Browse Source

Check template file name in create action

Vova Tkach 4 years ago
parent
commit
559a9882dc

+ 5 - 5
engine/modules/module_templates_act_create_theme_file.go

@@ -21,7 +21,10 @@ func (this *Modules) RegisterAction_TemplatesCreateThemeFile() *Action {
 			return
 			return
 		}
 		}
 
 
-		// Check normal file name here
+		if !utils.IsValidTemplateFileName(pf_name) {
+			wrap.MsgError(`Bad template file name`)
+			return
+		}
 
 
 		template_file := wrap.DTemplate + string(os.PathSeparator) + pf_name + ".html"
 		template_file := wrap.DTemplate + string(os.PathSeparator) + pf_name + ".html"
 		if utils.IsFileExists(template_file) {
 		if utils.IsFileExists(template_file) {
@@ -38,9 +41,6 @@ func (this *Modules) RegisterAction_TemplatesCreateThemeFile() *Action {
 
 
 		wrap.ResetCacheBlocks()
 		wrap.ResetCacheBlocks()
 
 
-		// Redirect to created file in editor
-
-		// Reload current page
-		wrap.Write(`window.location.reload(false);`)
+		wrap.Write(`window.location='/cp/templates/?file=` + pf_name + `.html';`)
 	})
 	})
 }
 }

+ 5 - 0
engine/utils/utils.go

@@ -564,3 +564,8 @@ func SafeFilePath(path string) string {
 
 
 	return result
 	return result
 }
 }
+
+func IsValidTemplateFileName(str string) bool {
+	regexpeChars := regexp.MustCompile(`^[0-9A-Za-z-]+$`)
+	return regexpeChars.MatchString(str)
+}

+ 11 - 0
engine/utils/utils_test.go

@@ -409,3 +409,14 @@ func TestSafeFilePath(t *testing.T) {
 	Expect(t, SafeFilePath("/test/file/./"), "/test/file/")
 	Expect(t, SafeFilePath("/test/file/./"), "/test/file/")
 	Expect(t, SafeFilePath("/test/./file"), "/test/file")
 	Expect(t, SafeFilePath("/test/./file"), "/test/file")
 }
 }
+
+func TestIsValidTemplateFileName(t *testing.T) {
+	Expect(t, IsValidTemplateFileName("test-template"), true)
+	Expect(t, IsValidTemplateFileName("test-123-TEST"), true)
+	Expect(t, IsValidTemplateFileName("TEST-123-TEST"), true)
+	Expect(t, IsValidTemplateFileName("test template"), false)
+	Expect(t, IsValidTemplateFileName("test_template"), false)
+	Expect(t, IsValidTemplateFileName("test-template.html"), false)
+	Expect(t, IsValidTemplateFileName("test-template.css"), false)
+	Expect(t, IsValidTemplateFileName("test@template"), false)
+}