CLOUD: Handle paths in marked places
Paths containing '../' are forbidden to use in Files Manager. There is also a special inner black list of paths which are not used and a check that specified path is under "savepath" or "rootpath" (from "cloud" domain).
This commit is contained in:
Alexander Tkachev
parent
dd9e5a95dc
commit
acfa1d1f10
9 changed files with 132 additions and 19 deletions
|
|
@ -127,13 +127,18 @@ void UploadFileClientHandler::handleBlockHeaders(Client *client) {
|
|||
if (filename.empty())
|
||||
return;
|
||||
|
||||
// TODO: handle <filename>, <path> + <filename>
|
||||
if (HandlerUtils::hasForbiddenCombinations(filename))
|
||||
return;
|
||||
|
||||
// check that <path>/<filename> doesn't exist
|
||||
Common::String path = _parentDirectoryPath;
|
||||
if (path.lastChar() != '/' && path.lastChar() != '\\')
|
||||
path += '/';
|
||||
AbstractFSNode *originalNode = g_system->getFilesystemFactory()->makeFileNodePath(path + filename);
|
||||
if (!HandlerUtils::permittedPath(originalNode->getPath())) {
|
||||
setErrorMessageHandler(*client, _("Invalid path!"));
|
||||
return;
|
||||
}
|
||||
if (originalNode->exists()) {
|
||||
setErrorMessageHandler(*client, _("There is a file with that name in the parent directory!"));
|
||||
return;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue