Add "control code" and "trailing space" to alias validation

diff --git a/target/alias_test.go b/target/alias_test.go
index 13a8889dc7cd6de153f53a86101d0acae8a2972e..311ccef9c79e9135e5bb2f9e4045c36738be60dc 100644 (file)
--- a/target/alias_test.go
+++ b/target/alias_test.go
@@ -30,6 +30,9 @@ func TestHTMLRedirectAlias(t *testing.T) {
                {"/foo/../../../../tmp/passwd", filepath.FromSlash("tmp/passwd/index.html"), true},
                {"foo/../../../../tmp/passwd", "", false},
                {"C:\\Windows", filepath.FromSlash("C:\\Windows/index.html"), errIsNilForThisOS},
+               {"/trailing-space /", filepath.FromSlash("trailing-space /index.html"), errIsNilForThisOS},
+               {"/trailing-period./", filepath.FromSlash("trailing-period./index.html"), errIsNilForThisOS},
+               {"/tab\tseparated/", filepath.FromSlash("tab\tseparated/index.html"), errIsNilForThisOS},
                {"/chrome/?p=help&ctx=keyboard#topic=3227046", filepath.FromSlash("chrome/?p=help&ctx=keyboard#topic=3227046/index.html"), errIsNilForThisOS},
                {"/LPT1/Printer/", filepath.FromSlash("LPT1/Printer/index.html"), errIsNilForThisOS},
        }

diff --git a/target/htmlredirect.go b/target/htmlredirect.go
index 010428a252444485da052fa43cbf327955a48448..41fd42a10b4b0601891d82b527369bae127d9f30 100644 (file)
--- a/target/htmlredirect.go
+++ b/target/htmlredirect.go
@@ -52,19 +52,27 @@ func (h *HTMLRedirectAlias) Translate(alias string) (aliasPath string, err error
                return "", fmt.Errorf("Alias \"%s\" traverses outside the website root directory", originalAlias)
        }
 
-       // Handle Windows filename restrictions
+       // Handle Windows file and directory naming restrictions
+       // See "Naming Files, Paths, and Namespaces" on MSDN
+       // https://msdn.microsoft.com/en-us/library/aa365247%28v=VS.85%29.aspx?f=255&MSPPError=-2147217396
        msgs := []string{}
        reservedNames := []string{"CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9"}
 
        if strings.ContainsAny(alias, ":*?\"<>|") {
-               msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains invalid characters in a filename on Windows: : * ? \" < > |", originalAlias))
+               msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains invalid characters on Windows: : * ? \" < > |", originalAlias))
        }
-       for _, c := range components {
-               if strings.HasSuffix(c, ".") {
-                       msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with trailing period, invalid on Windows", originalAlias))
+       for _, ch := range alias {
+               if ch < ' ' {
+                       msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains ASCII control code (0x00 to 0x1F), invalid on Windows: : * ? \" < > |", originalAlias))
+                       continue
+               }
+       }
+       for _, comp := range components {
+               if strings.HasSuffix(comp, " ") || strings.HasSuffix(comp, ".") {
+                       msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with a trailing space or period, problematic on Windows", originalAlias))
                }
                for _, r := range reservedNames {
-                       if c == r {
+                       if comp == r {
                                msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with reserved name \"%s\" on Windows", originalAlias, r))
                        }
                }