[mirotalksfu] - add some validations

2023-04-26 11:20:50 +02:00
--- a/public/js/RoomClient.js
+++ b/public/js/RoomClient.js
@@ -3351,7 +3351,8 @@ class RoomClient {
                return userLog('info', 'No participants detected', 'top-end');
            }
            // prevent XSS injection
-            if (this.isHtml(this.fileToSend.name)) return userLog('warning', 'Invalid file name!', 'top-end', 5000);
+            if (this.isHtml(this.fileToSend.name) || !this.isValidFileName(this.fileToSend.name))
+                return userLog('warning', 'Invalid file name!', 'top-end', 5000);

            const fileInfo = {
                peer_id: peer_id,
@@ -3612,6 +3613,11 @@ class RoomClient {
        return '<pre>' + JSON.stringify(obj, null, 4) + '</pre>';
    }

+    isValidFileName(fileName) {
+        const invalidChars = /[\\\/\?\*\|:"<>]/;
+        return !invalidChars.test(fileName);
+    }
+
    // ####################################################
    // SHARE VIDEO YOUTUBE - MP4 - WEBM - OGG or AUDIO mp3
    // ####################################################