From 283d2f85d108a08ce50108c3b12fe8edeef820cd Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Wed, 5 Aug 2020 11:35:00 -0400
Subject: [PATCH] importfeed: Fix reversion that caused some '.' in filenames
 to be replaced with '_'

sanitizeFilePath was changed to sanitize leading '.', but ImportFeed was
running it on parts of the template. So eg the leading '.' in the extension
got sanitized.

Note the added case for sanitizeLeadingFilePathCharacter ('/':_)
-- this was added because, if the template is title/episode and the title
is not set, it would expand to "/episode". So this is another potential
security fix.
---
 Annex/UntrustedFilePath.hs                    | 19 +++++++++++----
 CHANGELOG                                     |  2 ++
 Command/ImportFeed.hs                         | 23 ++++++++++---------
 ...s_with___34____95____34___in_filename.mdwn |  1 +
 4 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/Annex/UntrustedFilePath.hs b/Annex/UntrustedFilePath.hs
index 2ec37842b6..33233a6dee 100644
--- a/Annex/UntrustedFilePath.hs
+++ b/Annex/UntrustedFilePath.hs
@@ -31,17 +31,26 @@ import System.FilePath
  - that case.
  -}
 sanitizeFilePath :: String -> FilePath
-sanitizeFilePath [] = "file"
-sanitizeFilePath f = leading (map sanitize f)
+sanitizeFilePath = sanitizeLeadingFilePathCharacter . sanitizeFilePathComponent
+
+{- For when the filepath is being built up out of components that should be
+ - individually sanitized, this can be used for each component, followed by
+ - sanitizeLeadingFilePathCharacter for the whole thing.
+ -}
+sanitizeFilePathComponent :: String -> String
+sanitizeFilePathComponent = map sanitize
   where
 	sanitize c
 		| c == '.' || c == '-' = c
 		| isSpace c || isPunctuation c || isSymbol c || isControl c || c == '/' = '_'
 		| otherwise = c
 
-	leading ('.':s) = '_':s
-	leading ('-':s) = '_':s
-	leading s = s
+sanitizeLeadingFilePathCharacter :: String -> FilePath
+sanitizeLeadingFilePathCharacter [] = "file"
+sanitizeLeadingFilePathCharacter ('.':s) = '_':s
+sanitizeLeadingFilePathCharacter ('-':s) = '_':s
+sanitizeLeadingFilePathCharacter ('/':s) = '_':s
+sanitizeLeadingFilePathCharacter s = s
 
 escapeSequenceInFilePath :: FilePath -> Bool
 escapeSequenceInFilePath f = '\ESC' `elem` f
diff --git a/CHANGELOG b/CHANGELOG
index c9d086278b..2c856674ff 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -18,6 +18,8 @@ git-annex (8.20200720.2) UNRELEASED; urgency=medium
     standalone and OSX app.
     Thanks, Yaroslav Halchenko
   * Slightly sped up the linux standalone bundle.
+  * importfeed: Fix reversion that caused some '.' in filenames to be
+    replaced with '_'
 
  -- Joey Hess <id@joeyh.name>  Tue, 21 Jul 2020 12:58:30 -0400
 
diff --git a/Command/ImportFeed.hs b/Command/ImportFeed.hs
index e292ab73e5..cd64153693 100644
--- a/Command/ImportFeed.hs
+++ b/Command/ImportFeed.hs
@@ -338,17 +338,18 @@ defaultTemplate = "${feedtitle}/${itemtitle}${extension}"
 {- Generates a filename to use for a feed item by filling out the template.
  - The filename may not be unique. -}
 feedFile :: Utility.Format.Format -> ToDownload -> String -> FilePath
-feedFile tmpl i extension = Utility.Format.format tmpl $
-	M.map sanitizeFilePath $ M.fromList $ extractFields i ++
-		[ ("extension", extension)
-		, extractField "itempubdate" [itempubdate]
-		, extractField "itempubyear" [itempubyear]
-		, extractField "itempubmonth" [itempubmonth]
-		, extractField "itempubday" [itempubday]
-		, extractField "itempubhour" [itempubhour]
-		, extractField "itempubminute" [itempubminute]
-		, extractField "itempubsecond" [itempubsecond]
-		]
+feedFile tmpl i extension = sanitizeLeadingFilePathCharacter $ 
+	Utility.Format.format tmpl $
+		M.map sanitizeFilePathComponent $ M.fromList $ extractFields i ++
+			[ ("extension", extension)
+			, extractField "itempubdate" [itempubdate]
+			, extractField "itempubyear" [itempubyear]
+			, extractField "itempubmonth" [itempubmonth]
+			, extractField "itempubday" [itempubday]
+			, extractField "itempubhour" [itempubhour]
+			, extractField "itempubminute" [itempubminute]
+			, extractField "itempubsecond" [itempubsecond]
+			]
   where
 	itm = item i
 
diff --git a/doc/bugs/Importfeed_replaces_all___34__.__34___characters_with___34____95____34___in_filename.mdwn b/doc/bugs/Importfeed_replaces_all___34__.__34___characters_with___34____95____34___in_filename.mdwn
index 0bb6d60449..db444ff43d 100644
--- a/doc/bugs/Importfeed_replaces_all___34__.__34___characters_with___34____95____34___in_filename.mdwn
+++ b/doc/bugs/Importfeed_replaces_all___34__.__34___characters_with___34____95____34___in_filename.mdwn
@@ -28,3 +28,4 @@ git annex version 8.20200720.1-g1ccb6699a1
 
 
 
+> [[fixed|done]] --[[Joey]]