Daniel Brötzmann pushed to branch sanitize-filenames at gajim / gajim
Commits:
9c89b3ef by wurstsalat at 2022-08-26T08:54:11+02:00
fix: Preview: Sanitize filename from disallowed chars
Fixes #11105
- - - - -
2 changed files:
- gajim/common/helpers.py
- gajim/common/preview_helpers.py
Changes:
=====================================
gajim/common/helpers.py
=====================================
@@ -37,7 +37,6 @@
import re
import os
import subprocess
-import base64
import hashlib
import shlex
import socket
@@ -58,7 +57,6 @@
from datetime import timedelta
from urllib.parse import unquote
from urllib.parse import urlparse
-from encodings.punycode import punycode_encode
from functools import wraps
from pathlib import Path
from packaging.version import Version as V
@@ -358,26 +356,45 @@ def get_file_path_from_dnd_dropped_uri(uri: str) -> str:
def sanitize_filename(filename: str) -> str:
'''
- Make sure the filename we will write does contain only acceptable and latin
- characters, and is not too long (in that case hash it)
+ Sanitize filename of elements not allowed on Windows
+ https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file
'''
- # 48 is the limit
- if len(filename) > 48:
- hash_ = hashlib.md5(filename.encode('utf-8'))
- filename = base64.b64encode(hash_.digest()).decode('utf-8')
-
- # make it latin chars only
- filename = punycode_encode(filename).decode('utf-8')
- filename = filename.replace('/', '_')
- if os.name == 'nt':
- filename = filename.replace('?', '_')\
- .replace(':', '_')\
- .replace('\\', '_')\
- .replace('"', "'")\
- .replace('|', '_')\
- .replace('*', '_')\
- .replace('<', '_')\
- .replace('>', '_')
+ disallowed_chars = [
+ '<',
+ '>',
+ ':',
+ '"',
+ '/',
+ '\\',
+ '|',
+ '?',
+ '*',
+ '..',
+ 'CON',
+ 'PRN',
+ 'AUX',
+ 'NUL',
+ 'COM1',
+ 'COM2',
+ 'COM3',
+ 'COM4',
+ 'COM5',
+ 'COM6',
+ 'COM7',
+ 'COM8',
+ 'COM9',
+ 'LPT1',
+ 'LPT2',
+ 'LPT3',
+ 'LPT4',
+ 'LPT5',
+ 'LPT6',
+ 'LPT7',
+ 'LPT8',
+ 'LPT9',
+ ]
+ for char in disallowed_chars:
+ filename = filename.replace(char, '_')
return filename
=====================================
gajim/common/preview_helpers.py
=====================================
@@ -45,6 +45,7 @@
from cryptography.hazmat.primitives.ciphers import algorithms
from cryptography.hazmat.primitives.ciphers.modes import GCM
+from gajim.common.helpers import sanitize_filename
from gajim.common.i18n import _
log = logging.getLogger('gajim.c.preview_helpers')
@@ -315,6 +316,8 @@ def get_image_paths(uri: str,
# so the filename should not exceed 90
web_stem = web_stem[:90]
+ web_stem = sanitize_filename(web_stem)
+
name_hash = hashlib.sha1(str(uri).encode()).hexdigest()
orig_filename = f'{web_stem}_{name_hash}{extension}'
View it on GitLab:
https://dev.gajim.org/gajim/gajim/-/commit/9c89b3ef64e0189df0ead1d855ca45f6221ab74d
--
View it on GitLab:
https://dev.gajim.org/gajim/gajim/-/commit/9c89b3ef64e0189df0ead1d855ca45f6221ab74d
You're receiving this email because of your account on dev.gajim.org.
_______________________________________________
Commits mailing list
Commits@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/commits
