From de9b9511265ab6e2f63d28da086532341f3e5d59 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Mon, 22 May 2017 15:50:16 +0200
Subject: [PATCH] OO-2769: prevent selecting image without URI conform names

---
 .../FileChooseCreateEditController.java       |  2 +-
 .../FileLinkChooserController.java            |  2 +-
 .../vfs/filters/VFSItemFileTypeFilter.java    | 28 +++++++++++++++----
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/olat/commons/file/filechooser/FileChooseCreateEditController.java b/src/main/java/org/olat/commons/file/filechooser/FileChooseCreateEditController.java
index 99689afb3b6..e24c2988070 100644
--- a/src/main/java/org/olat/commons/file/filechooser/FileChooseCreateEditController.java
+++ b/src/main/java/org/olat/commons/file/filechooser/FileChooseCreateEditController.java
@@ -265,7 +265,7 @@ public class FileChooseCreateEditController extends BasicController{
 		VFSContainer vfsRoot = new NamedContainerImpl(getTranslator().translate(NLS_FOLDER_DISPLAYNAME), rootContainer);
 		VFSItemFilter typeFilter = null;
 		if (!allFileSuffixesAllowed && allowedFileSuffixes != null) {
-			typeFilter = new VFSItemFileTypeFilter(allowedFileSuffixes);
+			typeFilter = new VFSItemFileTypeFilter(allowedFileSuffixes, false);
 		}
 		// Clanup old file chooser and open up new one
 		removeAsListenerAndDispose(fileChooserCtr);
diff --git a/src/main/java/org/olat/core/commons/controllers/linkchooser/FileLinkChooserController.java b/src/main/java/org/olat/core/commons/controllers/linkchooser/FileLinkChooserController.java
index 4a2980e052f..0b0650c3e4d 100644
--- a/src/main/java/org/olat/core/commons/controllers/linkchooser/FileLinkChooserController.java
+++ b/src/main/java/org/olat/core/commons/controllers/linkchooser/FileLinkChooserController.java
@@ -130,7 +130,7 @@ public class FileLinkChooserController extends BasicController {
 		VFSItemFilter customFilter = null;
 		VFSItemFilter dirFilter = new VFSItemExcludePrefixFilter(dirFilters);
 		if (suffixes != null) {
-			VFSItemFileTypeFilter typeFilter = new VFSItemFileTypeFilter(suffixes);
+			VFSItemFileTypeFilter typeFilter = new VFSItemFileTypeFilter(suffixes, uriValidation);
 			typeFilter.setCompositeFilter(dirFilter);
 			customFilter = typeFilter;
 		} else {
diff --git a/src/main/java/org/olat/core/util/vfs/filters/VFSItemFileTypeFilter.java b/src/main/java/org/olat/core/util/vfs/filters/VFSItemFileTypeFilter.java
index 796ce7156cf..74c6c47867a 100644
--- a/src/main/java/org/olat/core/util/vfs/filters/VFSItemFileTypeFilter.java
+++ b/src/main/java/org/olat/core/util/vfs/filters/VFSItemFileTypeFilter.java
@@ -20,7 +20,9 @@
 
 package org.olat.core.util.vfs.filters;
 
+import java.net.URI;
 import java.util.Hashtable;
+import java.util.Map;
 
 import org.olat.core.util.vfs.VFSContainer;
 import org.olat.core.util.vfs.VFSItem;
@@ -33,14 +35,17 @@ import org.olat.core.util.vfs.VFSItem;
  * 
  */
 public class VFSItemFileTypeFilter extends VFSItemCompositeFilter {
-	private Hashtable<String, String> fileTypes = new Hashtable<String, String>();
+	
+	private final boolean uriValidation;
+	private Map<String, String> fileTypes = new Hashtable<String, String>();
 
 	/**
 	 * Constrtuctor
 	 * 
 	 * @param filetypes
 	 */
-	public VFSItemFileTypeFilter(String[] fileTypes) {
+	public VFSItemFileTypeFilter(String[] fileTypes, boolean uriValidation) {
+		this.uriValidation = uriValidation;
 		for (int i = 0; i < fileTypes.length; i++) {
 			addFileType(fileTypes[i]);
 		}
@@ -51,24 +56,35 @@ public class VFSItemFileTypeFilter extends VFSItemCompositeFilter {
 	 */
 	public void addFileType(String fileType) {
 		fileType = fileType.toLowerCase();
-		this.fileTypes.put(fileType, fileType);
+		fileTypes.put(fileType, fileType);
 	}
 
 	/**
 	 * @param fileType
 	 */
 	public void removeFileType(String fileType) {
-		this.fileTypes.remove(fileType.toLowerCase());
+		fileTypes.remove(fileType.toLowerCase());
 	}
 
 	/**
 	 * @see org.olat.core.util.vfs.filters.VFSItemCompositeFilter#acceptFilter(VFSItem)
 	 */
+	@Override
 	public boolean acceptFilter(VFSItem vfsItem) {
 		if (vfsItem instanceof VFSContainer) {
 			return true;			
-		}		
-		String name = vfsItem.getName().toLowerCase();
+		}
+		
+		String name = vfsItem.getName();
+		if(uriValidation) {
+			try {
+				new URI(name).getPath();
+			} catch(Exception e) {
+				return false;
+			}
+		}
+		
+		name = name.toLowerCase();
 		int dotPos = name.lastIndexOf(".");
 		if (dotPos == -1) return false;
 		return fileTypes.containsKey(name.substring(dotPos + 1));
-- 
GitLab