Clean file path names on file creation (#624)
This commit is contained in:
Thomas Miceli
@@ -720,13 +720,17 @@ func (gist *Gist) ToDTO() (*GistDTO, error) {
|
||||
// -- DTO -- //
|
||||
|
||||
type GistDTO struct {
|
||||
Title string `validate:"max=250" form:"title"`
|
||||
Description string `validate:"max=1000" form:"description"`
|
||||
URL string `validate:"max=32,alphanumdashorempty" form:"url"`
|
||||
Files []FileDTO `validate:"min=1,dive"`
|
||||
Name []string `form:"name"`
|
||||
Content []string `form:"content"`
|
||||
Topics string `validate:"gisttopics" form:"topics"`
|
||||
Title string `validate:"max=250" form:"title"`
|
||||
Description string `validate:"max=1000" form:"description"`
|
||||
URL string `validate:"max=32,alphanumdashorempty" form:"url"`
|
||||
Files []FileDTO `validate:"min=1,dive"`
|
||||
Name []string `form:"name"`
|
||||
Content []string `form:"content"`
|
||||
Topics string `validate:"gisttopics" form:"topics"`
|
||||
UploadedFilesUUID []string `validate:"omitempty,dive,required,uuid" form:"uploadedfile_uuid"`
|
||||
UploadedFilesNames []string `validate:"omitempty,dive,required" form:"uploadedfile_filename"`
|
||||
BinaryFileOldName []string `form:"binary_old_name"`
|
||||
BinaryFileNewName []string `form:"binary_new_name"`
|
||||
VisibilityDTO
|
||||
}
|
||||
|
||||
|
||||
19
internal/git/file.go
Normal file
19
internal/git/file.go
Normal file
@@ -0,0 +1,19 @@
|
||||
package git
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func CleanTreePathName(s string) string {
|
||||
name := filepath.Base(s)
|
||||
|
||||
if name == "." || name == ".." {
|
||||
return ""
|
||||
}
|
||||
|
||||
name = strings.ReplaceAll(name, "/", "")
|
||||
name = strings.ReplaceAll(name, "\\", "")
|
||||
|
||||
return name
|
||||
}
|
||||
@@ -24,11 +24,6 @@ func Create(ctx *context.Context) error {
|
||||
func ProcessCreate(ctx *context.Context) error {
|
||||
isCreate := ctx.Request().URL.Path == "/"
|
||||
|
||||
err := ctx.Request().ParseForm()
|
||||
if err != nil {
|
||||
return ctx.ErrorRes(400, ctx.Tr("error.bad-request"), err)
|
||||
}
|
||||
|
||||
dto := new(db.GistDTO)
|
||||
var gist *db.Gist
|
||||
|
||||
@@ -39,25 +34,24 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
ctx.SetData("htmlTitle", ctx.TrH("gist.edit.edit-gist", gist.Title))
|
||||
}
|
||||
|
||||
if err := ctx.Bind(dto); err != nil {
|
||||
err := ctx.Bind(dto)
|
||||
if err != nil {
|
||||
return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
|
||||
}
|
||||
|
||||
dto.Files = make([]db.FileDTO, 0)
|
||||
fileCounter := 0
|
||||
|
||||
names := ctx.Request().PostForm["name"]
|
||||
contents := ctx.Request().PostForm["content"]
|
||||
names := dto.Name
|
||||
contents := dto.Content
|
||||
|
||||
// Process files from text editors
|
||||
for i, content := range contents {
|
||||
if content == "" {
|
||||
continue
|
||||
}
|
||||
name := names[i]
|
||||
name := git.CleanTreePathName(names[i])
|
||||
if name == "" {
|
||||
fileCounter += 1
|
||||
name = "gistfile" + strconv.Itoa(fileCounter) + ".txt"
|
||||
name = "gistfile" + strconv.Itoa(len(dto.Files)+1) + ".txt"
|
||||
}
|
||||
|
||||
escapedValue, err := url.PathUnescape(content)
|
||||
@@ -72,8 +66,8 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
}
|
||||
|
||||
// Process uploaded files from UUID arrays
|
||||
fileUUIDs := ctx.Request().PostForm["uploadedfile_uuid"]
|
||||
fileFilenames := ctx.Request().PostForm["uploadedfile_filename"]
|
||||
fileUUIDs := dto.UploadedFilesUUID
|
||||
fileFilenames := dto.UploadedFilesNames
|
||||
if len(fileUUIDs) == len(fileFilenames) {
|
||||
for i, fileUUID := range fileUUIDs {
|
||||
filePath := filepath.Join(filepath.Join(config.GetHomeDir(), "uploads"), fileUUID)
|
||||
@@ -82,8 +76,13 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
continue
|
||||
}
|
||||
|
||||
name := git.CleanTreePathName(fileFilenames[i])
|
||||
if name == "" {
|
||||
name = "gistfile" + strconv.Itoa(len(dto.Files)+1) + ".txt"
|
||||
}
|
||||
|
||||
dto.Files = append(dto.Files, db.FileDTO{
|
||||
Filename: fileFilenames[i],
|
||||
Filename: name,
|
||||
SourcePath: filePath,
|
||||
Content: "", // Empty since we're using SourcePath
|
||||
})
|
||||
@@ -91,11 +90,11 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
}
|
||||
|
||||
// Process binary file operations (edit mode)
|
||||
binaryOldNames := ctx.Request().PostForm["binary_old_name"]
|
||||
binaryNewNames := ctx.Request().PostForm["binary_new_name"]
|
||||
binaryOldNames := dto.BinaryFileOldName
|
||||
binaryNewNames := dto.BinaryFileNewName
|
||||
if len(binaryOldNames) == len(binaryNewNames) {
|
||||
for i, oldName := range binaryOldNames {
|
||||
newName := binaryNewNames[i]
|
||||
newName := git.CleanTreePathName(binaryNewNames[i])
|
||||
|
||||
if newName == "" { // deletion
|
||||
continue
|
||||
|
||||
Reference in New Issue
Block a user