allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')
This commit is contained in:
zotlabs
parent
359bfb76f6
commit
7efcb3c75f
@ -59,19 +59,10 @@ class Cloud extends \Zotlabs\Web\Controller {
|
||||
|
||||
// if we arrived at this path with any query parameters in the url, build a clean url without
|
||||
// them and redirect.
|
||||
// @fixme if the filename has an ampersand in it AND there are query parameters,
|
||||
// this may not do the right thing.
|
||||
|
||||
if((strpos($_SERVER['QUERY_STRING'],'?') !== false) || (strpos($_SERVER['QUERY_STRING'],'&') !== false && strpos($_SERVER['QUERY_STRING'],'&') === false)) {
|
||||
$path = z_root();
|
||||
if(argc()) {
|
||||
foreach(\App::$argv as $a) {
|
||||
$path .= '/' . $a;
|
||||
}
|
||||
}
|
||||
goaway($path);
|
||||
}
|
||||
|
||||
$x = clean_query_string();
|
||||
if($x !== \App::$query_string)
|
||||
goaway(z_root() . '/' . $x);
|
||||
|
||||
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
|
||||
|
||||
@ -92,16 +83,17 @@ class Cloud extends \Zotlabs\Web\Controller {
|
||||
$server->addPlugin($browser);
|
||||
|
||||
// Experimental QuotaPlugin
|
||||
// require_once('\Zotlabs\Storage/QuotaPlugin.php');
|
||||
// $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
|
||||
// require_once('\Zotlabs\Storage/QuotaPlugin.php');
|
||||
// $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
|
||||
|
||||
|
||||
// ob_start();
|
||||
// All we need to do now, is to fire up the server
|
||||
|
||||
$server->exec();
|
||||
|
||||
// ob_end_flush();
|
||||
if($browser->build_page)
|
||||
construct_page();
|
||||
|
||||
killme();
|
||||
}
|
||||
|
||||
|
||||
@ -233,6 +233,7 @@ class Browser extends DAV\Browser\Plugin {
|
||||
$f[] = $ft;
|
||||
}
|
||||
|
||||
|
||||
$output = '';
|
||||
if ($this->enablePost) {
|
||||
$this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path));
|
||||
|
||||
1
boot.php
1
boot.php
@ -925,6 +925,7 @@ class App {
|
||||
*/
|
||||
|
||||
self::$argv = explode('/', self::$cmd);
|
||||
|
||||
self::$argc = count(self::$argv);
|
||||
if ((array_key_exists('0', self::$argv)) && strlen(self::$argv[0])) {
|
||||
if(strpos(self::$argv[0],'.')) {
|
||||
|
||||
@ -103,25 +103,14 @@ function strip_zats($s) {
|
||||
return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s);
|
||||
}
|
||||
|
||||
function strip_auth_query_params() {
|
||||
|
||||
$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
|
||||
$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
|
||||
$_SERVER['QUERY_STRING'] = strip_owt($_SERVER['QUERY_STRING']);
|
||||
|
||||
$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
|
||||
$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
|
||||
$_SERVER['REQUEST_URI'] = strip_owt($_SERVER['REQUEST_URI']);
|
||||
|
||||
|
||||
$_ENV['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['QUERY_STRING']);
|
||||
$_ENV['QUERY_STRING'] = strip_zids($_ENV['QUERY_STRING']);
|
||||
$_ENV['QUERY_STRING'] = strip_owt($_ENV['QUERY_STRING']);
|
||||
|
||||
$_ENV['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['REQUEST_URI']);
|
||||
$_ENV['REQUEST_URI'] = strip_zids($_ENV['REQUEST_URI']);
|
||||
$_ENV['REQUEST_URI'] = strip_owt($_ENV['REQUEST_URI']);
|
||||
function clean_query_string() {
|
||||
$x = strip_zids(\App::$query_string);
|
||||
$x = strip_owt($x);
|
||||
$x = strip_zats($x);
|
||||
|
||||
return strip_query_param($x,'f');
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user