Add additional reserved names and characters

Added CONIN$,CONOUT$ and characters <>:"/\|?* Added .Split('.')[0] to folder.Name to catch names like CON.txt and allow names like CONTRACT.
2020-05-12 22:38:28 -04:00 · 2020-05-12 22:38:28 -04:00 · 1cca18c4d2
commit 1cca18c4d2
parent a886ae12cc
2 changed files with 4 additions and 3 deletions
--- a/Oqtane.Server/Controllers/FolderController.cs
+++ b/Oqtane.Server/Controllers/FolderController.cs
@ -214,7 +214,8 @@ namespace Oqtane.Controllers
        private bool FolderPathValid(Folder folder)
        {
            // prevent folder path traversal and reserved devices
-            return (!folder.Name.Contains("\\") && !folder.Name.Contains("/") && !Constants.ReservedDevices.Split(',').Contains(folder.Name.ToUpper()));
+            return (folder.Name.IndexOfAny(@"<>:""/\|?*".ToCharArray()) == -1 && 
+                    !Constants.ReservedDevices.Split(',').Contains(folder.Name.ToUpper().Split('.')[0]));
        }
    }
 }
--- a/Oqtane.Shared/Shared/Constants.cs
+++ b/Oqtane.Shared/Shared/Constants.cs
@ -43,6 +43,6 @@

        public const string ImageFiles = "jpg,jpeg,jpe,gif,bmp,png";
        public const string UploadableFiles = "jpg,jpeg,jpe,gif,bmp,png,mov,wmv,avi,mp4,mp3,doc,docx,xls,xlsx,ppt,pptx,pdf,txt,zip,nupkg";
-        public const string ReservedDevices = "CON,NUL,PRN,COM1,COM2,COM3,COM4,COM5,COM6,COM7,COM8,COM9,LPT1,LPT2,LPT3,LPT4,LPT5,LPT6,LPT7,LPT8,LPT9";
+        public const string ReservedDevices = "CON,NUL,PRN,COM1,COM2,COM3,COM4,COM5,COM6,COM7,COM8,COM9,LPT1,LPT2,LPT3,LPT4,LPT5,LPT6,LPT7,LPT8,LPT9,CONIN$,CONOUT$";
    }
 }