Blacklisted char validation within the Submission Alias creation

src/main.cpp

@@ -1142,7 +1142,10 @@ int main(int argc, char *argv[]) {
                     pqxx::connection databaseConnection(configuration.databaseConnectionString);
                     Database::prepareStatement(databaseConnection, ID_SELECT_FREELANCER_FILE_SUBMISSION_PATH);
 
-                    pqxx::result submissionFilePathResult = Database::executePreparedStatement_SELECT_FREELANCER_FILE_SUBMISSION_PATH(databaseConnection, fileName, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL));
+                    string decodedFileName = fileName;
+                    Utilities::decodeString(decodedFileName);
+
+                    pqxx::result submissionFilePathResult = Database::executePreparedStatement_SELECT_FREELANCER_FILE_SUBMISSION_PATH(databaseConnection, decodedFileName, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL));
 
                     if (submissionFilePathResult.empty())
                         return crow::response(404, "File does not exist.");
@@ -1240,7 +1243,7 @@ int main(int argc, char *argv[]) {
             });
 
     /*
-     * Page for freelancer to delete existing Link to a submission todo:implement proper encoding decoding to avoid routing errors # causes routing to cut off
+     * Page for freelancer to delete existing Link to a submission
      */
     CROW_ROUTE(app, "/freelancer/submissionManagement/view/viewLink/<int>/<string>/<string>/delete").methods(crow::HTTPMethod::GET)
             ([&, configuration](const crow::request& getRequest, const int freelancerID, const string& aliasName, const string& fileName) {
@@ -1286,6 +1289,16 @@ int main(int argc, char *argv[]) {
                         pqxx::result freelancerIDResult = Database::executePreparedStatement_SELECT_FREELANCER_ID(databaseConnection, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL));
                         freelancerID = freelancerIDResult.at(0).at(0).c_str();
 
+                        string allowedFiletypes, forbiddenChars;
+                        for (const string &character: configuration.submissionBlacklistedCharacters) {
+                            if (!forbiddenChars.empty()) {
+                                forbiddenChars.append(",");
+                            }
+                            forbiddenChars.append(character);
+                            string encodedChar = character;
+                            Utilities::encodeString(encodedChar);
+                        }
+                        ctx[MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED] = forbiddenChars;
                         ctx["filename"] = fileName;
                         ctx["domain"] = configuration.domain + "/commissionSubmission";
                         ctx["freelancerid"] = freelancerID;
@@ -1301,7 +1314,7 @@ int main(int argc, char *argv[]) {
             });
 
     /*
-     * Page for freelancer to generate link to a particular submission todo:look into inability to display " " and link to "#"
+     * Page for freelancer to generate link to a particular submission
      */
     CROW_ROUTE(app, "/freelancer/submissionManagement/view/generateLink/fulfilment/<string>").methods(crow::HTTPMethod::POST)
             ([&, configuration](const crow::request& postRequest, const string& fileName) {
@@ -1317,9 +1330,21 @@ int main(int argc, char *argv[]) {
                         if (splitItem.at(0) == "alias")
                             alias = splitItem.at(1);
                     }
-                    if (!alias.empty() && !fileName.empty()) {
-                        cout << "filename: " << fileName << endl;
-                        cout << "alias: " << alias << endl;
+
+                    bool aliasInvalid = false;
+                    if (alias.empty())
+                        aliasInvalid = true;
+                    else {
+                        for (const string& blacklistedCharacter : configuration.submissionBlacklistedCharacters) {
+                            if (alias.find(blacklistedCharacter) != string::npos) {
+                                aliasInvalid = true;
+                                ctx[MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_BLACKLISTED_CHARACTER] = true;
+                                break;
+                            }
+                        }
+                    }
+
+                    if (!aliasInvalid && !fileName.empty()) {
                         pqxx::connection databaseConnection(configuration.databaseConnectionString);
                         Database::prepareStatements(databaseConnection, {
                                 ID_SELECT_FREELANCER_ID,
@@ -1332,6 +1357,8 @@ int main(int argc, char *argv[]) {
                         aliasName.append("/");
                         aliasName.append(alias);
                         ctx["submissionLink"] = configuration.domain + "/commissionSubmission/" + aliasName;
+                        string decodedFileName = fileName;
+                        Utilities::decodeString(decodedFileName);
                         if(Database::executePreparedStatement_INSERT_FREELANCER_FILE_SUBMISSION_ALIAS(databaseConnection, stoi(freelancerID), fileName, aliasName) > 0)
                             ctx[MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID] = true;
                     }

src/templateConstCollection.cpp

@@ -76,6 +76,7 @@ namespace TemplateConstCollection {
     const static std::string MUSTACHE_FREELANCER_ALIAS_CREATION_ERROR_UNNAMED = "ALIAS_CREATION_ERROR_UNNAMED";
     const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR = "SUBMISSION_ALIAS_ERROR";
     const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID = "SUBMISSION_ALIAS_ERROR_INVALID";
+    const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_BLACKLISTED_CHARACTER = "SUBMISSION_ALIAS_ERROR_INVALID_BLACKLISTED_CHARACTER";
     const static std::string MUSTACHE_POST_ERROR = "POST_ERROR";
     const static std::string MUSTACHE_GENERIC_SEPARATOR = "#SEP#";