Can't enter a title in the document library classic uploader

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: No Longer Reproducible
Affects Version/s: 6.0.5 GA
Fix Version/s: None
Component/s: DM, DM > Document Library Display
Labels:
None

Branch Version/s:

6.0.x

Similar Issues:

Show 5 results

Description

We don't properly validate file titles in the document library in 6EE. Here is the flow:

Enter the classic uploader, upload any supported file. In the TITLE, put "My file"

Hit save. You will get a file extension error. Here is why:

DLFileEntryLocalServiceUtil.addFile() calls:

// File entry

User user = userPersistence.findByPrimaryKey(userId);
folderId = getFolderId(user.getCompanyId(), folderId);

String extension = FileUtil.getExtension(name);
// AT THIS POINT TITLE IS "my file" and NAME is "whatever.txt"
if (Validator.isNull(title))

{ title = name; }

name = String.valueOf(
counterLocalService.increment(DLFileEntry.class.getName()));

// NOW NAME IS 456789 and TITLE is "my file"

Date now = new Date();

// ABOUT TO VALIDATE THE TITLE AS "my file"

validate(groupId, folderId, title, is);

--> That call goes to -->

public void validate(
String fileName, boolean validateFileExtension, InputStream is)
throws PortalException, SystemException {

validate(fileName, validateFileExtension);

// ~~LEP-4851~~

try {
if ((PrefsPropsUtil.getLong(PropsKeys.DL_FILE_MAX_SIZE) > 0) &&
((is == null) ||
(is.available() >
PrefsPropsUtil.getLong(PropsKeys.DL_FILE_MAX_SIZE))))

{ throw new FileSizeException(fileName); }

}
catch (IOException ioe)

{ throw new FileSizeException(ioe.getMessage()); }

}

so it's passing the fileName as "my file" and it's validating the file extension (boolean true)

-->

public void validate(String fileName, boolean validateFileExtension)
throws PortalException, SystemException {

if ((fileName.indexOf("\\\\") != -1) ||
(fileName.indexOf("//") != -1) ||
(fileName.indexOf(":") != -1) ||
(fileName.indexOf("*") != -1) ||
(fileName.indexOf("?") != -1) ||
(fileName.indexOf("\"") != -1) ||
(fileName.indexOf("<") != -1) ||
(fileName.indexOf(">") != -1) ||
(fileName.indexOf("|") != -1) ||
(fileName.indexOf("[") != -1) ||
(fileName.indexOf("]") != -1) ||
(fileName.indexOf("'") != -1) ||
(fileName.indexOf("..
") != -1) ||
(fileName.indexOf("../") != -1) ||
(fileName.indexOf("
..") != -1) ||
(fileName.indexOf("/..") != -1))

{ throw new FileNameException(fileName); }

if (validateFileExtension) {
boolean validFileExtension = false;

String[] fileExtensions = PrefsPropsUtil.getStringArray(
PropsKeys.DL_FILE_EXTENSIONS, StringPool.COMMA);

for (int i = 0; i < fileExtensions.length; i++) {
if (StringPool.STAR.equals(fileExtensions[i]) ||
StringUtil.endsWith(fileName, fileExtensions[i]))

{ validFileExtension = true; break; }

}

if (!validFileExtension)

{ throw new FileNameException(fileName); }

}
}

It now sees "my file" isn't a valid filename, and dies.

Activity

Hide

Permalink

Michael Han added a comment - 01/Dec/10 4:02 PM

Already resolved...

Show

Michael Han added a comment - 01/Dec/10 4:02 PM Already resolved...

People

Assignee:

Michael Han

Reporter:

Brett Swaim

Participants of an Issue:

Brett Swaim, Michael Han

Vote (0)

Watch (0)

Dates

Created:

01/Dec/10 2:52 PM

Updated:

08/Feb/13 4:39 PM

Resolved:

01/Dec/10 4:02 PM

Days since last comment:

2 years, 29 weeks ago

Agile

View on Board

~~LPS-19043~~	Entering a file name, but not selecting a file still creates an entry in Document Library
~~LPS-19044~~	Entering a file name, but not selecting a file still creates an entry in Document Library
~~LPS-18749~~	Problem when uploading a document with a single quote in title
~~LPS-16968~~	Document Library Classic Uploader missing description
~~LPS-18965~~	Document library allows you to create a new document using the classic uploader without uploading a file