From b5392c2991a648fdce86d2270ba0f5a62b684e9f Mon Sep 17 00:00:00 2001
From: Quentin RIBAC <quentin.ribac@xelians.fr>
Date: Wed, 2 Feb 2022 12:12:45 +0100
Subject: [PATCH] FIX #17560 TIME 0:45 Alfresco: sanitize document subject and
attachment title
---
.../alfresco/controllers/AlfrescoController.php | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/app/external/alfresco/controllers/AlfrescoController.php b/src/app/external/alfresco/controllers/AlfrescoController.php
index d5117163a2f..836a80085ab 100644
--- a/src/app/external/alfresco/controllers/AlfrescoController.php
+++ b/src/app/external/alfresco/controllers/AlfrescoController.php
@@ -611,7 +611,13 @@ class AlfrescoController
}
$resourceFolderId = $curlResponse['response']['entry']['id'];
- $document['subject'] = str_replace([':', '*', '\'', '"', '>', '<'], ' ', $document['subject']);
+ // regex matching INVALID folder or document name, used in Alfresco:
+ // (.*[\"\*\\\>\<\?\/\:\|]+.*)|(.*[\.]?.*[\.]+$)|(.*[ ]+$)
+ $alfrescoCharRefused = str_split('"*\\><?/:|');
+ $alfrescoCharToTrim = '. ';
+ $document['subject'] = str_replace($alfrescoCharRefused, ' ', $document['subject']); // replace refused characters with a blank space
+ $document['subject'] = preg_replace('/\s+/u', ' ', $document['subject']); // squeeze spaces including unicode ones
+ $document['subject'] = trim($document['subject'], $alfrescoCharToTrim); // trim beginning and end
$multipartBody = [
'filedata' => ['isFile' => true, 'filename' => $document['subject'], 'content' => $fileContent],
];
@@ -735,6 +741,9 @@ class AlfrescoController
$firstAttachment = true;
$attachmentsTitlesSent = [];
foreach ($attachments as $attachment) {
+ $attachment['title'] = str_replace($alfrescoCharRefused, ' ', $attachment['title']);
+ $attachment['title'] = preg_replace('/\s+/u', ' ', $attachment['title']);
+ $attachment['title'] = trim($attachment['title'], $alfrescoCharToTrim);
$adrInfo = [
'docserver_id' => $attachment['docserver_id'],
'path' => $attachment['path'],
--
GitLab