diff --git a/apps/files/src/actions/moveOrCopyAction.ts b/apps/files/src/actions/moveOrCopyAction.ts
index 69158958aab..1483568ec0e 100644
--- a/apps/files/src/actions/moveOrCopyAction.ts
+++ b/apps/files/src/actions/moveOrCopyAction.ts
@@ -212,7 +212,7 @@ const openFilePickerForAction = async (action: MoveCopyAction, dir = '/', nodes:
if (action === MoveCopyAction.COPY || action === MoveCopyAction.MOVE_OR_COPY) {
buttons.push({
- label: target ? t('files', 'Copy to {target}', { target }) : t('files', 'Copy'),
+ label: target ? t('files', 'Copy to {target}', { target }, undefined, { escape: false, sanitize: false }) : t('files', 'Copy'),
type: 'primary',
icon: CopyIconSvg,
async callback(destination: Node[]) {
@@ -237,7 +237,7 @@ const openFilePickerForAction = async (action: MoveCopyAction, dir = '/', nodes:
if (action === MoveCopyAction.MOVE || action === MoveCopyAction.MOVE_OR_COPY) {
buttons.push({
- label: target ? t('files', 'Move to {target}', { target }) : t('files', 'Move'),
+ label: target ? t('files', 'Move to {target}', { target }, undefined, { escape: false, sanitize: false }) : t('files', 'Move'),
type: action === MoveCopyAction.MOVE ? 'primary' : 'secondary',
icon: FolderMoveSvg,
async callback(destination: Node[]) {
diff --git a/cypress/e2e/files/FilesUtils.ts b/cypress/e2e/files/FilesUtils.ts
index 798b9b5f60d..3ec3f93fd37 100644
--- a/cypress/e2e/files/FilesUtils.ts
+++ b/cypress/e2e/files/FilesUtils.ts
@@ -90,7 +90,7 @@ export const copyFile = (fileName: string, dirName: string) => {
cy.contains('button', 'Copy').should('be.visible').click()
} else {
// select folder
- cy.get(`[data-filename="${dirName}"]`).should('be.visible').click()
+ cy.get(`[data-filename="${CSS.escape(dirName)}"]`).should('be.visible').click()
// click copy
cy.contains('button', `Copy to ${dirName}`).should('be.visible').click()
}
diff --git a/cypress/e2e/files/files_copy-move.cy.ts b/cypress/e2e/files/files_copy-move.cy.ts
index 823e8b9c38b..7fd5b613866 100644
--- a/cypress/e2e/files/files_copy-move.cy.ts
+++ b/cypress/e2e/files/files_copy-move.cy.ts
@@ -35,6 +35,7 @@ describe('Files: Move or copy files', { testIsolation: true }, () => {
cy.deleteUser(currentUser)
})
+
it('Can copy a file to new folder', () => {
// Prepare initial state
cy.uploadContent(currentUser, new Blob(), 'text/plain', '/original.txt')
@@ -136,4 +137,41 @@ describe('Files: Move or copy files', { testIsolation: true }, () => {
getRowForFile('original.txt').should('be.visible')
getRowForFile('original (copy 2).txt').should('be.visible')
})
+
+ /** Test for https://github.com/nextcloud/server/issues/43329 */
+ context.only('escaping file and folder names', () => {
+ it('Can handle files with special characters', () => {
+ cy.uploadContent(currentUser, new Blob(), 'text/plain', '/original.txt')
+ .mkdir(currentUser, '/can\'t say')
+ cy.login(currentUser)
+ cy.visit('/apps/files')
+
+ copyFile('original.txt', 'can\'t say')
+
+ navigateToFolder('can\'t say')
+
+ cy.url().should('contain', 'dir=/can%27t%20say')
+ getRowForFile('original.txt').should('be.visible')
+ getRowForFile('can\'t say').should('not.exist')
+ })
+
+ /**
+ * If escape is set to false (required for test above) then "foo" would result in "foo" if sanitizing is not disabled
+ * We should disable it as vue already escapes the text when using v-text
+ */
+ it('does not incorrectly sanitize file names', () => {
+ cy.uploadContent(currentUser, new Blob(), 'text/plain', '/original.txt')
+ .mkdir(currentUser, '/foo')
+ cy.login(currentUser)
+ cy.visit('/apps/files')
+
+ copyFile('original.txt', 'foo')
+
+ navigateToFolder('foo')
+
+ cy.url().should('contain', 'dir=/%3Ca%20href%3D%22%23%22%3Efoo')
+ getRowForFile('original.txt').should('be.visible')
+ getRowForFile('foo').should('not.exist')
+ })
+ })
})