From ae004c8a6ccf887ebec32dddc9fa2858dd199958 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Omar=20L=C3=B3pez?= <zomars@me.com>
Date: Thu, 5 Jan 2023 16:38:44 -0700
Subject: [PATCH] Fixes extension check for URL with dots in segments (#6301)

---
 packages/lib/CalendarService.ts | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/packages/lib/CalendarService.ts b/packages/lib/CalendarService.ts
index 71d9a1736b..96f3a25a22 100644
--- a/packages/lib/CalendarService.ts
+++ b/packages/lib/CalendarService.ts
@@ -37,6 +37,22 @@ const DEFAULT_CALENDAR_TYPE = "caldav";
 
 const CALENDSO_ENCRYPTION_KEY = process.env.CALENDSO_ENCRYPTION_KEY || "";
 
+function hasFileExtension(url: string): boolean {
+  // Get the last portion of the URL (after the last '/')
+  const fileName = url.substring(url.lastIndexOf("/") + 1);
+  // Check if the file name has a '.' in it and no '/' after the '.'
+  return fileName.includes(".") && !fileName.substring(fileName.lastIndexOf(".")).includes("/");
+}
+
+function getFileExtension(url: string): string | null {
+  // Return null if the URL does not have a file extension
+  if (!hasFileExtension(url)) return null;
+  // Get the last portion of the URL (after the last '/')
+  const fileName = url.substring(url.lastIndexOf("/") + 1);
+  // Extract the file extension
+  return fileName.substring(fileName.lastIndexOf(".") + 1);
+}
+
 const convertDate = (date: string): DateArray =>
   dayjs(date)
     .utc()
@@ -259,14 +275,14 @@ export default abstract class BaseCalendarService implements Calendar {
   }
 
   isValidFormat = (url: string): boolean => {
-    const acceptedFormats = ["eml", "ics"];
-    const urlFormat = url.split(".").pop();
-    if (urlFormat === undefined) {
+    const allowedExtensions = ["eml", "ics"];
+    const urlExtension = getFileExtension(url);
+    if (!urlExtension) {
       console.error("Invalid request, calendar object extension missing");
       return false;
     }
-    if (!acceptedFormats.includes(urlFormat)) {
-      console.error(`Unsupported calendar object format: ${urlFormat}`);
+    if (!allowedExtensions.includes(urlExtension)) {
+      console.error(`Unsupported calendar object format: ${urlExtension}`);
       return false;
     }
     return true;