new et2-vfs-name widget which does NOT allow to put (back)slashes in filenames

@nathangray client-side validation somehow does NOT work
2024-11-25 09:23:28 +01:00 · 2024-07-31 11:27:23 +02:00 · 2024-07-31 11:27:23 +02:00 · aadaa28f86
commit aadaa28f86
parent 6bd8d2d906
7 changed files with 96 additions and 89 deletions
--- a/api/etemplate.php
+++ b/api/etemplate.php
@ -17,7 +17,7 @@ const ADD_ET2_PREFIX_REGEXP = '#<((/?)([vh]?box)|vfs-select)(/?|\s[^>]*)>#m';
 const ADD_ET2_PREFIX_LAST_GROUP = 4;

 // unconditional of legacy add et2- prefix to this widgets
-const ADD_ET2_PREFIX_LEGACY_REGEXP = '#<((/?)(tabbox|description|searchbox|textbox|label|avatar|lavatar|image|appicon|colorpicker|checkbox|url(-email|-phone|-fax)?|vfs-mime|vfs-uid|vfs-gid|vfs-select|link|link-[a-z]+|favorites))(/?|\s[^>]*)>#m';
+const ADD_ET2_PREFIX_LEGACY_REGEXP = '#<((/?)(tabbox|description|searchbox|textbox|label|avatar|lavatar|image|appicon|colorpicker|checkbox|url(-email|-phone|-fax)?|vfs-mime|vfs-uid|vfs-gid|vfs-select|vfs-name|link|link-[a-z]+|favorites))(/?|\s[^>]*)>#m';
 const ADD_ET2_PREFIX_LEGACY_LAST_GROUP = 5;

 // switch evtl. set output-compression off, as we can't calculate a Content-Length header with transparent compression
--- a/api/js/etemplate/Et2Vfs/Et2VfsName.ts
+++ b/api/js/etemplate/Et2Vfs/Et2VfsName.ts
@ -0,0 +1,71 @@
+/**
+ * EGroupware eTemplate2 - Readonly select WebComponent
+ *
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ * @package api
+ * @link https://www.egroupware.org
+ * @author Ralf Becker <rb@egroupware.org>
+ */
+
+import {Et2Textbox} from "../Et2Textbox/Et2Textbox";
+import {Et2Description} from "../Et2Description/Et2Description";
+import {egw} from "../../jsapi/egw_global";
+
+export class Et2VfsName extends Et2Textbox
+{
+	constructor()
+	{
+		super();
+
+		this.validator = /^[^\/\\]+$/;
+	}
+
+	set value(_value)
+	{
+		if(_value.path)
+		{
+			_value = _value.path;
+		}
+		try
+		{
+			_value = egw.decodePath(_value);
+		} catch (e)
+		{
+			_value = 'Error! ' + _value;
+		}
+		super.value = _value;
+	}
+
+	get value()
+	{
+		return egw.encodePath(super.value || '');
+	}
+}
+// @ts-ignore TypeScript is not recognizing that this widget is a LitElement
+customElements.define("et2-vfs-name", Et2VfsName);
+
+export class Et2VfsNameReadonly extends Et2Description
+{
+	set value(_value)
+	{
+		if(_value.path)
+		{
+			_value = _value.path;
+		}
+		try
+		{
+			_value = egw.decodePath(_value);
+		} catch (e)
+		{
+			_value = 'Error! ' + _value;
+		}
+		super.value = _value;
+	}
+
+	get value()
+	{
+		return egw.encodePath(super.value || '');
+	}
+}
+// @ts-ignore TypeScript is not recognizing that this widget is a LitElement
+customElements.define("et2-vfs-name_ro", Et2VfsNameReadonly);
--- a/api/js/etemplate/et2_widget_vfs.ts
+++ b/api/js/etemplate/et2_widget_vfs.ts
@ -21,7 +21,6 @@
 import {et2_valueWidget} from "./et2_core_valueWidget";
 import {et2_createWidget, et2_register_widget, WidgetConfig} from "./et2_core_widget";
 import {ClassWithAttributes} from "./et2_core_inheritance";
-import {et2_textbox, et2_textbox_ro} from "./et2_widget_textbox";
 import {et2_description} from "./et2_widget_description";
 import {et2_file} from "./et2_widget_file";
 import {et2_IDetachedDOM} from "./et2_core_interfaces";
@ -32,6 +31,7 @@ import {EGW_KEY_ENTER} from '../egw_action/egw_action_constants';
 import {Et2Dialog} from "./Et2Dialog/Et2Dialog";
 import type {Et2VfsMime} from "./Vfs/Et2VfsMime";
 import type {Et2VfsGid, Et2VfsUid} from "./Et2Vfs/Et2VfsUid";
+import {Et2VfsName, Et2VfsNameReadonly} from "./Et2Vfs/Et2VfsName";

