Client side File Type and Blacklisted Character validation

src/main.cpp

@@ -23,7 +23,6 @@ int main(int argc, char *argv[]) {
     if (argc > 1)
         configuration.configPath = argv[1];
 
-
 #ifndef CROW_ENABLE_SSL
     Utilities::errorOut("CROW_ENABLE_SSL is not defined and thus SSL is deactivated", true);
 #endif
@@ -996,15 +995,27 @@ int main(int argc, char *argv[]) {
                     ctx[MUSTACHE_FREELANCER_MAXIMUM_STORAGE_IN_MB] = maxStorageInMB;
                     ctx[MUSTACHE_FREELANCER_MAXIMUM_FILE_NAME_SIZE] = configuration.submissionMaxFileNameSize;
 
-                    string allowedFiletypes;
+                    string allowedFiletypes, forbiddenChars, forbiddenCharsSEP;
                     for (const string &filetype: configuration.submissionAllowedFiletypes) {
                         if (!allowedFiletypes.empty())
                             allowedFiletypes.append(",");
                         allowedFiletypes.append(".");
                         allowedFiletypes.append(filetype);
                     }
+                    for (const string &character: configuration.submissionBlacklistedCharacters) {
+                        if (!forbiddenChars.empty()) {
+                            forbiddenChars.append(",");
+                            forbiddenCharsSEP.append(MUSTACHE_GENERIC_SEPARATOR);
+                        }
+                        forbiddenChars.append(character);
+                        string encodedChar = character;
+                        Utilities::encodeString(encodedChar);
+                        forbiddenCharsSEP.append(encodedChar);
+                    }
 
                     ctx[MUSTACHE_FREELANCER_ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED] = allowedFiletypes;
+                    ctx[MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED] = forbiddenChars;
+                    ctx[MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_SEP_SEPARATED] = forbiddenCharsSEP;
 
                     if (usedStorageInMB < maxStorageInMB)
                         ctx[MUSTACHE_FREELANCER_UPLOAD_AVAILIBLE] = true;

src/templateConstCollection.cpp

@@ -77,6 +77,7 @@ namespace TemplateConstCollection {
     const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR = "SUBMISSION_ALIAS_ERROR";
     const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID = "SUBMISSION_ALIAS_ERROR_INVALID";
     const static std::string MUSTACHE_POST_ERROR = "POST_ERROR";
+    const static std::string MUSTACHE_GENERIC_SEPARATOR = "#SEP#";
 
     //Mustache Cookie variable names
     const static std::string MUSTACHE_COOKIE_LOGGED_IN = "COOKIE_LOGGED_IN";
@@ -97,6 +98,8 @@ namespace TemplateConstCollection {
     const static std::string MUSTACHE_FREELANCER_MAXIMUM_STORAGE_IN_MB = "MAXIMUM_STORAGE_IN_MB";
     const static std::string MUSTACHE_FREELANCER_MAXIMUM_FILE_NAME_SIZE = "MAXIMUM_FILE_NAME_SIZE";
     const static std::string MUSTACHE_FREELANCER_ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED = "ALLOWED_FILE_TYPES_LIST_COMMA_SEPARATED";
+    const static std::string MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED = "FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED";
+    const static std::string MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_SEP_SEPARATED = "FORBIDDEN_FILE_CHARACTER_LIST_SEP_SEPARATED";
     const static std::string MUSTACHE_FREELANCER_UPLOAD_AVAILIBLE = "UPLOAD_AVAILIBLE";
 
     //Cookie names