harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')

Browse Source
This commit is contained in:
zotlabs 2017-11-05 19:47:44 -08:00
parent 359bfb76f6
commit 7efcb3c75f
4 changed files with 15 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Zotlabs/Module/Cloud.php
View File

@ -59,19 +59,10 @@ class Cloud extends \Zotlabs\Web\Controller {
// if we arrived at this path with any query parameters in the url, build a clean url without // if we arrived at this path with any query parameters in the url, build a clean url without
// them and redirect. // them and redirect.
// @fixme if the filename has an ampersand in it AND there are query parameters,
// this may not do the right thing.
if((strpos($_SERVER['QUERY_STRING'],'?') !== false) || (strpos($_SERVER['QUERY_STRING'],'&') !== false && strpos($_SERVER['QUERY_STRING'],'&') === false)) {
$path = z_root();
if(argc()) {
foreach(\App::$argv as $a) {
$path .= '/' . $a;
}
}
goaway($path);
}
$x = clean_query_string();
if($x !== \App::$query_string)
goaway(z_root() . '/' . $x);
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
@ -92,16 +83,17 @@ class Cloud extends \Zotlabs\Web\Controller {
$server->addPlugin($browser); $server->addPlugin($browser);
// Experimental QuotaPlugin // Experimental QuotaPlugin
// require_once('\Zotlabs\Storage/QuotaPlugin.php'); // require_once('\Zotlabs\Storage/QuotaPlugin.php');
// $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth)); // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
// ob_start();
// All we need to do now, is to fire up the server // All we need to do now, is to fire up the server
$server->exec(); $server->exec();
// ob_end_flush();
if($browser->build_page) if($browser->build_page)
construct_page(); construct_page();
killme(); killme();
} }

1
Zotlabs/Storage/Browser.php
View File

@ -233,6 +233,7 @@ class Browser extends DAV\Browser\Plugin {
$f[] = $ft; $f[] = $ft;
} }
$output = ''; $output = '';
if ($this->enablePost) { if ($this->enablePost) {
$this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path)); $this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path));

1
boot.php
View File

@ -925,6 +925,7 @@ class App {
*/ */
self::$argv = explode('/', self::$cmd); self::$argv = explode('/', self::$cmd);
self::$argc = count(self::$argv); self::$argc = count(self::$argv);
if ((array_key_exists('0', self::$argv)) && strlen(self::$argv[0])) { if ((array_key_exists('0', self::$argv)) && strlen(self::$argv[0])) {
if(strpos(self::$argv[0],'.')) { if(strpos(self::$argv[0],'.')) {

21
include/zid.php
View File

@ -103,25 +103,14 @@ function strip_zats($s) {
return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s); return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s);
} }
function strip_auth_query_params() {
$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
$_SERVER['QUERY_STRING'] = strip_owt($_SERVER['QUERY_STRING']);
$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = strip_owt($_SERVER['REQUEST_URI']);
$_ENV['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['QUERY_STRING']); function clean_query_string() {
$_ENV['QUERY_STRING'] = strip_zids($_ENV['QUERY_STRING']); $x = strip_zids(\App::$query_string);
$_ENV['QUERY_STRING'] = strip_owt($_ENV['QUERY_STRING']); $x = strip_owt($x);
$x = strip_zats($x);
$_ENV['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['REQUEST_URI']);
$_ENV['REQUEST_URI'] = strip_zids($_ENV['REQUEST_URI']);
$_ENV['REQUEST_URI'] = strip_owt($_ENV['REQUEST_URI']);
return strip_query_param($x,'f');
} }