sanitize filename and forbid certain characters

Kriechi · Kriechi · commit 84ff2e13d400 · 2020-01-04T13:19:43.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog of Cura-DuetRRFPlugin
 
+## v1.0.5: 2019-11-10
+  * sanitize filename and forbid certain characters
+
 ## v1.0.4: 2019-11-10
   * bump compatibility for Cura 4.4 / API 7.0
 
diff --git a/DuetRRFOutputDevice.py b/DuetRRFOutputDevice.py
@@ -131,11 +131,25 @@ def requestWrite(self, node, fileName=None, *args, **kwargs):
         self._dialog.findChild(QObject, "nameField").setProperty('focus', True)
 
     def onFilenameChanged(self):
-        fileName = self._dialog.findChild(QObject, "nameField").property('text')
+        fileName = self._dialog.findChild(QObject, "nameField").property('text').strip()
+
+        forbidden_characters = "\"'´`<>()[]?*\,;:&%#$!"
+        for forbidden_character in forbidden_characters:
+            if forbidden_character in fileName:
+                self._dialog.setProperty('validName', False)
+                self._dialog.setProperty('validationError', 'Filename cannot contain {}'.format(forbidden_characters))
+                return
+
+        if fileName == '.' or fileName == '..':
+            self._dialog.setProperty('validName', False)
+            self._dialog.setProperty('validationError', 'Filename cannot be "." or ".."')
+            return
+
         self._dialog.setProperty('validName', len(fileName) > 0)
+        self._dialog.setProperty('validationError', 'Filename too short')
 
     def onFilenameAccepted(self):
-        self._fileName = self._dialog.findChild(QObject, "nameField").property('text')
+        self._fileName = self._dialog.findChild(QObject, "nameField").property('text').strip()
         if not self._fileName.endswith('.gcode') and '.' not in self._fileName:
             self._fileName += '.gcode'
         Logger.log("d", self._name_id + " | Filename set to: " + self._fileName)
diff --git a/plugin.json b/plugin.json
@@ -2,6 +2,6 @@
     "name": "DuetRRF",
     "author": "Thomas Kriechbaumer",
     "description": "Upload and Print to DuetWifi / DuetEthernet / Duet Maestro with RepRapFirmware.",
-    "version": "1.0.4",
+    "version": "1.0.5",
     "api": "7.0.0"
 }
diff --git a/resources/qml/UploadFilename.qml b/resources/qml/UploadFilename.qml
@@ -39,8 +39,8 @@ UM.Dialog
             text: base.object;
             maximumLength: 100;
             onTextChanged: base.textChanged(text);
-            Keys.onReturnPressed: base.accept();
-            Keys.onEnterPressed: base.accept();
+            Keys.onReturnPressed: { if (base.validName) base.accept(); }
+            Keys.onEnterPressed: { if (base.validName) base.accept(); }
             Keys.onEscapePressed: base.reject();
         }
 

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,6 @@`
`2`	`2`	`"name": "DuetRRF",`
`3`	`3`	`"author": "Thomas Kriechbaumer",`
`4`	`4`	`"description": "Upload and Print to DuetWifi / DuetEthernet / Duet Maestro with RepRapFirmware.",`
`5`		`- "version": "1.0.4",`
	`5`	`+ "version": "1.0.5",`
`6`	`6`	`"api": "7.0.0"`
`7`	`7`	`}`