From 4a96f4c8a99d49b115fe1676dd630c60b8c11151 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <opensource@fthiessen.de>
Date: Mon, 12 Aug 2024 18:11:31 +0200
Subject: [PATCH] fix: `FilenameValidator::isForbidden` should only check
 forbidden files

And not forbidden basenames as this is used for different purposes.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 lib/private/Files/FilenameValidator.php | 27 ++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/lib/private/Files/FilenameValidator.php b/lib/private/Files/FilenameValidator.php
index b1ce8e02b13ee..2fe3c93d02664 100644
--- a/lib/private/Files/FilenameValidator.php
+++ b/lib/private/Files/FilenameValidator.php
@@ -198,9 +198,7 @@ public function validateFilename(string $filename): void {
 			}
 		}
 
-		if ($this->isForbidden($filename)) {
-			throw new ReservedWordException();
-		}
+		$this->checkForbiddenName($filename);
 
 		$this->checkForbiddenExtension($filename);
 
@@ -227,18 +225,25 @@ public function isForbidden(string $path): bool {
 			return true;
 		}
 
+		// Filename is not forbidden
+		return false;
+	}
+
+	protected function checkForbiddenName($filename): void {
+		if ($this->isForbidden($filename)) {
+			throw new ReservedWordException($this->l10n->t('"%1$s" is a forbidden file or folder name.', [$filename]));
+		}
+
 		// Check for forbidden basenames - basenames are the part of the file until the first dot
 		// (except if the dot is the first character as this is then part of the basename "hidden files")
 		$basename = substr($filename, 0, strpos($filename, '.', 1) ?: null);
 		$forbiddenNames = $this->getForbiddenBasenames();
 		if (in_array($basename, $forbiddenNames)) {
-			return true;
+			throw new ReservedWordException($this->l10n->t('"%1$s" is a forbidden prefix for file or folder names.', [$filename]));
 		}
-
-		// Filename is not forbidden
-		return false;
 	}
 
+
 	/**
 	 * Check if a filename contains any of the forbidden characters
 	 * @param string $filename
@@ -252,7 +257,7 @@ protected function checkForbiddenCharacters(string $filename): void {
 
 		foreach ($this->getForbiddenCharacters() as $char) {
 			if (str_contains($filename, $char)) {
-				throw new InvalidCharacterInPathException($this->l10n->t('Invalid character "%1$s" in filename', [$char]));
+				throw new InvalidCharacterInPathException($this->l10n->t('"%1$s" is not allowed inside a file or folder name.', [$char]));
 			}
 		}
 	}
@@ -268,7 +273,11 @@ protected function checkForbiddenExtension(string $filename): void {
 		$forbiddenExtensions = $this->getForbiddenExtensions();
 		foreach ($forbiddenExtensions as $extension) {
 			if (str_ends_with($filename, $extension)) {
-				throw new InvalidPathException($this->l10n->t('Invalid filename extension "%1$s"', [$extension]));
+				if (str_starts_with($extension, '.')) {
+					throw new InvalidPathException($this->l10n->t('"%1$s" is a forbidden file type.', [$extension]));
+				} else {
+					throw new InvalidPathException($this->l10n->t('Filenames must not end with "%1$s".', [$extension]));
+				}
 			}
 		}
 	}