Marcel Nellesen · 8b54bdc8 · 2f033020 · 8b54bdc8
--- a/src/Project/Controllers/DataSourceController.cs

+ 18

− 20
+++ b/src/Project/Controllers/DataSourceController.cs

+ 18

− 20
 @@ -59,10 +59,7 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();

-            if (!string.IsNullOrWhiteSpace(path))
-            {
-                path = HttpUtility.UrlDecode(path);
-            }
+            path = FormatPath(path);

            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
 @@ -120,11 +117,7 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();

-
-            if (!string.IsNullOrWhiteSpace(path))
-            {
-                path = HttpUtility.UrlDecode(path);
-            }
+            path = FormatPath(path);

            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
 @@ -177,10 +170,7 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();

-            if (!string.IsNullOrWhiteSpace(path))
-            {
-                path = HttpUtility.UrlDecode(path);
-            }
+            path = FormatPath(path);

            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
 @@ -224,6 +214,17 @@ namespace Coscine.Api.Project.Controllers
            }
        }

+        private string FormatPath(string path)
+        {
+            if (!string.IsNullOrWhiteSpace(path))
+            {
+                path = HttpUtility.UrlDecode(path);
+                path = path.Replace(@"\", "/");
+            }
+
+            return path;
+        }
+
        private string GetResourceTypeName(Resource resource)
        {
            if (resource.Type.DisplayName.ToLower().Equals("s3")) {
 @@ -261,10 +262,7 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();

-            if (!string.IsNullOrWhiteSpace(path))
-            {
-                path = HttpUtility.UrlDecode(path);
-            }
+            path = FormatPath(path);

            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
 @@ -398,10 +396,10 @@ namespace Coscine.Api.Project.Controllers
                return BadRequest($"Your path \"{path}\" is empty.");
            }

-            Regex rgx = new Regex(@"^[0-9a-zA-Z_\-/. ]+$");
-            if (!rgx.IsMatch(path))
+            Regex rgx = new Regex(@"[\:?*<>|]+");
+            if (rgx.IsMatch(path))
            {
-                return BadRequest($"Your path \"{path}\" contains bad chars. Only {@"^[0-9a-zA-Z_\-./ ]+"} are allowed as chars.");
+                return BadRequest($"Your path \"{path}\" contains bad characters. The following characters are not permissible: {@"\/:?*<>|"}.");
            }

            if (!Guid.TryParse(resourceId, out Guid resourceGuid))