Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge pull request #484 from jimspillane/MoveFolderValidationToShared

Browse Source 
Move Path and File validation to Shared Utilities
This commit is contained in:
Shaun Walker
2020-05-15 09:47:37 -04:00
committed by GitHub
parent b3dee737b4 39641804f1
commit 0ea4c4d723
3 changed files with 73 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Oqtane.Server/Controllers/FolderController.cs
View File

@ -105,7 +105,7 @@ namespace Oqtane.Controllers
}
if (_userPermissions.IsAuthorized(User, PermissionNames.Edit, permissions))
{
if (FolderPathValid(folder))
if (folder.IsPathValid())
{
if (string.IsNullOrEmpty(folder.Path) && folder.ParentId != null)
{
@ -140,7 +140,7 @@ namespace Oqtane.Controllers
{
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Folder, folder.FolderId, PermissionNames.Edit))
{
if (FolderPathValid(folder))
if (folder.IsPathValid())
{
if (string.IsNullOrEmpty(folder.Path) && folder.ParentId != null)
{
@ -210,13 +210,5 @@ namespace Oqtane.Controllers
HttpContext.Response.StatusCode = 401;
}
}
private bool FolderPathValid(Folder folder)
{
// prevent folder path traversal and reserved devices
return (folder.Name.IndexOfAny(Constants.InvalidFileNameChars) == -1 &&
!Constants.InvalidFileNameEndingChars.Any(x => folder.Name.EndsWith(x)) &&
!Constants.ReservedDevices.Split(',').Contains(folder.Name.ToUpper().Split('.')[0]));
}
}
}