CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[fixed] filemanager: delete/rename directory with certain ch

https://forum.cmsmadesimple.org/viewtopic.php?t=56409

Page 1 of 1

[fixed] filemanager: delete/rename directory with certain ch

Posted: Thu Aug 25, 2011 9:03 pm
by dwave
Steps to reproduce:

1. create new directory
2. name it <>
3. try to delete/rename

it also works the other way round:

1. create new directory
2. name it &
3. try to delete/rename

Re: filemanager: delete/rename directory with certain charac

Posted: Sat Aug 27, 2011 1:06 am
by JeremyBASS
Hello
Personally I don't think this is an issue, but the question would be that do other language charters ie: Accent Marks and Diacritics, will cause this issue.

Cheers -Jeremy

Re: filemanager: delete/rename directory with certain charac

Posted: Sat Aug 27, 2011 3:00 am
by calguy1000
Well, technically speaking, if FileManager allows you to create the directory, it should allow you to delete/rename it.

The question is... should it allow you to create directories like this? Technically speaking (again) a directory name like > or < or <> or > are legal (if stupid).

So it's decision time. I think I'll make it so that you can't create stupid directories like this. How I'll do it... not exactly sure yet.

Re: filemanager: delete/rename directory with certain charac

Posted: Sat Aug 27, 2011 7:14 am
by dwave
FileManager.module.php already contains a function ContainsIllegalChars(). It could be extended and then reused in action.newdir. Example:

actions.newdir

Code: Select all

if ($this->ContainsIllegalChars($params["newdirname"]) || $params["newdirname"][0]==".") {
  $this->Redirect($id, 'defaultadmin',$returnid,array("fmerror"=>"invalidnewdir"));
}

FileManager.module.php

Code: Select all

  function ContainsIllegalChars($filename) {
    
    if (strpos($filename, "'")!==false) return true;
    if (strpos($filename, "\"")!==false) return true;
    if (strpos($filename, "/")!==false) return true;
    if (strpos($filename, "\\")!==false) return true;
    if (strpos($filename, "&")!==false) return true;
    if (strpos($filename, "\$")!==false) return true;
    if (strpos($filename, "+")!==false) return true;
    if (strpos($filename, "<")!==false) return true;
    if (strpos($filename, ">")!==false) return true;
    return false;
  }

Re: filemanager: delete/rename directory with certain charac

Posted: Sat Aug 27, 2011 8:53 am
by JeremyBASS
calguy1000 wrote: The question is... should it allow you to create directories like this? Technically speaking (again) a directory name like > or < or <> or > are legal (if stupid).
:D it would be very odd to even want to have them, but +1 for the check -J

Re: filemanager: delete/rename directory with certain charac

Posted: Sun Aug 28, 2011 10:30 am
by Rolf
calguy1000 wrote:I think I'll make it so that you can't create stupid directories like this. How I'll do it... not exactly sure yet.
Fixed. I can't create folder with name <> in latest svn.
Please confirm
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited