Skip to content

GitLab

A
appinventor-sources
Commit e5ad2bfd authored by Andrew F. McKinney's avatar Andrew F. McKinney
Browse files
Options

Moved rietveld issue 43001 Protect against invalid file names to github

parent d89d9325
Hide whitespace changes
Inline Side-by-side
Showing with 44 additions and 3 deletions
appinventor/appengine/src/com/google/appinventor/client/OdeMessages.java
View file @ e5ad2bfd
...@@ -881,6 +881,10 @@ public interface OdeMessages extends Messages { ...@@ -881,6 +881,10 @@ public interface OdeMessages extends Messages {
@Description("Error message when file name contains characters that would require URL encoding.") @Description("Error message when file name contains characters that would require URL encoding.")
String malformedFilename(); String malformedFilename();
@DefaultMessage("File names must be between 1 and 100 characters.")
@Description("Error message when filenames are 0 or 101+ characters long")
String filenameBadSize();
@DefaultMessage("Uploading {0} to the App Inventor server") @DefaultMessage("Uploading {0} to the App Inventor server")
@Description("Message displayed when an asset is uploaded.") @Description("Message displayed when an asset is uploaded.")
String fileUploadingMessage(String filename); String fileUploadingMessage(String filename);
......
appinventor/appengine/src/com/google/appinventor/client/wizards/FileUploadWizard.java
View file @ e5ad2bfd
...@@ -11,6 +11,7 @@ import com.google.appinventor.client.explorer.project.Project; ...@@ -11,6 +11,7 @@ import com.google.appinventor.client.explorer.project.Project;
import com.google.appinventor.client.output.OdeLog; import com.google.appinventor.client.output.OdeLog;
import com.google.appinventor.client.utils.Uploader; import com.google.appinventor.client.utils.Uploader;
import com.google.appinventor.client.youngandroid.CodeblocksManager; import com.google.appinventor.client.youngandroid.CodeblocksManager;
import com.google.appinventor.client.youngandroid.TextValidators;
import com.google.appinventor.shared.rpc.ServerLayout; import com.google.appinventor.shared.rpc.ServerLayout;
import com.google.appinventor.shared.rpc.UploadResponse; import com.google.appinventor.shared.rpc.UploadResponse;
import com.google.appinventor.shared.rpc.project.FileNode; import com.google.appinventor.shared.rpc.project.FileNode;
...@@ -79,9 +80,12 @@ public class FileUploadWizard extends Wizard { ...@@ -79,9 +80,12 @@ public class FileUploadWizard extends Wizard {
String uploadFilename = upload.getFilename(); String uploadFilename = upload.getFilename();
if (!uploadFilename.isEmpty()) { if (!uploadFilename.isEmpty()) {
final String filename = makeValidFilename(uploadFilename); final String filename = makeValidFilename(uploadFilename);
if(filename.contains("'")||!filename.equals(URL.encodeComponent(filename))){ if(!TextValidators.isValidCharFilename(filename)){
Window.alert(MESSAGES.malformedFilename()); Window.alert(MESSAGES.malformedFilename());
return; return;
} else if (!TextValidators.isValidLengthFilename(filename)){
Window.alert(MESSAGES.filenameBadSize());
return;
} }
if (fileAlreadyExists(folderNode, filename)) { if (fileAlreadyExists(folderNode, filename)) {
if (!confirmOverwrite(folderNode, filename)) { if (!confirmOverwrite(folderNode, filename)) {
......
appinventor/appengine/src/com/google/appinventor/client/youngandroid/TextValidators.java
View file @ e5ad2bfd
...@@ -4,12 +4,16 @@ package com.google.appinventor.client.youngandroid; ...@@ -4,12 +4,16 @@ package com.google.appinventor.client.youngandroid;
import com.google.appinventor.client.Ode; import com.google.appinventor.client.Ode;
import static com.google.appinventor.client.Ode.MESSAGES; import static com.google.appinventor.client.Ode.MESSAGES;
import com.google.gwt.http.client.URL;
import com.google.gwt.user.client.Window; import com.google.gwt.user.client.Window;
/** /**
*/ */
public final class TextValidators { public final class TextValidators {
private static final int MAX_FILENAME_SIZE = 100;
private static final int MIN_FILENAME_SIZE = 1;
// This class should never be instantiated. // This class should never be instantiated.
private TextValidators() {} private TextValidators() {}
...@@ -51,4 +55,33 @@ public final class TextValidators { ...@@ -51,4 +55,33 @@ public final class TextValidators {
public static boolean isValidIdentifier(String text) { public static boolean isValidIdentifier(String text) {
return text.matches("^[a-zA-Z]\\w*$"); return text.matches("^[a-zA-Z]\\w*$");
} }
/**
* Checks whether the argument is a legal filename, meaning
* it is unchanged by URL encoding and it meets the aapt
* requirements as follows:
* - all characters must be 7-bit printable ASCII
* - none of { '/' '\\' ':' }
* @param filename The filename (not path) of uploaded file
* @return {@code true} if the argument is a legal filename, {@code false}
* otherwise
*/
public static boolean isValidCharFilename(String filename){
return !filename.contains("'") && filename.equals(URL.encodePathSegment(filename));
}
/**
* Checks whether the argument is a filename which meets the length
* requirement imposed by aapt, which is:
* - the filename length must be less than kMaxAssetFileName bytes long
* (and can't be empty)
* where kMaxAssetFileName is defined to be 100.
* (A legal name, therefore, has length <= kMaxAssetFileNames)
* @param filename The filename (not path) of uploaded file
* @return {@code true} if the length of the argument is legal, {@code false}
* otherwise
*/
public static boolean isValidLengthFilename(String filename){
return !(filename.length() > MAX_FILENAME_SIZE || filename.length() < MIN_FILENAME_SIZE);
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment