fix: Parse Server option fileUpload.fileExtensions fails to determi…

…ne file extension if filename contains multiple dots (#8754)
parse-community · Sep 23, 2023 · 3d6d50e · 3d6d50e
1 parent b70c2d9
commit 3d6d50e
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 1 deletion.
diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js
@@ -1364,6 +1364,74 @@ describe('Parse.File testing', () => {
       );
     });
 
+    it('works with a period in the file name', async () => {
+      await reconfigureServer({
+        fileUpload: {
+          enableForPublic: true,
+          fileExtensions: ['^[^hH][^tT][^mM][^lL]?$'],
+        },
+      });
+      const headers = {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+
+      const values = ['file.png.html', 'file.txt.png.html', 'file.png.txt.html'];
+
+      for (const value of values) {
+        await expectAsync(
+          request({
+            method: 'POST',
+            headers: headers,
+            url: `http://localhost:8378/1/files/${value}`,
+            body: '<html></html>\n',
+          }).catch(e => {
+            throw new Error(e.data.error);
+          })
+        ).toBeRejectedWith(
+          new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of extension html is disabled.`)
+        );
+      }
+    });
+
+    it('works to stop invalid filenames', async () => {
+      await reconfigureServer({
+        fileUpload: {
+          enableForPublic: true,
+          fileExtensions: ['^[^hH][^tT][^mM][^lL]?$'],
+        },
+      });
+      const headers = {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+
+      const values = [
+        '!invalid.png',
+        '.png',
+        '.html',
+        ' .html',
+        '.png.html',
+        '~invalid.png',
+        '-invalid.png',
+      ];
+
+      for (const value of values) {
+        await expectAsync(
+          request({
+            method: 'POST',
+            headers: headers,
+            url: `http://localhost:8378/1/files/${value}`,
+            body: '<html></html>\n',
+          }).catch(e => {
+            throw new Error(e.data.error);
+          })
+        ).toBeRejectedWith(
+          new Parse.Error(Parse.Error.INVALID_FILE_NAME, `Filename contains invalid characters.`)
+        );
+      }
+    });
+
     it('works with array', async () => {
       await reconfigureServer({
         fileUpload: {

diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js
@@ -155,7 +155,7 @@ export class FilesRouter {
       };
       let extension = contentType;
       if (filename && filename.includes('.')) {
-        extension = filename.split('.')[1];
+        extension = filename.substring(filename.lastIndexOf('.') + 1);
       } else if (contentType && contentType.includes('/')) {
         extension = contentType.split('/')[1];
       }