trim extensions too

Author: drduh

handlers/list.go

@@ -13,7 +13,6 @@ func List(app *config.App) http.HandlerFunc {
 		if req == nil {
 			return
 		}
-		app.UpdateTimeRemaining()
 		files := app.ListFiles()
 		app.Log.Info("serving file list",
 			"files", len(files), "user", req)

storage/list.go

@@ -11,6 +11,7 @@ func (s *Storage) ListFiles() []File {
 			break
 		}
 
+		s.UpdateTimeRemaining()
 		f := File{
 			Id:   file.Id,
 			Name: file.Name,

storage/sanitize.go

@@ -7,10 +7,16 @@ import (
 	"unicode"
 )
 
-const defaultName = "default"
+const (
+	defaultName  = "default"
+	maxExtLength = 5
+)
 
 // SanitizeName validates strings for use as filename.
 func SanitizeName(input, extraChars string, maxLength int) string {
+	if strings.TrimSpace(input) == "" {
+		return defaultName
+	}
 	input, err := url.QueryUnescape(input)
 	if err != nil {
 		return defaultName
@@ -41,10 +47,11 @@ func removeInvalidChars(filename string, allowed string) string {
 // truncateName trims a filename string to max size,
 // preserving reasonably-sized original file extensions.
 func truncateName(base string, ext string, maxLength int) string {
-	const maxExtensionLength = 5
-	if len(ext) > maxExtensionLength {
-		ext = ext[:maxExtensionLength]
+	ext = strings.ReplaceAll(ext, " ", "")
+	if len(ext) > maxExtLength {
+		ext = ext[:maxExtLength]
 	}
+	base = strings.TrimSpace(base)
 	totalLength := len(base) + len(ext)
 	if totalLength <= maxLength {
 		return base + ext

storage/sanitize_test.go

@@ -47,8 +47,10 @@ func TestTruncateName(t *testing.T) {
 		{"base", ".longextension", 12, "base.long"},
 		{"exactfit", ".jpeg", 13, "exactfit.jpeg"},
 		{"longfilename", ".txt", 10, "longfi.txt"},
+		{"file", ". . .   long", 12, "file...lo"},
 		{"truncatebase", ".png", 8, "trun.png"},
 		{"onlybase", ".toolong", 8, "onl.tool"},
+		{"test", "test test", 18, "testtestt"},
 		{"short", ".dat", 9, "short.dat"},
 		{"example", "", 5, "examp"},
 		{"", ".zip", 5, ".zip"},
@@ -81,21 +83,29 @@ func TestSanitizeName(t *testing.T) {
 		{"myfilenames", extraChars, 10, "myfilename"},
 		{"@#$%^&*.png", extraChars, 20, defaultName},
 		{"!@#$%^&*()[]{}<>", extraChars, 20, defaultName},
+		{"!@# a copy.alongext", extraChars, 20, "a copy.alon"},
+		{"<>$ a copy.m", extraChars, 10, "a copy.m"},
+		{"a copy.my copy", extraChars, 15, "a copy.myco"},
 		{"filename.", extraChars, 15, "filename."},
 		{"/etc/passwd", extraChars, 15, "passwd"},
 		{"name\u0000.txt", extraChars, 20, "name.txt"},
 		{"control\ttest.txt", extraChars, 20, "controltest.txt"},
 		{"/path/../file.txt", extraChars, 20, "file.txt"},
 		{"<script>alert('xss')</script>", extraChars, 25, "script"},
+		{" ", extraChars, 15, "default"},
 		{"percent%encoded%name.doc", extraChars, 20, defaultName},
 		{"filename%20with%20spaces.txt", extraChars, 20,
 			"filename with sp.txt"},
 		{"filename with spaces.txt", extraChars, 25,
 			"filename with spaces.txt"},
 		{"my%2Fcool%2Bdoc%26about%2Cstuff.md", extraChars + "/+&,", 40,
 			"cool+doc&about,stuff.md"},
+		{"example." + strings.Repeat("x", 1000), extraChars, 20,
+			"example.xxxx"},
 		{strings.Repeat("a", 1000) + ".txt", extraChars, 50,
 			strings.Repeat("a", 46) + ".txt"},
+		{strings.Repeat(".", 100) + strings.Repeat(".", 100), extraChars, 80,
+			strings.Repeat(".", 79) + "."},
 	}
 	for _, test := range tests {
 		t.Run(test.input, func(t *testing.T) {