From 2f9eca587c3f3635be9d6cacef6bc742f6d63550 Mon Sep 17 00:00:00 2001
From: Patrick Barroca <pbarroca@afi-sa.fr>
Date: Tue, 6 Mar 2018 15:40:12 +0100
Subject: [PATCH] hotline #72344 : add filename validator

---
 VERSIONS_HOTLINE/72344                        |  1 +
 .../ZendAfi/Form/Admin/FileManager/Import.php |  4 +
 library/ZendAfi/Validate/FileName.php         | 78 +++++++++++++++++++
 .../controllers/FileManagerControllerTest.php | 14 ++--
 .../library/ZendAfi/Validate/FileNameTest.php | 40 ++++++++++
 5 files changed, 128 insertions(+), 9 deletions(-)
 create mode 100644 VERSIONS_HOTLINE/72344
 create mode 100644 library/ZendAfi/Validate/FileName.php
 create mode 100644 tests/library/ZendAfi/Validate/FileNameTest.php

diff --git a/VERSIONS_HOTLINE/72344 b/VERSIONS_HOTLINE/72344
new file mode 100644
index 00000000000..496370a7a5b
--- /dev/null
+++ b/VERSIONS_HOTLINE/72344
@@ -0,0 +1 @@
+ - ticket #72344 : Explorateur de fichier : Ajout de la vérification du format du nom de fichier téléversé
\ No newline at end of file
diff --git a/library/ZendAfi/Form/Admin/FileManager/Import.php b/library/ZendAfi/Form/Admin/FileManager/Import.php
index 57e12809180..b3ecc5c5c6b 100644
--- a/library/ZendAfi/Form/Admin/FileManager/Import.php
+++ b/library/ZendAfi/Form/Admin/FileManager/Import.php
@@ -43,6 +43,10 @@ class ZendAfi_Form_Admin_FileManager_Import extends ZendAfi_Form {
     $extensions = Class_AdminVar::get('ALLOWED_FILES_EXTENSIONS_FOR_IMPORT');
 
     return $element
+      ->addValidator((new ZendAfi_Validate_FileName(Class_FileManager::REGEX_NAME))
+                     ->setMessage($form->_('Le nom doit contenir uniquement des lettres, des chiffres et les caratères "_", "-", ".". Exemple : "mon_fichier.jpg"'),
+                                  ZendAfi_Validate_FileName::NOT_MATCH))
+
       ->addValidator((new Zend_Validate_File_Count(1))
                      ->setMessage($form->_('Un seul fichier doit être transféré.')))
 
diff --git a/library/ZendAfi/Validate/FileName.php b/library/ZendAfi/Validate/FileName.php
new file mode 100644
index 00000000000..9a0c22d2bb8
--- /dev/null
+++ b/library/ZendAfi/Validate/FileName.php
@@ -0,0 +1,78 @@
+<?php
+/**
+ * Copyright (c) 2012-2017, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
+ */
+
+
+class ZendAfi_Validate_FileName extends Zend_Validate_Abstract{
+  protected $_pattern;
+
+  /**
+   * @const string Error constants
+   */
+  const NOT_MATCH = 'fileNameDoesNotMatch';
+
+
+  /**
+   * @var array Error message templates
+   */
+  protected $_messageTemplates =
+    [ self::NOT_MATCH => "The name '%value%' does not match '%pattern%' pattern" ];
+
+
+  /**
+   * @var array
+   */
+  protected $_messageVariables = ['pattern' => '_pattern'];
+
+
+  public function __construct($pattern) {
+    $this->_pattern = $pattern;
+  }
+
+
+  public function isValid($temp_name, $file_infos = null) {
+    $status = @preg_match($this->_pattern, $file_infos['name']);
+
+    if (!$status) {
+      $this->_throw($file_infos, static::NOT_MATCH);
+      return false;
+    }
+
+    return true;
+  }
+
+
+  /**
+   * Throws an error of the given type
+   *
+   * @param  string $file
+   * @param  string $errorType
+   * @return false
+   */
+  protected function _throw($file, $errorType)
+  {
+    if ($file !== null) {
+      $this->_value = $file['name'];
+    }
+
+    $this->_error($errorType);
+    return false;
+  }
+}
diff --git a/tests/application/modules/admin/controllers/FileManagerControllerTest.php b/tests/application/modules/admin/controllers/FileManagerControllerTest.php
index 9c5aaa42d0e..4ca4d2b4ae7 100644
--- a/tests/application/modules/admin/controllers/FileManagerControllerTest.php
+++ b/tests/application/modules/admin/controllers/FileManagerControllerTest.php
@@ -676,18 +676,14 @@ class FileManagerControllerWallDispatchTest extends FileManagerControllerTestCas
 
 
 class FileManagerControllerImportCssDispatchTest extends FileManagerControllerTestCase {
-
   public function setUp() {
     parent::setUp();
-    $file = ['file' => ['name' => 'stylesheet.css',
-                        'type'     => 'image/jpeg',
-                        'size'     => 126976,
-                        'tmp_name' => 'userfiles/stylesheet.css',
-                        'destination' => 'userfiles',
-                        'validators' => []]];
+    $files = ['file' => ['name' => 'stylesheet.css',
+                         'type'     => 'image/jpeg',
+                         'size'     => 126976,
+                         'tmp_name' => 'xxxxx/php8iuxxajl']];
 
-    ZendAfi_Form_Admin_FileManager_Import::setTransferAdapter((new FileManagerController_Mock_TransferAdapter())
-                                                              ->setFiles($file));
+    ZendAfi_Form_Admin_FileManager_Import::setTransferAdapter((new FileManagerController_Mock_TransferAdapter())->setFiles($files));
     ZendAfi_Form_Admin_FileManager_Import::setValidators(null);
 
     $imported_file = (new Class_FileManager)
diff --git a/tests/library/ZendAfi/Validate/FileNameTest.php b/tests/library/ZendAfi/Validate/FileNameTest.php
new file mode 100644
index 00000000000..c2804112877
--- /dev/null
+++ b/tests/library/ZendAfi/Validate/FileNameTest.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright (c) 2012-2017, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
+ */
+
+
+class ZendAfi_Validate_FileNameTest extends ModelTestCase {
+  public function setUp() {
+    parent::setUp();
+    $this->_validate = new ZendAfi_Validate_FileName('/[a-z]/i');
+  }
+
+
+  /** @test */
+  public function aShouldBeValid() {
+    $this->assertTrue($this->_validate->isValid('/tmp/phpzdvauie', ['name' => 'a']));
+  }
+
+
+  /** @test */
+  public function underscoreShouldNotBeValid() {
+    $this->assertFalse($this->_validate->isValid('/tmp/phpzdvauie', ['name' => '_']));
+  }
+}
-- 
GitLab