Add "control code" and "trailing space" to alias validation

This commit is contained in:
Anthony Fok 2015-09-14 12:18:54 -06:00
parent f5308da320
commit 3679fe6712
2 changed files with 17 additions and 6 deletions

View file

@ -30,6 +30,9 @@ func TestHTMLRedirectAlias(t *testing.T) {
{"/foo/../../../../tmp/passwd", filepath.FromSlash("tmp/passwd/index.html"), true}, {"/foo/../../../../tmp/passwd", filepath.FromSlash("tmp/passwd/index.html"), true},
{"foo/../../../../tmp/passwd", "", false}, {"foo/../../../../tmp/passwd", "", false},
{"C:\\Windows", filepath.FromSlash("C:\\Windows/index.html"), errIsNilForThisOS}, {"C:\\Windows", filepath.FromSlash("C:\\Windows/index.html"), errIsNilForThisOS},
{"/trailing-space /", filepath.FromSlash("trailing-space /index.html"), errIsNilForThisOS},
{"/trailing-period./", filepath.FromSlash("trailing-period./index.html"), errIsNilForThisOS},
{"/tab\tseparated/", filepath.FromSlash("tab\tseparated/index.html"), errIsNilForThisOS},
{"/chrome/?p=help&ctx=keyboard#topic=3227046", filepath.FromSlash("chrome/?p=help&ctx=keyboard#topic=3227046/index.html"), errIsNilForThisOS}, {"/chrome/?p=help&ctx=keyboard#topic=3227046", filepath.FromSlash("chrome/?p=help&ctx=keyboard#topic=3227046/index.html"), errIsNilForThisOS},
{"/LPT1/Printer/", filepath.FromSlash("LPT1/Printer/index.html"), errIsNilForThisOS}, {"/LPT1/Printer/", filepath.FromSlash("LPT1/Printer/index.html"), errIsNilForThisOS},
} }

View file

@ -52,19 +52,27 @@ func (h *HTMLRedirectAlias) Translate(alias string) (aliasPath string, err error
return "", fmt.Errorf("Alias \"%s\" traverses outside the website root directory", originalAlias) return "", fmt.Errorf("Alias \"%s\" traverses outside the website root directory", originalAlias)
} }
// Handle Windows filename restrictions // Handle Windows file and directory naming restrictions
// See "Naming Files, Paths, and Namespaces" on MSDN
// https://msdn.microsoft.com/en-us/library/aa365247%28v=VS.85%29.aspx?f=255&MSPPError=-2147217396
msgs := []string{} msgs := []string{}
reservedNames := []string{"CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9"} reservedNames := []string{"CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9"}
if strings.ContainsAny(alias, ":*?\"<>|") { if strings.ContainsAny(alias, ":*?\"<>|") {
msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains invalid characters in a filename on Windows: : * ? \" < > |", originalAlias)) msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains invalid characters on Windows: : * ? \" < > |", originalAlias))
} }
for _, c := range components { for _, ch := range alias {
if strings.HasSuffix(c, ".") { if ch < ' ' {
msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with trailing period, invalid on Windows", originalAlias)) msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains ASCII control code (0x00 to 0x1F), invalid on Windows: : * ? \" < > |", originalAlias))
continue
}
}
for _, comp := range components {
if strings.HasSuffix(comp, " ") || strings.HasSuffix(comp, ".") {
msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with a trailing space or period, problematic on Windows", originalAlias))
} }
for _, r := range reservedNames { for _, r := range reservedNames {
if c == r { if comp == r {
msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with reserved name \"%s\" on Windows", originalAlias, r)) msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with reserved name \"%s\" on Windows", originalAlias, r))
} }
} }