From 63a878eb36ef95a262b8d96fc28aa6be1698c7cd Mon Sep 17 00:00:00 2001
From: yann300 <yann.levreau@gmail.com>
Date: Thu, 5 Oct 2017 21:53:58 +0200
Subject: [PATCH 1/3] check fo special char

---
 src/app.js                     | 7 ++++++-
 src/app/files/browser-files.js | 4 ++++
 src/app/files/file-explorer.js | 6 +++++-
 src/app/files/shared-folder.js | 4 ++++
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/app.js b/src/app.js
index f888d9d52a..57aec5e3d2 100644
--- a/src/app.js
+++ b/src/app.js
@@ -369,7 +369,12 @@ function run () {
   // Add files received from remote instance (i.e. another browser-solidity)
   function loadFiles (filesSet) {
     for (var f in filesSet) {
-      filesProviders['browser'].set(helper.createNonClashingName(f, filesProviders['browser']), filesSet[f].content)
+      var name = helper.createNonClashingName(f, filesProviders['browser'])
+      if (filesProviders['browser'].checkSpecialChars(name)) {
+        modalDialogCustom.alert('Special characters are not allowed')
+        return
+      }
+      filesProviders['browser'].set(name, filesSet[f].content)
     }
     fileManager.switchFile()
   }
diff --git a/src/app/files/browser-files.js b/src/app/files/browser-files.js
index b14163a892..4068f1a1ef 100644
--- a/src/app/files/browser-files.js
+++ b/src/app/files/browser-files.js
@@ -22,6 +22,10 @@ function Files (storage) {
     cb()
   }
 
+  this.checkSpecialChars = function (name) {
+    return name.match(/(\/|:|\*|\?|"|<|>|\\|\||')/) != null
+  }
+
   this.get = function (path, cb) {
     var unprefixedpath = this.removePrefix(path)
     // NOTE: ignore the config file
diff --git a/src/app/files/file-explorer.js b/src/app/files/file-explorer.js
index 28da9ceca8..338fea7f78 100755
--- a/src/app/files/file-explorer.js
+++ b/src/app/files/file-explorer.js
@@ -137,6 +137,10 @@ function fileExplorer (appAPI, files) {
     function loadFile () {
       var fileReader = new FileReader()
       fileReader.onload = function (event) {
+        if (files.checkSpecialChars(name)) {
+          modalDialogCustom.alert('Special characters are not allowed')
+          return
+        }
         var success = files.set(name, event.target.result)
         if (!success) modalDialogCustom.alert('Failed to create file ' + name)
         else events.trigger('focus', [name])
@@ -228,7 +232,7 @@ function fileExplorer (appAPI, files) {
       if (label.innerText === '') {
         modalDialogCustom.alert('File name cannot be empty')
         label.innerText = textUnderEdit
-      } else if (label.innerText.match(/(\/|:|\*|\?|"|<|>|\\|\||')/) !== null) {
+      } else if (files.checkSpecialChars(label.innerText)) {
         modalDialogCustom.alert('Special characters are not allowed')
         label.innerText = textUnderEdit
       } else if (!files.exists(newPath)) {
diff --git a/src/app/files/shared-folder.js b/src/app/files/shared-folder.js
index 3632e8e17a..54423095ce 100644
--- a/src/app/files/shared-folder.js
+++ b/src/app/files/shared-folder.js
@@ -45,6 +45,10 @@ class SharedFolder {
     cb()
   }
 
+  checkSpecialChars (name) {
+    return name.match(/(\/|:|\*|\?|"|<|>|\\|\||')/) != null
+  }
+
   init (cb) {
     this.remixd.call('sharedfolder', 'list', {}, (error, filesList) => {
       if (error) {

From 851aef0ef0e7158ee19c170309ec529f9885ebd3 Mon Sep 17 00:00:00 2001
From: yann300 <yann.levreau@gmail.com>
Date: Fri, 6 Oct 2017 14:10:27 +0200
Subject: [PATCH 2/3] only load soljson file

---
 src/app/tabs/settings-tab.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/app/tabs/settings-tab.js b/src/app/tabs/settings-tab.js
index b7346b7c96..45b547a908 100644
--- a/src/app/tabs/settings-tab.js
+++ b/src/app/tabs/settings-tab.js
@@ -140,6 +140,10 @@ function loadVersion (version, queryParams, appAPI, el) {
 
     url = location + 'soljson.js'
   } else {
+    if (version.indexOf('soljson') !== 0 || version.match(/(\/|:|\*|\?|"|<|>|\\|\||')/) != null) {
+      console.log('loading ' + version + ' not allowed')
+      return
+    }
     url = 'https://ethereum.github.io/solc-bin/bin/' + version
   }
   var isFirefox = typeof InstallTrigger !== 'undefined'

From 90b591c3e8c363114c0b090c6e9921c78e505dce Mon Sep 17 00:00:00 2001
From: yann300 <yann.levreau@gmail.com>
Date: Mon, 9 Oct 2017 09:23:11 +0200
Subject: [PATCH 3/3] refactor

