Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Add additional reserved names and characters

Browse Source 
Added CONIN$,CONOUT$ and characters <>:"/\|?*

Added .Split('.')[0] to folder.Name to catch names like CON.txt and allow names like CONTRACT.
This commit is contained in:
Jim Spillane
2020-05-12 22:38:28 -04:00
parent a886ae12cc
commit 1cca18c4d2
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Oqtane.Server/Controllers/FolderController.cs
View File

@ -214,7 +214,8 @@ namespace Oqtane.Controllers
private bool FolderPathValid(Folder folder)
{
// prevent folder path traversal and reserved devices
return (!folder.Name.Contains("\\") && !folder.Name.Contains("/") && !Constants.ReservedDevices.Split(',').Contains(folder.Name.ToUpper()));
return (folder.Name.IndexOfAny(@"<>:""/\|?*".ToCharArray()) == -1 &&
!Constants.ReservedDevices.Split(',').Contains(folder.Name.ToUpper().Split('.')[0]));
}
}
}
}