 /**
 * Class which implements the "vfs" XET-Tag
@ -240,91 +240,14 @@ export class et2_vfs extends et2_valueWidget implements et2_IDetachedDOM
 et2_register_widget(et2_vfs, ["vfs"]);

 /**
-* vfs-name
-* filename automatically urlencoded on return (urldecoded on display to user)
-*
-* @augments et2_textbox
+* @deprecated use Et2VfsName
 */
-export class et2_vfsName extends et2_textbox
-{
-	/**
-	 * Constructor
-	 *
-	 * @memberOf et2_vfsName
-	 */
-	constructor(_parent, _attrs? : WidgetConfig, _child? : object)
-	{
-		// Call the inherited constructor
-		super(_parent, _attrs, ClassWithAttributes.extendAttributes(et2_vfsName._attributes, _child || {}));
-		this.input.addClass("et2_vfs");
-	}
-	set_value(_value)
-	{
-		if(_value.path)
-		{
-			_value = _value.path;
-		}
-		try
-		{
-			_value = egw.decodePath(_value);
-		} catch (e)
-		{
-			_value = 'Error! ' + _value;
-		}
-		super.set_value(_value);
-	}
-
-	getValue()
-	{
-		return egw.encodePath(super.getValue() || '');
-	}
-}
-et2_register_widget(et2_vfsName, ["vfs-name"]);
+export type et2_vfsName = Et2VfsName;

 /**
-* vfs-name
-* filename automatically urlencoded on return (urldecoded on display to user)
-*
-* @augments et2_textbox_ro
-*/
-export class et2_vfsName_ro extends et2_textbox_ro
-{
-	/**
-	 * Constructor
-	 *
-	 * @memberOf et2_vfsName_ro
+ * @deprecated use Et2VfsName_ro
 */
-	/**
-	 * Constructor
-	 */
-	constructor(_parent, _attrs? : WidgetConfig, _child? : object)
-	{
-		// Call the inherited constructor
-		super(_parent, _attrs, ClassWithAttributes.extendAttributes(et2_vfsName_ro._attributes, _child || {}));
-	}
-
-	set_value(_value)
-	{
-		if(_value.path)
-		{
-			_value = _value.path;
-		}
-		try
-		{
-			_value = egw.decodePath(_value);
-		} catch (e)
-		{
-			_value = 'Error! ' + _value;
-		}
-		super.set_value(_value);
-	}
-
-	getValue()
-	{
-		return egw.encodePath(super.getValue() || '');
-	}
-}
-et2_register_widget(et2_vfsName_ro, ["vfs-name_ro"]);
+export type et2_vfsName_ro = Et2VfsNameReadonly;

