Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
prevent/prohibt special character in DCR file name
raoliver
I would like to prevent the user from using certain special characters when entering in a file name a DCR.
Users are typing in special characters like apostrophes as DCR names. We URL encode the link to the file when it gets posted, but then filters are picking up on the URL encoded apostrophe and refusing to serve the file since it might indicate hacking. Therefore it would be better to prevent users from using certain special characters in a file name.
Is there any hook to the save file dialog that would allow a perl regular expression to validate the file name?
Find more posts tagged with
Comments
iwovGraduate
I don't think there is any hook which will validate the file name for DCR.
Feature request maybe ?
Migrateduser
In 5.5.2, you can do this with FormAPI, via a onSaveNameSpecified event handler.
bw
Bob Walden [bob.walden@interwoven.com]
Interwoven Education Group
IM: Yahoo, MSN bob_walden
iwovGraduate
Oops, forgot about FormAPI
I am still living in the dark ages !!
Gregg Faus
Have you wrote a Form API handler for this? Mind sharing the code? I have the same requirement as it seems certain DCR names choke some of my templates.
Thanks.
Migrateduser
Maybe something like this, yours would probably be different
function validateName( path )
{
valid = true;
if ( path.lastIndexOf( "." ) > -1 )
{
ext = path.substring( path.lastIndexOf( "." ) + 1, path.length );
if ( ext == "asp" || ext == "aspx" || ext == "htm" || ext == "html" )
{
alert( "Do not specify an extension for the file. Workflow will add the ASP extension automatically. Press Save again." );
return( false );
}
}
if ( valid )
{
regex = new RegExp( "^(.*)([&% ])(.+)$" );
list = regex.exec( path );
if ( list != null && list != undefined )
{
valid = confirm( "The specified file name contains characters (spaces, &, %, etc.) that are not suggested for web file names. Press Cancel and save again to change the file name, or press OK to ignore this warning." );
}
}
return( valid );
}
IWEventRegistry.addFormHandler( "onSaveNameSpecified", validateName );
Gregg Faus
Ah, just what I was looking for. Thanks!
Gregg Faus
Here is my version of it:
// This function is called when user saves the form and provides DCR filename validation.
function validateName(path) {
var ext, regex, list;
var valid = true;
if(path.lastIndexOf( "." ) > -1 ) {
ext = path.substring(path.lastIndexOf(".") + 1, path.length).toLowerCase();
if(ext == "asp" || ext == "pdf" || ext == "js" || ext == "vbs" || ext == "txt" || ext == "htm" || ext == "html") {
alert("Do not specify an extension for the file. Please save again.");
return( false );
}
}
if(valid) {
// Bad characters list: " ' ; ( ) | < > * ? [ ] ~ + @ !
regex = /^(.*)(["';%\(\)\|<>\*\?\[\]~\+@!])(.*)$/ig;
list = regex.exec(path);
if((list != null) && (list != undefined)) {
alert("The specified file name contains invalid characters (\" \' ; ( ) | < > * ? [ ] ~ + @ !) that are not allowed. Remove the special characters and save again.");
valid = false;
}
}
return valid;
}
IWEventRegistry.addFormHandler("onSaveNameSpecified", validateName);
Edited by gfaus on 01/29/03 10:30 AM (server time).
Migrateduser
Might want to check lowercase the extension before the compare, or use a case-insensitive regex there.
Gregg Faus
You're right. Guess that didn't cross my mind as I was editing the original. There are probably some other things that it doesn't do quite right. Works in the generic case.
Migrateduser
Is there a way to intercept forward and backward slashes in the DCR name. I'm able to use the onSaveNameSpecified to intercept all other special characters. However, our users will try to use a slash (for example, if they put a date in the DCR name 1/29/2003) and TeamSite interprets that as trying to save the file to a directory and when it can't find the directory it displays a "Directory not found" error. Any ideas?
Migrateduser
Nice code. Just what I was looking for. I added a little bit more to it to prevent my users from using spaces in the DCR names. Thanks for the code.
var searchString = /\s/g // Variable for spaces
if (path.match(searchString))
{
alert("Save failed because of spaces in your DCR name. Please resave without spaces in the name.");
valid = false;
}
Migrateduser
Your list of illegal characters seems to be incorrect. I believe the correct list is as follows:
( ) ' " ; : ? < > , ` ~ @ # % ^ & * = + { } | also / (on windows) and \ (on solaris).
The dollar sign ($) is not illegal by itself, but if there are two of them together can cause unexpected results because they can return the process ID. Also, in some cases, a $ in your file name could confuse your code into thinking there's a variable where there shouldn't be. So, a $ probably should be excluded from file names unless you have a good reason to keep them.
In some cases, you'll also want to exclude spaces and period/extensions.
- Jason
iwovGraduate
My $0.02:
Would be better to allow only certain characters rather than not allowing certain characters.
