From 74d7d92a4d312ecdfad8e915249e6b0082b5964e Mon Sep 17 00:00:00 2001
From: Josh <jxm5210@rit.edu>
Date: Wed, 6 Nov 2019 20:18:27 -0500
Subject: [PATCH] Allow all valid filenames to be added to content.json (#2141)

* Allow all valid filenames to be added to content.json

* Replace hex version of regex with non-hex version

* Add basic test for path validation with ASCII and UTF-8 filenames

* Amend path validation test to meet standards
---
 src/Content/ContentManager.py | 4 ++--
 src/Test/TestContent.py       | 9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/Content/ContentManager.py b/src/Content/ContentManager.py
index c1ec533c..26285436 100644
--- a/src/Content/ContentManager.py
+++ b/src/Content/ContentManager.py
@@ -600,10 +600,10 @@ class ContentManager(object):
         elif len(relative_path) > 255:
             return False
         else:
-            return re.match(r"^[a-z\[\]\(\) A-Z0-9~_@=\.\+-/]+$", relative_path)
+            return re.match(r"^[^\x00-\x1F\"*:<>?\\|]+$", relative_path)
 
     def sanitizePath(self, inner_path):
-        return re.sub("[^a-z\[\]\(\) A-Z0-9_@=\.\+-/]", "", inner_path)
+        return re.sub("[\x00-\x1F\"*:<>?\\|]", "", inner_path)
 
     # Hash files in directory
     def hashFiles(self, dir_inner_path, ignore_pattern=None, optional_pattern=None):
diff --git a/src/Test/TestContent.py b/src/Test/TestContent.py
index 9c84b812..bde4af39 100644
--- a/src/Test/TestContent.py
+++ b/src/Test/TestContent.py
@@ -246,3 +246,12 @@ class TestContent:
             with site.storage.open("data/users/1C5sgvWaSgfaTpV5kjBCnCiKtENNMYo69q/content.json") as data:
                 site.content_manager.verifyFile("data/users/1C5sgvWaSgfaTpV5kjBCnCiKtENNMYo69q/content.json", data, ignore_same=False)
         assert "Potentially unsafe" in str(err.value)
+
+
+    def testPathValidation(self, site):
+        assert site.content_manager.isValidRelativePath("test.txt")
+        assert site.content_manager.isValidRelativePath("test/!@#$%^&().txt")
+        assert site.content_manager.isValidRelativePath("ÜøßÂŒƂÆÇ.txt")
+        assert site.content_manager.isValidRelativePath("тест.текст")
+        assert site.content_manager.isValidRelativePath("𝐮𝐧𝐢𝐜𝐨𝐝𝐞𝑖𝑠𝒂𝒘𝒆𝒔𝒐𝒎𝒆")
+