From cb98b56d134130a4a68b214341f09485c881f697 Mon Sep 17 00:00:00 2001
From: Christie Baker <Christie.Baker@availity.com>
Date: Thu, 31 May 2018 13:01:22 -0500
Subject: [PATCH] fix(upload-core): upload filename check

---
 packages/upload-core/src/tests/upload.test.js | 38 +++++++++++++++++++
 packages/upload-core/src/upload.js            | 14 +++++++
 2 files changed, 52 insertions(+)

diff --git a/packages/upload-core/src/tests/upload.test.js b/packages/upload-core/src/tests/upload.test.js
index 5fd0ad642..0d57f953d 100644
--- a/packages/upload-core/src/tests/upload.test.js
+++ b/packages/upload-core/src/tests/upload.test.js
@@ -160,4 +160,42 @@ describe('upload.core', () => {
     upload.setError('decrypting', 'Decrypting file');
     expect(upload.status).toBe('decrypting');
   });
+
+  it('should validate file name', () => {
+    const file = Buffer.from('hello world'.split(''));
+    file.name = 'good file name.pdf';
+    const upload = new Upload(
+      file,
+      Object.assign(options, { allowedFileNameCharacters: 'a-zA-Z0-9_ ' })
+    );
+    upload.start();
+    expect(upload.isValidFile()).toBeTruthy();
+
+    const file2 = Buffer.from('hello world'.split(''));
+    file2.name = 'Bad-file-name.pdf';
+    const upload2 = new Upload(
+      file2,
+      Object.assign(options, { allowedFileNameCharacters: 'a-zA-Z0-9 _' })
+    );
+    upload2.start();
+    expect(upload2.isValidFile()).toBeFalsy();
+
+    const file3 = Buffer.from('hello world'.split(''));
+    file3.name = '123File(1).xlsx';
+    const upload3 = new Upload(
+      file3,
+      Object.assign(options, { allowedFileNameCharacters: '_a-zA-Z0-9 ' })
+    );
+    upload3.start();
+    expect(upload3.isValidFile()).toBeFalsy();
+
+    const file4 = Buffer.from('hello world'.split(''));
+    file4.name = 'fileName';
+    const upload4 = new Upload(
+      file4,
+      Object.assign(options, { allowedFileNameCharacters: '_a-zA-Z0-9 ' })
+    );
+    upload4.start();
+    expect(upload4.isValidFile()).toBeTruthy();
+  });
 });
diff --git a/packages/upload-core/src/upload.js b/packages/upload-core/src/upload.js
index 90409b393..963f0612e 100644
--- a/packages/upload-core/src/upload.js
+++ b/packages/upload-core/src/upload.js
@@ -267,6 +267,20 @@ class Upload {
         return false;
       }
     }
+    if (this.options.allowedFileNameCharacters) {
+      const fileName = this.file.name.substring(
+        0,
+        this.file.name.lastIndexOf('.')
+      );
+      const regExp = new RegExp(
+        `([^${this.options.allowedFileNameCharacters}])`,
+        'g'
+      );
+      if (fileName && fileName.match(regExp) !== null) {
+        this.setError('rejected', 'File name contains characters not allowed');
+        return false;
+      }
+    }
     return true;
   }