6748: Stricter file and folder name validation #6792
Conversation
|
@BenedekFarkas, Thanks for signing the contribution license agreement so quickly! Actual humans will now validate the agreement and then evaluate the PR. |
|
Can we ask @hannan-azam to test this fix? He's the most knowledgeable about this feature after you ;) |
|
Sure! |
|
Sure, I'll do the testing and will get back with results. |
|
@sebastienros @BenedekFarkas During the testing i found another issue with a recent commit 2440e68 (13th April) in media-library.js line 385. Please see the attached screen shot:
|
|
Hm, I tested that one quite extensively though, but you're right about the JS problem anyway. That change btw will be unnecessary once #6756 is fixed - I applied it as a temporary solution, because it was easier to make it work there first (to be able to use the Media Library properly with Azure Storage and test other things). |
|
@sebastienros @BenedekFarkas Regarding the actual issue, below are my findings and recommendations: I read this article https://perishablepress.com/stop-using-unsafe-characters-in-urls/ which references RFC 1738 http://www.ietf.org/rfc/rfc1738.txt with recommendations on not using the characters `blank/empty space and " < > # % { } | \ ^ ~ [ ]`` for the URIs. I have pasted the description from RFC on why these characters are unsafe at the end. Recommendation: HttpUnallowed should include the Unsafe characters mentioned in the RFC.
|
|
Conflicts. Do we still need it? |
|
I've been meaning to come back to this. I'll try to check it soon and see what to do. |
src/Orchard.Web/Modules/Orchard.MediaLibrary/Services/MediaLibraryService.cs
Outdated
Show resolved
Hide resolved
src/Orchard.Web/Modules/Orchard.MediaLibrary/Services/MediaLibraryService.cs
Outdated
Show resolved
Hide resolved
# Conflicts: # src/Orchard.Web/Modules/Orchard.MediaLibrary/Services/MediaLibraryService.cs
…vider, so that MediaLibrary components don't need to do it separately
BenedekFarkas
changed the title
BenedekFarkas
changed the title
|
On the latest episode of reviving old PRs, please see the PR description for what changed. |
| @@ -260,6 +273,11 @@ public class AzureFileSystem { | |||
| path = ConvertToRelativeUriPath(path); | |||
| newPath = ConvertToRelativeUriPath(newPath); | |||
|
|
|||
| if (FileSystemStorageProvider.FileNameContainsInvalidCharacters(Path.GetFileName(newPath), out var invalidCharacters)) { | |||
| throw new ArgumentException( | |||
| string.Format("The new file name contains invalid character(s): {0}", string.Join(", ", invalidCharacters))); | |||
There was a problem hiding this comment.
If that shows to the user, translate
There was a problem hiding this comment.
Addressed in 08ae5dd.
I created a new type of exception to be able to handle such cases correctly and without breaking changes or reaching through abstractions.
There was a problem hiding this comment.
The strings passed when building those exceptions are still un-translated in AzureFileSystem.cs (while they are localizable in other places). It seems like that message is then never used directly, because in the catch statements a different message is "forwarded" as error text: however, I think it would still be better to have these strings localizable, so we can use the exception message directly.
There was a problem hiding this comment.
That's what we discussed yesterday with Sebastien and after your comment I dug even deeper into it, but localization doesn't work for AzureFileSystem, because it's not a registered type in the DI container, which the LocalizationModule relies on to find where translations can be injected. I added an Autofac module to register AzureFileSystem and with that, LocalizationModule finds it, but translated strings aren't applied still. My guess is that in this case, the Activated handler of this registered component is never called (even if it's registered with .AutoActivate(), because it's not injected/used as a dependency (it's a parent class).
I don't think it's worth pursuing this any further.
This is already a big improvement, because:
- This validation is now on the storage provider-level, so it doesn't just apply to Media Library.
- Validation is now applied for the Azure storage provider too with the same logic as the file system.
- Media Library didn't have validation at all possible places in the first place.
AzureFileSystemalready had non-localized exception messages, so unless the Azure storage is heavily refactored, we'll just have to live with that.
| } | ||
|
|
||
| public static bool FileNameContainsInvalidCharacters(string folderName, out char[] invalidCharacters) { | ||
| invalidCharacters = folderName.Distinct().Intersect(InvalidFileNameCharacters).ToArray(); |
There was a problem hiding this comment.
Addressed in 15dc19c.
…racters precisely at various user-facing components
…ed due to invalid characters
* 6748: Stricter file and folder name validation (#6792) * Media Library: More strict file and folder name validation, fixes #6748 * Resetting MediaLibraryService changes to 1.10.x * Code styling in FileSystemStorageProvider * Adding string file and folder name validation to FileSystemStorageProvider, so that MediaLibrary components don't need to do it separately * Applying the same file and folder name validation to AzureFileSystem too * Code styling and fixes in AzureFileSystem, MediaLibrary and IStorageProvider * Simplifying invalid character detection * Code styling * Adding InvalidNameCharacterException to be able to handle invalid characters precisely at various user-facing components * Updating MediaLibrary not to log an error when a file can't be uploaded due to invalid characters --------- Co-authored-by: Lombiq <github@lombiq.com> * #6793: Adding a content-independent culture selector shape for the front-end (#8784) * Adds a new CultureSelector shape for front-end * fixed query string culture change * Moving NameValueCollectionExtensions from Orchard.DynamicForms and Orchard.Localization to Orchard.Framework * Code styling * Simplifying UserCultureSelectorController and removing the addition of the culture to the query string * EOF empty lines and code styling * Fixing that the main Orchard.Localization should depend on Orchard.Autoroute * Code styling in LocalizationService * Updating LocalizationService to not have to use IEnumerable.Single * Matching culture name matching in LocalizationService culture- and casing-invariant --------- Co-authored-by: Sergio Navarro <jersio@hotmail.com> Co-authored-by: psp589 <pablosanchez589@gmail.com> * #8640: Fixing consistency between different Enumeration Field flavors' data storage (#8789) * Reworking EnumerationField's logic to store/retrieve its (selected) values * Fixing exception when creating new item with CheckboxList flavor, adding more nullchecks and compactness * Code styling in EnumerationFieldDriver * Code styling in EnumerationField editor template * Fixing that EnumerationFieldDriver and the EnumerationField editor template should read SelectedValues instead of Values directly --------- Co-authored-by: Matteo Piovanelli <MatteoPiovanelli-Laser@users.noreply.github.com> * Fixing merge --------- Co-authored-by: Lombiq <github@lombiq.com> Co-authored-by: Sergio Navarro <jersio@hotmail.com> Co-authored-by: psp589 <pablosanchez589@gmail.com> Co-authored-by: Matteo Piovanelli <MatteoPiovanelli-Laser@users.noreply.github.com>
Fixing that some special characters were accepted in file and folder names.
Reworked the PR to have the following functionality:
CreateFolder,RenameFolder,CreateFileandRenameFilefunctions ofFileSystemStorageProviderto validate the file/folder name against a larger set of special characters that aren't allowed or considered unsafe.~, which should be allowed.AzureFileSystemtoo.