guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mjum...@apache.org
Subject [1/2] incubator-guacamole-client git commit: GUACAMOLE-104: Sanitize filenames before upload or download.
Date Thu, 08 Sep 2016 03:37:03 GMT
Repository: incubator-guacamole-client
Updated Branches:
  refs/heads/master 30639f280 -> 057a09226


GUACAMOLE-104: Sanitize filenames before upload or download.


Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/7f52e3c2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/7f52e3c2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/7f52e3c2

Branch: refs/heads/master
Commit: 7f52e3c2edc2f39604d5bf04db4bcf23b9d4494a
Parents: 30639f2
Author: James Muehlner <james.muehlner@guac-dev.org>
Authored: Wed Sep 7 20:23:34 2016 -0700
Committer: James Muehlner <james.muehlner@guac-dev.org>
Committed: Wed Sep 7 20:23:34 2016 -0700

----------------------------------------------------------------------
 .../webapp/app/rest/services/tunnelService.js     | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/7f52e3c2/guacamole/src/main/webapp/app/rest/services/tunnelService.js
----------------------------------------------------------------------
diff --git a/guacamole/src/main/webapp/app/rest/services/tunnelService.js b/guacamole/src/main/webapp/app/rest/services/tunnelService.js
index b9dc0cd..0029650 100644
--- a/guacamole/src/main/webapp/app/rest/services/tunnelService.js
+++ b/guacamole/src/main/webapp/app/rest/services/tunnelService.js
@@ -136,6 +136,20 @@ angular.module('rest').factory('tunnelService', ['$injector',
     };
 
     /**
+     * Sanitize a filename, replacing all URL path seperators with safe
+     * characters.
+     *
+     * @param {String} filename
+     *     An unsanitized filename that may need cleanup.
+     *
+     * @returns {String}
+     *     The sanitized filename.
+     */
+    var sanitizeFilename = function sanitizeFilename(filename) {
+        return filename.replace(/\/+/g, '_');
+    };
+
+    /**
      * Makes a request to the REST API to retrieve the contents of a stream
      * which has been created within the active Guacamole connection associated
      * with the given tunnel. The contents of the stream will automatically be
@@ -169,7 +183,7 @@ angular.module('rest').factory('tunnelService', ['$injector',
                 + $window.location.pathname
                 + 'api/session/tunnels/' + encodeURIComponent(tunnel)
                 + '/streams/' + encodeURIComponent(stream.index)
-                + '/' + encodeURIComponent(filename)
+                + '/' + encodeURIComponent(sanitizeFilename(filename))
                 + '?token=' + encodeURIComponent(authenticationService.getCurrentToken());
 
         // Create temporary hidden iframe to facilitate download
@@ -232,7 +246,7 @@ angular.module('rest').factory('tunnelService', ['$injector',
                 + $window.location.pathname
                 + 'api/session/tunnels/' + encodeURIComponent(tunnel)
                 + '/streams/' + encodeURIComponent(stream.index)
-                + '/' + encodeURIComponent(file.name)
+                + '/' + encodeURIComponent(sanitizeFilename(file.name))
                 + '?token=' + encodeURIComponent(authenticationService.getCurrentToken());
 
         var xhr = new XMLHttpRequest();


Mime
View raw message