Fix file path validation with non root contextPath, update error msg for saveBatch invalid file, etc (#7002)

labkey-nicka · web-flow · commit 82cf0d22b9df · 2025-09-05T10:00:39.000-07:00
diff --git a/api/src/org/labkey/api/assay/DefaultAssayRunCreator.java b/api/src/org/labkey/api/assay/DefaultAssayRunCreator.java
@@ -1223,11 +1223,17 @@ else if (!missing)
             }
             catch (ConversionException e)
             {
-                String message = ConvertHelper.getStandardConversionErrorMessage(value, label, type);
-                if (e.getCause() instanceof ArithmeticException)
-                    message += ": " + e.getCause().getLocalizedMessage();
+                String message;
+                if (e instanceof ConvertHelper.FileConversionException fce)
+                    message = fce.getMessage();
                 else
-                    message += ".";
+                {
+                    message = ConvertHelper.getStandardConversionErrorMessage(value, label, type);
+                    if (e.getCause() instanceof ArithmeticException)
+                        message += ": " + e.getCause().getLocalizedMessage();
+                    else
+                        message += ".";
+                }
 
                 // Attempt to resolve lookups by display value
                 boolean skipError = false;
diff --git a/api/src/org/labkey/api/data/ExpDataFileConverter.java b/api/src/org/labkey/api/data/ExpDataFileConverter.java
@@ -364,16 +364,16 @@ public static File convertToFile(Object value, @NotNull Container container, @No
 
         // toss in here an additional check, if starts with HTTP then try to use _webdav to resolve it
         // MAKE sure that the security is in place - figure out what container it is in
-        String webdav = value.toString();
-        if (null != StringUtils.trimToNull(webdav))
+        String rootSubstitutedPath = getFileRootSubstitutedFilePath(value.toString(), fileRootPath);;
+        if (null != StringUtils.trimToNull(rootSubstitutedPath))
         {
             if (assayResultFileRoot != null)
             {
                 try
                 {
                     for (int i = 0; i < 5; i++) // try up to 5 times to find a case-sensitive match
                     {
-                        String resultsFileName = FileUtil.getAppendedFileName(webdav, i);
+                        String resultsFileName = FileUtil.getAppendedFileName(rootSubstitutedPath, i);
                         FileLike assayResultFile = assayResultFileRoot.resolveChild(resultsFileName);
 
                         if (!assayResultFile.isFile())
@@ -390,7 +390,9 @@ public static File convertToFile(Object value, @NotNull Container container, @No
 
             }
 
-            webdav = getFileRootSubstitutedFilePath(webdav, fileRootPath);
+            String webdav = rootSubstitutedPath;
+            if (webdav.startsWith(AppProps.getInstance().getContextPath()))
+                webdav = webdav.substring(AppProps.getInstance().getContextPath().length());
             Path path = Path.decode(FileUtil.encodeForURL(webdav, true /*Issue 51207*/).replace(AppProps.getInstance().getBaseServerUrl() + AppProps.getInstance().getContextPath(), ""));
             WebdavResource resource = WebdavService.get().getResolver().lookup(path);
             if (resource != null && resource.isFile())
@@ -440,7 +442,7 @@ public static File convertToFile(Object value, @NotNull Container container, @No
         }
 
         // Otherwise, treat it as a plain path (processed by getFileRootSubstitutedFilePath)
-        return FILE_CONVERTER.convert(File.class, webdav);
+        return FILE_CONVERTER.convert(File.class, rootSubstitutedPath);
     }
 
     // if two files were uploaded with the same name but different casing, then the file system will uniquify the names
diff --git a/study/test/src/org/labkey/test/tests/study/AssayTest.java b/study/test/src/org/labkey/test/tests/study/AssayTest.java
@@ -18,11 +18,13 @@
 
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
+import org.labkey.remoteapi.CommandException;
 import org.labkey.remoteapi.assay.AssayListCommand;
 import org.labkey.remoteapi.assay.AssayListResponse;
 import org.labkey.test.Locator;
 import org.labkey.test.TestFileUtils;
 import org.labkey.test.TestTimeoutException;
+import org.labkey.test.WebTestHelper;
 import org.labkey.test.categories.Assays;
 import org.labkey.test.categories.Daily;
 import org.labkey.test.components.CustomizeView;
@@ -35,12 +37,14 @@
 import org.labkey.test.params.experiment.SampleTypeDefinition;
 import org.labkey.test.tests.AbstractAssayTest;
 import org.labkey.test.tests.AuditLogTest;
+import org.labkey.test.util.AuditLogHelper;
 import org.labkey.test.util.DataRegionTable;
 import org.labkey.test.util.LogMethod;
 import org.labkey.test.util.SampleTypeHelper;
 import org.labkey.test.util.StudyHelper;
 
 import java.io.File;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -267,7 +271,7 @@ private void verifyWebdavTree()
     }
 
     @LogMethod
-    private void editResults()
+    private void editResults() throws IOException, CommandException
     {
         // Verify that the results aren't editable by default
         navigateToFolder(getProjectName(), TEST_ASSAY_FLDR_LAB1);
@@ -310,15 +314,13 @@ private void editResults()
         });
 