 /**
 * vfs-mime: icon for mimetype of file, or thumbnail
--- a/api/js/etemplate/etemplate2.ts
+++ b/api/js/etemplate/etemplate2.ts
@ -105,6 +105,7 @@ import "./Et2Vfs/Et2VfsSelectButton";
 import "./Et2Vfs/Et2VfsSelectDialog";
 import "./Et2Vfs/Et2VfsSelectRow";
 import "./Et2Vfs/Et2VfsUid";
+import "./Et2Vfs/Et2VfsName";
 import "./Validators/EgwValidationFeedback";
 import "./Et2Textbox/Et2Password";
 import './Et2Textbox/Et2Searchbox';
--- a/api/lang/egw_de.lang
+++ b/api/lang/egw_de.lang
@ -36,6 +36,7 @@
 '%1' is not a valid timezone!	common	de	'%1' ist keine gültige Zeitzone!
 '%1' is not allowed ('%2')!	common	de	'%1' ist NICHT erlaubt ('%2')!
 '%1' is not allowed%2)!	common	de	'%1' ist NICHT erlaubt '%2'!
+'%1' must not contain (back)slashes!	common	de	'%1' darf keine Schrägstriche enthalten!
 (session restored in %1 seconds)	common	de	Sitzung in %1 Sekunden wiederhergestellt.
 00 (disable)	admin	de	00 (deaktiviert)
 1 day	common	de	1 Tag
@ -1304,12 +1305,12 @@ show page generation time?	common	de	Erstellungszeit der Seite anzeigen
 show password	common	de	Zeige Passwort
 show values	common	de	Werte anzeigen
 show/hide	common	de	Anzeigen/ausblenden Seitenleiste
-show_more_apps	common	de	Mehr Applikationen anzeigen
 showing	common	de	zeigt
 showing %1	common	de	%1 Einträge
 showing %1 - %2 of %3	common	de	%1 - %2 von %3 Einträgen
 shows / allows you to enter values into the etemplate for testing	common	de	Zeigt den Inhalt / Werte an und erlaubt welche zum Testen des eTemplates einzugeben
 shows/displays etemplate for testing, does not save it before	common	de	Zeigt eTemplate zum Testen an, speichert es NICHT davor
+show_more_apps	common	de	Mehr Applikationen anzeigen
 sierra leone	common	de	SIERRA LEONE
 sign up	common	de	Registrieren
 simple	common	de	Einfach
--- a/api/lang/egw_en.lang
+++ b/api/lang/egw_en.lang
@ -36,6 +36,7 @@
 '%1' is not a valid timezone!	common	en	'%1' is not a valid timezone!
 '%1' is not allowed ('%2')!	common	en	'%1' is NOT allowed ('%2')!
 '%1' is not allowed%2)!	common	en	'%1' is NOT allowed (%2)!
+'%1' must not contain (back)slashes!	common	en	'%1' must not contain (back)slashes!
 (session restored in %1 seconds)	common	en	Session restored in %1 seconds.
 00 (disable)	admin	en	00 (disable)
 1 day	common	en	1 day
@ -1305,12 +1306,12 @@ show page generation time?	common	en	Show page generation time
 show password	common	en	Show password
 show values	common	en	Show values
 show/hide	common	en	Show/hide sidebar
-show_more_apps	common	en	Show_more_apps
 showing	common	en	Showing
 showing %1	common	en	showing %1
 showing %1 - %2 of %3	common	en	showing %1 - %2 of %3
 shows / allows you to enter values into the etemplate for testing	common	en	Shows / allows to enter values into the eTemplate for testing
 shows/displays etemplate for testing, does not save it before	common	en	Shows / displays eTemplate for testing, does NOT save it
+show_more_apps	common	en	Show more apps
 sierra leone	common	en	SIERRA LEONE
 sign up	common	en	Sign up
 simple	common	en	Simple
--- a/api/src/Etemplate/Widget/Vfs.php
+++ b/api/src/Etemplate/Widget/Vfs.php
@ -337,6 +337,8 @@ class Vfs extends File
 		return $path;
 	}

+	const VFS_NAME_REGEXP = '#^[^/\\\\]+$#';
+
 	/**
 	 * Validate input
 	 * Merge any already uploaded files into the content array
@ -361,7 +363,7 @@ class Vfs extends File
 		{
 			case 'vfs-upload':
 				if(!is_array($value)) $value = array();
-				/* Check & skip files that made it asyncronously
+				/* Check & skip files that made it asynchronously
 				list($app,$id,$relpath) = explode(':',$this->id,3);
 				//...
 				foreach($value as $tmp => $file)
@ -370,6 +372,14 @@ class Vfs extends File
 				}*/
 				parent::validate($cname, $expand, $content, $validated);
 				break;
+			case 'vfs-name':
+			case 'et2-vfs-name':
+				if (!preg_match(self::VFS_NAME_REGEXP, $value))
+				{
+					self::set_validation_error($form_name, lang("'%1' must not contain (back)slashes!", $value));
+					return;
+				}
+				break;
 		}
 		if (!empty($this->id)) $valid = $value;
 	}