Fix #13099: Disallow user to create files/folder using relative path #13256
Conversation
|
@Simon66 I still have the same confusion regarding invalid character handling code. Part of the reason is the way file names get validated by the OS, it's quite different in case of windows and osx. Not sure whether we can have a common regex validator as that would limit the file naming capability in either of the platform. |
|
What we can think about is, predominantly the projects being worked upon are web projects in Brackets. Eventually these files will be served and loaded in browser shells. What kind of restrictions do we have in the file names while serving them over network. Just thinking loud, may be not valid in this context. |
|
Another confusion of mine is why are these filenames considered "bad"
Why is |
|
@swmitra I think that no matter where this code lives (MacOS, Windows, Linux), those chars should be invalid. I'm not too sure why we should allow |
|
I've changed the function |
sdalmeida
changed the title
src/project/ProjectModel.js
Outdated
| new RegExp("[" + invalidChars + "]+").test(filename) || | ||
| _illegalFilenamesRegEx.test(filename) | ||
| filename.match(_invalidChars)|| filename.match(_illegalFilenamesRegEx) | ||
| //filename.match(_invalidChars) || filename.match(_illegalFilenamesRegEx) |
There was a problem hiding this comment.
This got left in by accident, please remove.
|
@humphd Done 👍 |
|
Hi @swmitra |
|
Thanks for your contributions @Simon66 . |
This is a Work In Progress PR referring to original issue #13099
Before this PR can be landed, it would be nice to know which chars are actually invalid.
These are the chars that I'm invalidating:
\?\\\*\.{2,}<-- .. or more should not be allowed, but allow .\.$<-- allow a file to have . but not end with .\/\|\>\<I also have to add a unit test for this case.
Let me know if there are any chars that need to be added/removed.