add validation for file name

src/main/java/org/codelibs/fess/app/web/admin/design/AdminDesignAction.java

@@ -114,7 +114,7 @@ public class AdminDesignAction extends FessAdminAction implements Serializable {
 
     @Execute
     public HtmlResponse upload(final UploadForm form) {
-        validate(form, messages -> {}, () -> asListHtml());
+        validate(form, messages -> {}, () -> asListHtml(form));
         verifyToken(() -> asListHtml());
         final String uploadedFileName = form.designFile.getFileName();
         String fileName = form.designFileName;
@@ -306,6 +306,14 @@ public class AdminDesignAction extends FessAdminAction implements Serializable {
         return asHtml(path_AdminDesign_AdminDesignJsp).useForm(DesignForm.class);
     }
 
+    private HtmlResponse asListHtml(UploadForm uploadForm) {
+        return asHtml(path_AdminDesign_AdminDesignJsp).useForm(DesignForm.class, setup -> {
+            setup.setup(form -> {
+                copyBeanToBean(uploadForm, form, op -> op.include("designFile", "designFileName"));
+            });
+        });
+    }
+
     private HtmlResponse asEditHtml() {
         return asHtml(path_AdminDesign_AdminDesignEditJsp);
     }

src/main/java/org/codelibs/fess/app/web/admin/design/UploadForm.java

@@ -17,6 +17,8 @@ package org.codelibs.fess.app.web.admin.design;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.Pattern;
+
 import org.lastaflute.web.ruts.multipart.MultipartFormFile;
 import org.lastaflute.web.validation.Required;
 
@@ -27,5 +29,6 @@ public class UploadForm implements Serializable {
     @Required
     public MultipartFormFile designFile;
 
+    @Pattern(regexp = "^[^\\\\|/|:|\\*|?|\"|<|>|\\|]+$", message = "{errors.design_file_name_is_invalid}")
     public String designFileName;
 }