---
 src/app.js                     | 2 +-
 src/app/files/browser-files.js | 4 ----
 src/app/files/file-explorer.js | 6 ++++--
 src/app/files/shared-folder.js | 4 ----
 src/app/tabs/settings-tab.js   | 3 ++-
 src/lib/helper.js              | 3 +++
 6 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/src/app.js b/src/app.js
index 57aec5e3d2..07c9f36fff 100644
--- a/src/app.js
+++ b/src/app.js
@@ -370,7 +370,7 @@ function run () {
   function loadFiles (filesSet) {
     for (var f in filesSet) {
       var name = helper.createNonClashingName(f, filesProviders['browser'])
-      if (filesProviders['browser'].checkSpecialChars(name)) {
+      if (helper.checkSpecialChars(name)) {
         modalDialogCustom.alert('Special characters are not allowed')
         return
       }
diff --git a/src/app/files/browser-files.js b/src/app/files/browser-files.js
index 4068f1a1ef..b14163a892 100644
--- a/src/app/files/browser-files.js
+++ b/src/app/files/browser-files.js
@@ -22,10 +22,6 @@ function Files (storage) {
     cb()
   }
 
-  this.checkSpecialChars = function (name) {
-    return name.match(/(\/|:|\*|\?|"|<|>|\\|\||')/) != null
-  }
-
   this.get = function (path, cb) {
     var unprefixedpath = this.removePrefix(path)
     // NOTE: ignore the config file
diff --git a/src/app/files/file-explorer.js b/src/app/files/file-explorer.js
index 338fea7f78..c1f56293d8 100755
--- a/src/app/files/file-explorer.js
+++ b/src/app/files/file-explorer.js
@@ -7,6 +7,8 @@ var modalDialogCustom = require('../ui/modal-dialog-custom')
 
 var EventManager = require('ethereum-remix').lib.EventManager
 
+var helper = require('../../lib/helper')
+
 var remix = require('ethereum-remix')
 var styleGuide = remix.ui.styleGuide
 var styles = styleGuide()
@@ -137,7 +139,7 @@ function fileExplorer (appAPI, files) {
     function loadFile () {
       var fileReader = new FileReader()
       fileReader.onload = function (event) {
-        if (files.checkSpecialChars(name)) {
+        if (helper.checkSpecialChars(name)) {
           modalDialogCustom.alert('Special characters are not allowed')
           return
         }
@@ -232,7 +234,7 @@ function fileExplorer (appAPI, files) {
       if (label.innerText === '') {
         modalDialogCustom.alert('File name cannot be empty')
         label.innerText = textUnderEdit
-      } else if (files.checkSpecialChars(label.innerText)) {
+      } else if (helper.checkSpecialChars(label.innerText)) {
         modalDialogCustom.alert('Special characters are not allowed')
         label.innerText = textUnderEdit
       } else if (!files.exists(newPath)) {
diff --git a/src/app/files/shared-folder.js b/src/app/files/shared-folder.js
index 54423095ce..3632e8e17a 100644
--- a/src/app/files/shared-folder.js
+++ b/src/app/files/shared-folder.js
@@ -45,10 +45,6 @@ class SharedFolder {
     cb()
   }
 
-  checkSpecialChars (name) {
-    return name.match(/(\/|:|\*|\?|"|<|>|\\|\||')/) != null
-  }
-
   init (cb) {
     this.remixd.call('sharedfolder', 'list', {}, (error, filesList) => {
       if (error) {
diff --git a/src/app/tabs/settings-tab.js b/src/app/tabs/settings-tab.js
index 45b547a908..9a227351a2 100644
--- a/src/app/tabs/settings-tab.js
+++ b/src/app/tabs/settings-tab.js
@@ -8,6 +8,7 @@ var csjs = require('csjs-inject')
 var remix = require('ethereum-remix')
 var styleGuide = remix.ui.styleGuide
 var styles = styleGuide()
+var helper = require('../../lib/helper')
 
 var css = csjs`
   .settingsTabView {
@@ -140,7 +141,7 @@ function loadVersion (version, queryParams, appAPI, el) {
 
     url = location + 'soljson.js'
   } else {
-    if (version.indexOf('soljson') !== 0 || version.match(/(\/|:|\*|\?|"|<|>|\\|\||')/) != null) {
+    if (version.indexOf('soljson') !== 0 || helper.checkSpecialChars(version)) {
       console.log('loading ' + version + ' not allowed')
       return
     }
diff --git a/src/lib/helper.js b/src/lib/helper.js
index 5676c06040..382fb1646c 100644
--- a/src/lib/helper.js
+++ b/src/lib/helper.js
@@ -16,5 +16,8 @@ module.exports = {
       counter = (counter | 0) + 1
     }
     return path + counter + '.sol'
+  },
+  checkSpecialChars (name) {
+    return name.match(/[/:*?"<>\\'|]/) != null
   }
 }