From 2c5021f8d1fb47b1d974db9ce75fef33f0d362e3 Mon Sep 17 00:00:00 2001
From: LorenzoFrediani-Laser <lorenzo.frediani@laser-group.com>
Date: Thu, 3 Aug 2017 21:20:49 +0200
Subject: [PATCH] Add Validation FolderName to generate valid url link (#7768)

---
 .../Controllers/FolderController.cs           | 23 ++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/FolderController.cs b/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/FolderController.cs
index 903c11d1d..49e2a9be0 100644
--- a/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/FolderController.cs
+++ b/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/FolderController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.IO;
 using System.Linq;
+using System.Text.RegularExpressions;
 using System.Web.Mvc;
 using Orchard.Localization;
 using Orchard.Logging;
@@ -67,17 +68,21 @@ namespace Orchard.MediaLibrary.Controllers {
             }
 
             try {
-                _mediaLibraryService.CreateFolder(viewModel.FolderPath, viewModel.Name);
-                Services.Notifier.Information(T("Media folder created"));
+                bool valid = String.IsNullOrWhiteSpace(viewModel.Name) || Regex.IsMatch(viewModel.Name, @"^[^:?#\[\]@!$&'()*+,.;=\s\""\<\>\\\|%]+$");
+                if (!valid) {
+                    throw new ArgumentException(T("Folder contains invalid characters").ToString());
+                }
+                else {
+                    _mediaLibraryService.CreateFolder(viewModel.FolderPath, viewModel.Name);
+                    Services.Notifier.Information(T("Media folder created"));
+                }
             }
             catch (ArgumentException argumentException) {
                 Services.Notifier.Error(T("Creating Folder failed: {0}", argumentException.Message));
                 Services.TransactionManager.Cancel();
                 return View(viewModel);
             }
-
             return RedirectToAction("Index", "Admin", new { area = "Orchard.MediaLibrary" });
-
         }
 
         public ActionResult Edit(string folderPath) {
@@ -130,8 +135,14 @@ namespace Orchard.MediaLibrary.Controllers {
             }
 
             try {
-                _mediaLibraryService.RenameFolder(viewModel.FolderPath, viewModel.Name);
-                Services.Notifier.Information(T("Media folder renamed"));
+                bool valid = String.IsNullOrWhiteSpace(viewModel.Name) || Regex.IsMatch(viewModel.Name, @"^[^:?#\[\]@!$&'()*+,.;=\s\""\<\>\\\|%]+$");
+                if (!valid) {
+                    throw new ArgumentException(T("Folder contains invalid characters").ToString());
+                }
+                else {
+                    _mediaLibraryService.RenameFolder(viewModel.FolderPath, viewModel.Name);
+                    Services.Notifier.Information(T("Media folder renamed"));
+                }
             }
             catch (Exception exception) {
                 Services.Notifier.Error(T("Editing Folder failed: {0}", exception.Message));