From 7f52e3c2edc2f39604d5bf04db4bcf23b9d4494a Mon Sep 17 00:00:00 2001
From: James Muehlner <james.muehlner@guac-dev.org>
Date: Wed, 7 Sep 2016 20:23:34 -0700
Subject: [PATCH] GUACAMOLE-104: Sanitize filenames before upload or download.

---
 .../webapp/app/rest/services/tunnelService.js  | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/guacamole/src/main/webapp/app/rest/services/tunnelService.js b/guacamole/src/main/webapp/app/rest/services/tunnelService.js
index b9dc0cd47..002965068 100644
--- a/guacamole/src/main/webapp/app/rest/services/tunnelService.js
+++ b/guacamole/src/main/webapp/app/rest/services/tunnelService.js
@@ -135,6 +135,20 @@ angular.module('rest').factory('tunnelService', ['$injector',
 
     };
 
+    /**
+     * Sanitize a filename, replacing all URL path seperators with safe
+     * characters.
+     *
+     * @param {String} filename
+     *     An unsanitized filename that may need cleanup.
+     *
+     * @returns {String}
+     *     The sanitized filename.
+     */
+    var sanitizeFilename = function sanitizeFilename(filename) {
+        return filename.replace(/\/+/g, '_');
+    };
+
     /**
      * Makes a request to the REST API to retrieve the contents of a stream
      * which has been created within the active Guacamole connection associated
@@ -169,7 +183,7 @@ angular.module('rest').factory('tunnelService', ['$injector',
                 + $window.location.pathname
                 + 'api/session/tunnels/' + encodeURIComponent(tunnel)
                 + '/streams/' + encodeURIComponent(stream.index)
-                + '/' + encodeURIComponent(filename)
+                + '/' + encodeURIComponent(sanitizeFilename(filename))
                 + '?token=' + encodeURIComponent(authenticationService.getCurrentToken());
 
         // Create temporary hidden iframe to facilitate download
@@ -232,7 +246,7 @@ angular.module('rest').factory('tunnelService', ['$injector',
                 + $window.location.pathname
                 + 'api/session/tunnels/' + encodeURIComponent(tunnel)
                 + '/streams/' + encodeURIComponent(stream.index)
-                + '/' + encodeURIComponent(file.name)
+                + '/' + encodeURIComponent(sanitizeFilename(file.name))
                 + '?token=' + encodeURIComponent(authenticationService.getCurrentToken());
 
         var xhr = new XMLHttpRequest();