fix(files): disallow illegal characters

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>

apps/files/lib/Controller/ViewController.php

@@ -52,6 +52,7 @@ use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\Collaboration\Resources\LoadAdditionalScriptsEvent as ResourcesLoadAdditionalScriptsEvent;
+use OCP\Constants;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
@@ -246,6 +247,11 @@ class ViewController extends Controller {
 		$filesSortingConfig = json_decode($this->config->getUserValue($userId, 'files', 'files_sorting_configs', '{}'), true);
 		$this->initialState->provideInitialState('filesSortingConfig', $filesSortingConfig);
 
+		// Forbidden file characters
+		/** @var string[] */
+		$forbiddenCharacters = $this->config->getSystemValue('forbidden_chars', []);
+		$this->initialState->provideInitialState('forbiddenCharacters', Constants::FILENAME_INVALID_CHARS . implode('', $forbiddenCharacters));
+
 		$event = new LoadAdditionalScriptsEvent();
 		$this->eventDispatcher->dispatchTyped($event);
 		$this->eventDispatcher->dispatchTyped(new ResourcesLoadAdditionalScriptsEvent());

apps/files/src/components/FileEntry.vue

@@ -232,12 +232,15 @@ import CustomElementRender from './CustomElementRender.vue'
 import CustomSvgIconRender from './CustomSvgIconRender.vue'
 import FavoriteIcon from './FavoriteIcon.vue'
 import logger from '../logger.js'
+import { loadState } from '@nextcloud/initial-state'
 
 // The registered actions list
 const actions = getFileActions()
 
 Vue.directive('onClickOutside', vOnClickOutside)
 
+const forbiddenCharacters = loadState('files', 'forbiddenCharacters', '') as string
+
 export default Vue.extend({
 	name: 'FileEntry',
 
@@ -810,6 +813,13 @@ export default Vue.extend({
 				throw new Error(this.t('files', '{newName} already exists.', { newName: name }))
 			}
 
+			const toCheck = trimmedName.split('')
+			toCheck.forEach(char => {
+				if (forbiddenCharacters.indexOf(char) !== -1) {
+					throw new Error(this.t('files', '"{char}" is not allowed inside a file name.', { char }))
+				}
+			})
+
 			return true
 		},
 		checkIfNodeExists(name) {

apps/files/src/components/NavigationQuota.vue

@@ -51,8 +51,8 @@ export default {
 
 	computed: {
 		storageStatsTitle() {
-			const usedQuotaByte = formatFileSize(this.storageStats?.used)
-			const quotaByte = formatFileSize(this.storageStats?.quota)
+			const usedQuotaByte = formatFileSize(this.storageStats?.used, false, false)
+			const quotaByte = formatFileSize(this.storageStats?.quota, false, false)
 
 			// If no quota set
 			if (this.storageStats?.quota < 0) {

apps/files/tests/Controller/ViewControllerTest.php

@@ -51,7 +51,6 @@ use OCP\IURLGenerator;
 use OCP\IUser;
 use OCP\IUserSession;
 use OCP\Share\IManager;
-use OCP\Template;
 use Test\TestCase;
 
 /**
@@ -153,6 +152,12 @@ class ViewControllerTest extends TestCase {
 				'owner' => 'MyName',
 				'ownerDisplayName' => 'MyDisplayName',
 			]);
+
+		$this->config
+		->expects($this->any())
+			->method('getSystemValue')
+			->with('forbidden_chars', [])
+			->willReturn([]);
 		$this->config
 			->method('getUserValue')
 			->willReturnMap([

config/config.sample.php

@@ -1933,6 +1933,17 @@ $CONFIG = [
  */
 'blacklisted_files' => ['.htaccess'],
 
+/**
+ * Blacklist characters from being used in filenames. This is useful if you
+ * have a filesystem or OS which does not support certain characters like windows.
+ *
+ * Example for windows systems: ``array('?', '<', '>', ':', '*', '|', '"', chr(0), "\n", "\r")``
+ * see https://en.wikipedia.org/wiki/Comparison_of_file_systems#Limits
+ * 
+ * Defaults to ``array()``
+ */
+'forbidden_chars' => [],
+
 /**
  * If you are applying a theme to Nextcloud, enter the name of the theme here.
  * The default location for themes is ``nextcloud/themes/``.