Francois Gouget : testbot/web: Reject filenames that are not valid Windows filenames.
Alexandre Julliard
julliard at winehq.org
Wed Jun 20 17:12:28 CDT 2018
Module: tools
Branch: master
Commit: 759fc680db14c71e66e4ca5afb141c85e0504308
URL: https://source.winehq.org/git/tools.git/?a=commit;h=759fc680db14c71e66e4ca5afb141c85e0504308
Author: Francois Gouget <fgouget at codeweavers.com>
Date: Wed Jun 20 02:43:45 2018 +0200
testbot/web: Reject filenames that are not valid Windows filenames.
IsValidFileName() verifies that the filename is valid on both Windows
and Unix. This is necessary to ensure we will be able to upload the file
to the build and/or test VMs.
IsValidFileName() is defined in the Utils.pm module so it can be reused
where necessary.
Signed-off-by: Francois Gouget <fgouget at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
testbot/lib/WineTestBot/Utils.pm | 25 ++++++++++++++++++++++++-
testbot/web/Submit.pl | 4 ++--
2 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/testbot/lib/WineTestBot/Utils.pm b/testbot/lib/WineTestBot/Utils.pm
index 8b0bfeb..962e6ff 100644
--- a/testbot/lib/WineTestBot/Utils.pm
+++ b/testbot/lib/WineTestBot/Utils.pm
@@ -28,7 +28,7 @@ WineTestBot::Utils - Utility functions
use Exporter 'import';
our @EXPORT = qw(MakeSecureURL SecureConnection GenerateRandomString
OpenNewFile CreateNewFile CreateNewLink CreateNewDir
- DurationToString BuildEMailRecipient);
+ DurationToString BuildEMailRecipient IsValidFileName);
use Fcntl;
@@ -173,4 +173,27 @@ sub CreateNewDir($$)
}
}
+
+#
+# Shell helpers
+#
+
+=pod
+=over 12
+
+=item C<IsValidFileName()>
+
+Returns true if the filename is valid on Unix and Windows systems.
+
+This also ensures this is not a trick filename such as '../important/file'.
+
+=back
+=cut
+
+sub IsValidFileName($)
+{
+ my ($FileName) = @_;
+ return $FileName !~ m~[<>:"/\\|?*]~;
+}
+
1;
diff --git a/testbot/web/Submit.pl b/testbot/web/Submit.pl
index c16b99f..afebc72 100644
--- a/testbot/web/Submit.pl
+++ b/testbot/web/Submit.pl
@@ -514,10 +514,10 @@ sub ValidateAndGetFileName($$)
$self->{ErrMessage} = "You must provide a file to test";
return undef;
}
- if ($FileName =~ m=[/\\]=)
+ if (!IsValidFileName($FileName))
{
$self->{ErrField} = $FieldName;
- $self->{ErrMessage} = "The filename is invalid";
+ $self->{ErrMessage} = "The filename contains invalid characters";
return undef;
}
my $PropertyDescriptor = CreateSteps()->GetPropertyDescriptorByName("FileName");
More information about the wine-cvs
mailing list