From 3679fe6712c2a8ffc5cc53ecc385795254dad64b Mon Sep 17 00:00:00 2001 From: Anthony Fok Date: Mon, 14 Sep 2015 12:18:54 -0600 Subject: [PATCH] Add "control code" and "trailing space" to alias validation --- target/alias_test.go | 3 +++ target/htmlredirect.go | 20 ++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/target/alias_test.go b/target/alias_test.go index 13a8889d..311ccef9 100644 --- a/target/alias_test.go +++ b/target/alias_test.go @@ -30,6 +30,9 @@ func TestHTMLRedirectAlias(t *testing.T) { {"/foo/../../../../tmp/passwd", filepath.FromSlash("tmp/passwd/index.html"), true}, {"foo/../../../../tmp/passwd", "", false}, {"C:\\Windows", filepath.FromSlash("C:\\Windows/index.html"), errIsNilForThisOS}, + {"/trailing-space /", filepath.FromSlash("trailing-space /index.html"), errIsNilForThisOS}, + {"/trailing-period./", filepath.FromSlash("trailing-period./index.html"), errIsNilForThisOS}, + {"/tab\tseparated/", filepath.FromSlash("tab\tseparated/index.html"), errIsNilForThisOS}, {"/chrome/?p=help&ctx=keyboard#topic=3227046", filepath.FromSlash("chrome/?p=help&ctx=keyboard#topic=3227046/index.html"), errIsNilForThisOS}, {"/LPT1/Printer/", filepath.FromSlash("LPT1/Printer/index.html"), errIsNilForThisOS}, } diff --git a/target/htmlredirect.go b/target/htmlredirect.go index 010428a2..41fd42a1 100644 --- a/target/htmlredirect.go +++ b/target/htmlredirect.go @@ -52,19 +52,27 @@ func (h *HTMLRedirectAlias) Translate(alias string) (aliasPath string, err error return "", fmt.Errorf("Alias \"%s\" traverses outside the website root directory", originalAlias) } - // Handle Windows filename restrictions + // Handle Windows file and directory naming restrictions + // See "Naming Files, Paths, and Namespaces" on MSDN + // https://msdn.microsoft.com/en-us/library/aa365247%28v=VS.85%29.aspx?f=255&MSPPError=-2147217396 msgs := []string{} reservedNames := []string{"CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9"} if strings.ContainsAny(alias, ":*?\"<>|") { - msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains invalid characters in a filename on Windows: : * ? \" < > |", originalAlias)) + msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains invalid characters on Windows: : * ? \" < > |", originalAlias)) } - for _, c := range components { - if strings.HasSuffix(c, ".") { - msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with trailing period, invalid on Windows", originalAlias)) + for _, ch := range alias { + if ch < ' ' { + msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains ASCII control code (0x00 to 0x1F), invalid on Windows: : * ? \" < > |", originalAlias)) + continue + } + } + for _, comp := range components { + if strings.HasSuffix(comp, " ") || strings.HasSuffix(comp, ".") { + msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with a trailing space or period, problematic on Windows", originalAlias)) } for _, r := range reservedNames { - if c == r { + if comp == r { msgs = append(msgs, fmt.Sprintf("Alias \"%s\" contains component with reserved name \"%s\" on Windows", originalAlias, r)) } } -- 2.30.2