Fixing that Indexing AdminController and Commands can operate with unsafe index names

src/Orchard.Web/Modules/Orchard.Indexing/Commands/IndexingCommands.cs

@@ -5,6 +5,7 @@ using Orchard.ContentManagement;
 using Orchard.Indexing.Services;
 using Orchard.Tasks.Indexing;
 using Orchard.Utility.Extensions;
+using static Orchard.Indexing.Helpers.IndexingHelpers;
 
 namespace Orchard.Indexing.Commands {
     public class IndexingCommands : DefaultOrchardCommandHandler {
@@ -38,27 +39,22 @@ namespace Orchard.Indexing.Commands {
                 return;
             }
 
-            if (string.IsNullOrWhiteSpace(index)) {
+            if (!IsValidIndexName(index)) {
                 Context.Output.WriteLine(T("Invalid index name."));
                 return;
             }
 
-            if (index.ToSafeName() != index) {
-                Context.Output.WriteLine(T("Invalid index name."));
+            var indexProvider = _indexManager.GetSearchIndexProvider();
+            if (indexProvider == null) {
+                Context.Output.WriteLine(T("No indexing service was found. Please enable a module like Lucene."));
             }
             else {
-                var indexProvider = _indexManager.GetSearchIndexProvider();
-                if(indexProvider == null) {
-                    Context.Output.WriteLine(T("No indexing service was found. Please enable a module like Lucene."));
+                if (indexProvider.Exists(index)) {
+                    Context.Output.WriteLine(T("The specified index already exists."));
                 }
                 else {
-                    if (indexProvider.Exists(index)) {
-                        Context.Output.WriteLine(T("The specified index already exists."));
-                    }
-                    else {
-                        _indexManager.GetSearchIndexProvider().CreateIndex(index);
-                        Context.Output.WriteLine(T("New index has been created successfully."));
-                    }
+                    _indexManager.GetSearchIndexProvider().CreateIndex(index);
+                    Context.Output.WriteLine(T("New index has been created successfully."));
                 }
             }
         }
@@ -66,7 +62,7 @@ namespace Orchard.Indexing.Commands {
         [CommandName("index update")]
         [CommandHelp("index update <index>\r\n\t" + "Updates the specified index")]
         public void Update(string index) {
-            if (string.IsNullOrWhiteSpace(index)) {
+            if (!IsValidIndexName(index)) {
                 Context.Output.WriteLine(T("Invalid index name."));
                 return;
             }
@@ -78,7 +74,7 @@ namespace Orchard.Indexing.Commands {
         [CommandName("index rebuild")]
         [CommandHelp("index rebuild <index> \r\n\t" + "Rebuilds the specified index")]
         public void Rebuild(string index) {
-            if (string.IsNullOrWhiteSpace(index)) {
+            if (!IsValidIndexName(index)) {
                 Context.Output.WriteLine(T("Invalid index name."));
                 return;
             }
@@ -91,7 +87,7 @@ namespace Orchard.Indexing.Commands {
         [CommandHelp("index query <index> /Query:<query>\r\n\t" + "Searches the specified <query> terms in the specified index")]
         [OrchardSwitches("Query")]
         public void Search(string index) {
-            if (string.IsNullOrWhiteSpace(index)) {
+            if (!IsValidIndexName(index)) {
                 Context.Output.WriteLine(T("Invalid index name."));
                 return;
             }
@@ -126,7 +122,7 @@ namespace Orchard.Indexing.Commands {
         [CommandHelp("index stats <index>\r\n\t" + "Displays some statistics about the search index")]
         [OrchardSwitches("IndexName")]
         public void Stats(string index) {
-            if (string.IsNullOrWhiteSpace(index)) {
+            if (!IsValidIndexName(index)) {
                 Context.Output.WriteLine(T("Invalid index name."));
                 return;
             }

src/Orchard.Web/Modules/Orchard.Indexing/Controllers/AdminController.cs

@@ -8,6 +8,7 @@ using Orchard.Security;
 using Orchard.Indexing.ViewModels;
 using Orchard.UI.Notify;
 using Orchard.Utility.Extensions;
+using static Orchard.Indexing.Helpers.IndexingHelpers;
 
 namespace Orchard.Indexing.Controllers {
     public class AdminController : Controller {
@@ -68,7 +69,7 @@ namespace Orchard.Indexing.Controllers {
                 return new HttpUnauthorizedResult();
 
             var provider = _indexManager.GetSearchIndexProvider();
-            if (String.IsNullOrWhiteSpace(id) || id.ToSafeName() != id) {
+            if (!IsValidIndexName(id)) {
                 Services.Notifier.Error(T("Invalid index name."));
                 return View("Create", id);
             }
@@ -96,7 +97,12 @@ namespace Orchard.Indexing.Controllers {
             if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not allowed to manage the search index.")))
                 return new HttpUnauthorizedResult();
 
-            _indexingService.UpdateIndex(id);
+            if (IsValidIndexName(id)) {
+                _indexingService.UpdateIndex(id);
+            }
+            else {
+                Services.Notifier.Error(T("Invalid index name."));
+            }
 
             return RedirectToAction("Index");
         }
@@ -106,7 +112,12 @@ namespace Orchard.Indexing.Controllers {
             if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not allowed to manage the search index.")))
                 return new HttpUnauthorizedResult();
 
-            _indexingService.RebuildIndex(id);
+            if (IsValidIndexName(id)) {
+                _indexingService.RebuildIndex(id);
+            }
+            else {
+                Services.Notifier.Error(T("Invalid index name."));
+            }
 
             return RedirectToAction("Index");
         }
@@ -116,7 +127,12 @@ namespace Orchard.Indexing.Controllers {
             if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not allowed to manage the search index.")))
                 return new HttpUnauthorizedResult();
 
-            _indexingService.DeleteIndex(id);
+            if (IsValidIndexName(id)) {
+                _indexingService.DeleteIndex(id);
+            }
+            else {
+                Services.Notifier.Error(T("Invalid index name."));
+            }
 
             return RedirectToAction("Index");
         }

src/Orchard.Web/Modules/Orchard.Indexing/Helpers/IndexingHelpers.cs

@@ -0,0 +1,8 @@
+using Orchard.Utility.Extensions;
+
+namespace Orchard.Indexing.Helpers {
+    public static class IndexingHelpers {
+        public static bool IsValidIndexName(string name) =>
+            !string.IsNullOrWhiteSpace(name) && name.ToSafeName() == name;
+    }
+}

src/Orchard.Web/Modules/Orchard.Indexing/Orchard.Indexing.csproj

@@ -95,6 +95,7 @@
     <Compile Include="AdminMenu.cs" />
     <Compile Include="Commands\IndexingCommands.cs" />
     <Compile Include="Controllers\AdminController.cs" />
+    <Compile Include="Helpers\IndexingHelpers.cs" />
     <Compile Include="Migrations.cs" />
     <Compile Include="Handlers\CreateIndexingTaskHandler.cs" />
     <Compile Include="Handlers\InfosetFieldIndexingHandler.cs" />
@@ -180,4 +181,4 @@
       </FlavorProperties>
     </VisualStudio>
   </ProjectExtensions>
-</Project>
+</Project>