         // Verify that the edit was audited
+        AuditLogHelper auditLogHelper = new AuditLogHelper(this, () -> WebTestHelper.getRemoteApiConnection(false));
+        auditLogHelper.checkAuditEventDiffCount(getProjectName(), AuditLogHelper.AuditEvent.QUERY_UPDATE_AUDIT_EVENT, List.of(0/*delete*/, 4/*edit*/));
+
         goToSchemaBrowser();
         viewQueryData("auditLog", "ExperimentAuditEvent");
-        assertTextPresent(
-                "Data row, id ",
-                ", edited in " + TEST_ASSAY + ".",
-                "Specimen ID changed from 'AAA07XK5-05' to 'EditedSpecimenID'",
-                "Visit ID changed from '601.0' to '601.5",
-                "testAssayDataProp5 changed from blank to '514801'",
-                "Deleted data row, id ");
+        assertTextPresent("1 data row has been edited in " + TEST_ASSAY + ".");
+
     }
 
     /**
diff --git a/study/test/src/org/labkey/test/tests/study/StudyDatasetFileFieldTest.java b/study/test/src/org/labkey/test/tests/study/StudyDatasetFileFieldTest.java
@@ -130,7 +130,7 @@ public void testFileField() throws IOException, CommandException
         File downloadedFile = doAndWaitForDownload(() -> waitAndClick(WAIT_FOR_JAVASCRIPT, Locator.tagWithAttribute("a", "title", "Download attached file"), 0));
         checker().verifyTrue("Incorrect file name ", FileUtils.contentEquals(downloadedFile, inputFile));
 
-        FileBrowserHelper.FileDetailInfo fileInfoOriginalFile = _fileBrowserHelper.getFileDetailInfo(getProjectName(), "sample.txt");
+        FileBrowserHelper.FileDetailInfo fileInfoOriginalFile = FileBrowserHelper.getFileDetailInfo(getProjectName(), "sample.txt");
 
         goToFolderManagement().goToExportTab();
         new Checkbox(Locator.tagWithText("label", "Files").precedingSibling("input").findElement(getDriver())).check();

Original file line number	Diff line number	Diff line change
`@@ -364,16 +364,16 @@ public static File convertToFile(Object value, @NotNull Container container, @No`
`364`	`364`
`365`	`365`	`// toss in here an additional check, if starts with HTTP then try to use _webdav to resolve it`
`366`	`366`	`// MAKE sure that the security is in place - figure out what container it is in`
`367`		`- String webdav = value.toString();`
`368`		`- if (null != StringUtils.trimToNull(webdav))`
	`367`	`+ String rootSubstitutedPath = getFileRootSubstitutedFilePath(value.toString(), fileRootPath);;`
	`368`	`+ if (null != StringUtils.trimToNull(rootSubstitutedPath))`
`369`	`369`	`{`
`370`	`370`	`if (assayResultFileRoot != null)`
`371`	`371`	`{`
`372`	`372`	`try`
`373`	`373`	`{`
`374`	`374`	`for (int i = 0; i < 5; i++) // try up to 5 times to find a case-sensitive match`
`375`	`375`	`{`
`376`		`- String resultsFileName = FileUtil.getAppendedFileName(webdav, i);`
	`376`	`+ String resultsFileName = FileUtil.getAppendedFileName(rootSubstitutedPath, i);`
`377`	`377`	`FileLike assayResultFile = assayResultFileRoot.resolveChild(resultsFileName);`
`378`	`378`
`379`	`379`	`if (!assayResultFile.isFile())`
`@@ -390,7 +390,9 @@ public static File convertToFile(Object value, @NotNull Container container, @No`
`390`	`390`
`391`	`391`	`}`
`392`	`392`
`393`		`- webdav = getFileRootSubstitutedFilePath(webdav, fileRootPath);`
	`393`	`+ String webdav = rootSubstitutedPath;`
	`394`	`+ if (webdav.startsWith(AppProps.getInstance().getContextPath()))`
	`395`	`+ webdav = webdav.substring(AppProps.getInstance().getContextPath().length());`
`394`	`396`	`Path path = Path.decode(FileUtil.encodeForURL(webdav, true /Issue 51207/).replace(AppProps.getInstance().getBaseServerUrl() + AppProps.getInstance().getContextPath(), ""));`
`395`	`397`	`WebdavResource resource = WebdavService.get().getResolver().lookup(path);`
`396`	`398`	`if (resource != null && resource.isFile())`
`@@ -440,7 +442,7 @@ public static File convertToFile(Object value, @NotNull Container container, @No`
`440`	`442`	`}`
`441`	`443`
`442`	`444`	`// Otherwise, treat it as a plain path (processed by getFileRootSubstitutedFilePath)`
`443`		`- return FILE_CONVERTER.convert(File.class, webdav);`
	`445`	`+ return FILE_CONVERTER.convert(File.class, rootSubstitutedPath);`
`444`	`446`	`}`
`445`	`447`
`446`	`448`	`// if two files were uploaded with the same name but different casing, then the file system will uniquify the names`