Client side File Type and Blacklisted Character validation

src/main.cpp

@@ -23,7 +23,6 @@ int main(int argc, char *argv[]) {
     if (argc > 1)
         configuration.configPath = argv[1];
 
-
 #ifndef CROW_ENABLE_SSL
     Utilities::errorOut("CROW_ENABLE_SSL is not defined and thus SSL is deactivated", true);
 #endif
@@ -996,15 +995,27 @@ int main(int argc, char *argv[]) {
                     ctx[MUSTACHE_FREELANCER_MAXIMUM_STORAGE_IN_MB] = maxStorageInMB;
                     ctx[MUSTACHE_FREELANCER_MAXIMUM_FILE_NAME_SIZE] = configuration.submissionMaxFileNameSize;
 
-                    string allowedFiletypes;
+                    string allowedFiletypes, forbiddenChars, forbiddenCharsSEP;
                     for (const string &filetype: configuration.submissionAllowedFiletypes) {
                         if (!allowedFiletypes.empty())
                             allowedFiletypes.append(",");
                         allowedFiletypes.append(".");
                         allowedFiletypes.append(filetype);
                     }
+                    for (const string &character: configuration.submissionBlacklistedCharacters) {
+                        if (!forbiddenChars.empty()) {
+                            forbiddenChars.append(",");
+                            forbiddenCharsSEP.append(MUSTACHE_GENERIC_SEPARATOR);
+                        }
+                        forbiddenChars.append(character);
+                        string encodedChar = character;
+                        Utilities::encodeString(encodedChar);
+                        forbiddenCharsSEP.append(encodedChar);
+                    }
 
                     ctx[MUSTACHE_FREELANCER_ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED] = allowedFiletypes;
+                    ctx[MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED] = forbiddenChars;
+                    ctx[MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_SEP_SEPARATED] = forbiddenCharsSEP;
 
                     if (usedStorageInMB < maxStorageInMB)
                         ctx[MUSTACHE_FREELANCER_UPLOAD_AVAILIBLE] = true;

src/templateConstCollection.cpp

@@ -77,6 +77,7 @@ namespace TemplateConstCollection {
     const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR = "SUBMISSION_ALIAS_ERROR";
     const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID = "SUBMISSION_ALIAS_ERROR_INVALID";
     const static std::string MUSTACHE_POST_ERROR = "POST_ERROR";
+    const static std::string MUSTACHE_GENERIC_SEPARATOR = "#SEP#";
 
     //Mustache Cookie variable names
     const static std::string MUSTACHE_COOKIE_LOGGED_IN = "COOKIE_LOGGED_IN";
@@ -97,6 +98,8 @@ namespace TemplateConstCollection {
     const static std::string MUSTACHE_FREELANCER_MAXIMUM_STORAGE_IN_MB = "MAXIMUM_STORAGE_IN_MB";
     const static std::string MUSTACHE_FREELANCER_MAXIMUM_FILE_NAME_SIZE = "MAXIMUM_FILE_NAME_SIZE";
     const static std::string MUSTACHE_FREELANCER_ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED = "ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED";
+    const static std::string MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED = "FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED";
+    const static std::string MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_SEP_SEPARATED = "FORBIDDEN_FILE_CHARACTER_LIST_SEP_SEPARATED";
     const static std::string MUSTACHE_FREELANCER_UPLOAD_AVAILIBLE = "UPLOAD_AVAILIBLE";
 
     //Cookie names

templates/freelancer_Submission_Management_Add.html

@@ -16,6 +16,9 @@
             <p>
                 Allowed File Types: {{ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED}}
             </p>
+            <p>
+                Forbidden Characters in the File Name: {{FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED}}
+            </p>
             <p>
                 Allowed File Name Length: {{MAXIMUM_FILE_NAME_SIZE}}
             </p>

templates/templateIncludes/freelancerSubmissionUpload.js.html

@@ -9,16 +9,45 @@
         const fileSize = file.size / 1024 / 1024;
         const maxSize = {{MAXIMUM_STORAGE_IN_MB}} - {{USED_STORAGE_IN_MB}};
         const maxFileNameLength = {{MAXIMUM_FILE_NAME_SIZE}};
-        console.log(maxSize);
-        console.log(maxFileNameLength);
+        const allowedFileTypeArray = "{{ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED}}".split(",");
+        const forbiddenFileCharArray = "{{FORBIDDEN_FILE_CHARACTER_LIST_SEP_SEPARATED}}".split("#SEP#");
+        var fileTypeIsValid = false;
+        var fileType;
+        var fileNameIncludesForbiddenChar = false;
+
+        allowedFileTypeArray.every(type => {
+            fileType = type;
+            if (file.name.substring(file.name.length - type.length) == type) {
+                fileTypeIsValid = true;
+                return false;
+            }
+            return true;
+        });
+
+        var filenameWithoutType = encodeURIComponent(file.name.substring(0, file.name.length - fileType.length));
+
+        forbiddenFileCharArray.every(char => {
+            if (filenameWithoutType.includes(char)) {
+                fileNameIncludesForbiddenChar = true;
+                return false;
+            }
+            return true;
+        });
+
+
         if (fileSize > maxSize) {
             alert('File size exceeds availible space by: ' + (Math.trunc((fileSize - maxSize) * 100) / 100) + ' MB');
             unHide();
         } else if(file.name.length > maxFileNameLength) {
             alert('File name exceeds allowed length by ' + (file.name.length - maxFileNameLength) + ' characters');
             unHide();
-        }
-        else {
+        }else if(!fileTypeIsValid) {
+            alert('Type of the file is invalid ' + file.name);
+            unHide();
+        }else if(fileNameIncludesForbiddenChar) {
+            alert('The file containes a forbidden character ' + file.name);
+            unHide();
+        } else {
             var formdata = new FormData();
             formdata.append("FILE_SUBMISSION", file);
             var ajax = new XMLHttpRequest();