From 8a60cd8c028906fe5d87086ce624a521ea8b0135 Mon Sep 17 00:00:00 2001 From: Steffen Jost Date: Thu, 3 Nov 2022 16:49:43 +0100 Subject: [PATCH] chore(lpr): sanitze printjob names, remove unusable printAckFree route --- routes | 1 - src/Foundation/Navigation.hs | 1 - src/Handler/PrintCenter.hs | 7 +----- src/Utils.hs | 41 ++++++++++++++++++++++++++++++++++++ src/Utils/Print.hs | 3 ++- 5 files changed, 44 insertions(+), 9 deletions(-) diff --git a/routes b/routes index 9a5ea50ad..f888da39e 100644 --- a/routes +++ b/routes @@ -71,7 +71,6 @@ /print PrintCenterR GET POST !system-printer /print/acknowledge/#Day/#Int/#Int PrintAckR GET POST !system-printer /print/acknowledge/direct PrintAckDirectR POST !system-printer -/print/acknowledge/free/direct PrintAckFreeR POST !development /print/send PrintSendR GET POST /print/download/#CryptoUUIDPrintJob PrintDownloadR GET !system-printer diff --git a/src/Foundation/Navigation.hs b/src/Foundation/Navigation.hs index e28735137..1cb1690d2 100644 --- a/src/Foundation/Navigation.hs +++ b/src/Foundation/Navigation.hs @@ -120,7 +120,6 @@ breadcrumb PrintSendR = i18nCrumb MsgMenuPrintSend $ Just PrintCenter breadcrumb PrintDownloadR{} = i18nCrumb MsgMenuPrintDownload $ Just PrintCenterR breadcrumb PrintAckR{} = i18nCrumb MsgMenuPrintSend $ Just PrintCenterR -- never displayed breadcrumb PrintAckDirectR{}= i18nCrumb MsgMenuPrintSend $ Just PrintCenterR -- never displayed -breadcrumb PrintAckFreeR{} = i18nCrumb MsgMenuPrintSend $ Just PrintCenterR -- never displayed breadcrumb SchoolListR = i18nCrumb MsgMenuSchoolList $ Just AdminR breadcrumb (SchoolR ssh sRoute) = case sRoute of diff --git a/src/Handler/PrintCenter.hs b/src/Handler/PrintCenter.hs index cfe7fd6c4..aa09a11c6 100644 --- a/src/Handler/PrintCenter.hs +++ b/src/Handler/PrintCenter.hs @@ -10,8 +10,7 @@ module Handler.PrintCenter , getPrintCenterR, postPrintCenterR , getPrintSendR , postPrintSendR , getPrintAckR , postPrintAckR - , postPrintAckDirectR - , postPrintAckFreeR + , postPrintAckDirectR ) where import Import @@ -447,7 +446,3 @@ postPrintAckDirectR = do $logErrorS "APC" msg return (badRequest400, msg) sendResponseStatus status msg -- must be outside of runDB; otherweise transaction is rolled back - --- synonym, used during development to test with and without access control simultaneously -postPrintAckFreeR :: Handler Html -postPrintAckFreeR = postPrintAckDirectR \ No newline at end of file diff --git a/src/Utils.hs b/src/Utils.hs index 9b15bc12c..8b74bbaf9 100644 --- a/src/Utils.hs +++ b/src/Utils.hs @@ -23,6 +23,7 @@ import qualified Data.CaseInsensitive as CI import qualified Data.ByteString as BS import qualified Data.ByteString.Char8 as CBS +import qualified Data.Char as Char import qualified Data.Text as Text import qualified Data.Text.Encoding as Text @@ -298,6 +299,46 @@ citext2lower = Text.toLower . CI.original citext2string :: CI Text -> String citext2string = Text.unpack . CI.original +-- | Convert or remove all non-ascii characters, e.g. for filenames +text2asciiAlphaNum :: Text -> Text +text2asciiAlphaNum = Text.filter (\c -> Char.isAlphaNum c && Char.isAscii c) + . Text.replace "ä" "ae" + . Text.replace "Ä" "Ae" + . Text.replace "Æ" "ae" + . Text.replace "æ" "ae" + . Text.replace "Å" "Aa" + . Text.replace "å" "aa" + . Text.replace "â" "a" + . Text.replace "à" "a" + . Text.replace "á" "a" + . Text.replace "Ö" "Oe" + . Text.replace "ö" "oe" + . Text.replace "œ" "oe" + . Text.replace "Ø" "Oe" + . Text.replace "ø" "oe" + . Text.replace "ò" "o" + . Text.replace "ò" "o" + . Text.replace "ò" "o" + . Text.replace "ó" "o" + . Text.replace "Ü" "Ue" + . Text.replace "ü" "ue" + . Text.replace "ù" "u" + . Text.replace "ú" "u" + . Text.replace "û" "u" + . Text.replace "ë" "e" + . Text.replace "ê" "e" + . Text.replace "è" "e" + . Text.replace "é" "e" + . Text.replace "ï" "i" + . Text.replace "î" "i" + . Text.replace "ì" "i" + . Text.replace "í" "i" + . Text.replace "ß" "ss" + . Text.replace "ç" "c" + . Text.replace "ş" "s" + . Text.replace "ğ" "g" + . Text.replace "ñ" "n" + -- | Convert text as it is to Html, may prevent ambiguous types -- This function definition is mainly for documentation purposes text2Html :: Text -> Html diff --git a/src/Utils/Print.hs b/src/Utils/Print.hs index a896d8e9e..1bbac1544 100644 --- a/src/Utils/Print.hs +++ b/src/Utils/Print.hs @@ -278,7 +278,8 @@ sendLetter printJobName pdf (printJobRecipient, printJobSender) printJobCourse p nameSender = abbrvName <$> sender nameCourse = CI.original . courseShorthand <$> course nameQuali = CI.original . qualificationShorthand <$> quali - let jobFullName = T.replace " " "-" (T.intercalate "_" . catMaybes $ [Just printJobName, nameQuali, nameCourse, nameSender, nameRecipient]) + let jobFullName = text2asciiAlphaNum $ + T.replace " " "-" (T.intercalate "_" . catMaybes $ [Just printJobName, nameQuali, nameCourse, nameSender, nameRecipient]) printJobFilename = T.unpack $ jobFullName <> ".pdf" -- printJobFile <- sinkFileDB True $ yield $ LBS.toStrict pdf -- for PrintJobFile :: FileContentReference use this code printJobFile = LBS.toStrict pdf