mirror of
https://github.com/schollz/croc.git
synced 2024-11-28 01:16:10 +03:00
escape filenames that have invisible characters while allowing other languages
Fixes #712
This commit is contained in:
parent
dff34fa7fc
commit
a2e71c7e1a
@ -1209,8 +1209,7 @@ func (c *Client) processMessageFileInfo(m message.Message) (done bool, err error
|
|||||||
if strings.Contains(c.FilesToTransfer[i].FolderRemote, ".ssh") {
|
if strings.Contains(c.FilesToTransfer[i].FolderRemote, ".ssh") {
|
||||||
return true, fmt.Errorf("invalid path detected: '%s'", fi.FolderRemote)
|
return true, fmt.Errorf("invalid path detected: '%s'", fi.FolderRemote)
|
||||||
}
|
}
|
||||||
// Issue #595 - disallow filenames with anything but 0-9a-zA-Z.-_. and / characters
|
// Issue #595 - disallow filenames with invisible characters
|
||||||
|
|
||||||
if !utils.ValidFileName(path.Join(c.FilesToTransfer[i].FolderRemote, fi.Name)) {
|
if !utils.ValidFileName(path.Join(c.FilesToTransfer[i].FolderRemote, fi.Name)) {
|
||||||
return true, fmt.Errorf("invalid filename detected: '%s'", fi.Name)
|
return true, fmt.Errorf("invalid filename detected: '%s'", fi.Name)
|
||||||
}
|
}
|
||||||
|
@ -21,6 +21,7 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
"unicode"
|
||||||
|
|
||||||
"github.com/cespare/xxhash"
|
"github.com/cespare/xxhash"
|
||||||
"github.com/kalafut/imohash"
|
"github.com/kalafut/imohash"
|
||||||
@ -485,16 +486,21 @@ func UnzipDirectory(destination string, source string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ValidFileName checks if a filename is valid
|
// ValidFileName checks if a filename is valid
|
||||||
// and returns true only if it all of the characters are either
|
// by making sure it has no invisible characters
|
||||||
// 0-9, a-z, A-Z, ., _, -, space, or /
|
|
||||||
func ValidFileName(fname string) bool {
|
func ValidFileName(fname string) bool {
|
||||||
for _, r := range fname {
|
clean1 := strings.Map(func(r rune) rune {
|
||||||
if !((r >= '0' && r <= '9') ||
|
if unicode.IsGraphic(r) {
|
||||||
(r >= 'a' && r <= 'z') ||
|
return r
|
||||||
(r >= 'A' && r <= 'Z') ||
|
|
||||||
r == '.' || r == '_' || r == '-' || r == ' ' || r == '/') {
|
|
||||||
return false
|
|
||||||
}
|
}
|
||||||
}
|
return -1
|
||||||
return true
|
}, fname)
|
||||||
|
|
||||||
|
clean2 := strings.Map(func(r rune) rune {
|
||||||
|
if unicode.IsPrint(r) {
|
||||||
|
return r
|
||||||
|
}
|
||||||
|
return -1
|
||||||
|
}, fname)
|
||||||
|
|
||||||
|
return (fname == clean1) && (fname == clean2)
|
||||||
}
|
}
|
||||||
|
@ -231,3 +231,10 @@ func TestFindOpenPorts(t *testing.T) {
|
|||||||
func TestIsLocalIP(t *testing.T) {
|
func TestIsLocalIP(t *testing.T) {
|
||||||
assert.True(t, IsLocalIP("192.168.0.14:9009"))
|
assert.True(t, IsLocalIP("192.168.0.14:9009"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestValidFileName(t *testing.T) {
|
||||||
|
// contains regular characters
|
||||||
|
assert.True(t, ValidFileName("中文.csl"))
|
||||||
|
// contains invisible character
|
||||||
|
assert.False(t, ValidFileName("D中文.cslouglas"))
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user