folder_name); 132 + Assert.AreEqual("kt - unit - test",response.folder_name);
132 } 133 }
133 134
134 [Test] 135 [Test]
lib/util/ktutil.inc
  View file @bd96859
@@ -117,6 +117,40 @@ class KTUtil { @@ -117,6 +117,40 @@ class KTUtil {
117 } 117 }
118 } 118 }
119 119
  120 +
  121 +
  122 + static $invalidFilenameCharacters = array('\\','/',':','*','?','"','<','>','|','%','+','\'','`');
  123 +
  124 + /**
  125 + * Checks if a filename is valid
  126 + *
  127 + * @param string $filename
  128 + * @return boolean
  129 + */
  130 + static function isValidFilename($filename)
  131 + {
  132 + foreach(KTUtil::$invalidFilenameCharacters as $char)
  133 + {
  134 + if (strpos($filename, $char) !== false)
  135 + {
  136 + return false;
  137 + }
  138 + }
  139 +
  140 + return true;
  141 + }
  142 +
  143 + static function replaceInvalidCharacters($filename)
  144 + {
  145 + foreach(KTUtil::$invalidFilenameCharacters as $char)
  146 + {
  147 + $filename = str_replace($char, '-', $filename);
  148 + }
  149 +
  150 + return $filename;
  151 + }
  152 +
  153 +
120 function extractGPC () { 154 function extractGPC () {
121 foreach (func_get_args() as $var) { 155 foreach (func_get_args() as $var) {
122 if (array_key_exists($var, $_REQUEST)) { 156 if (array_key_exists($var, $_REQUEST)) {