1
0
Fork 0
mirror of https://gitlab.com/sbrl/GalleryShare.git synced 2018-06-12 22:45:16 +00:00

Don't escape forward slashes - that breaks pathing.

This commit is contained in:
Starbeamrainbowlabs 2016-08-10 17:53:29 +01:00
parent b443508c42
commit 1d60b9b085
2 changed files with 18 additions and 5 deletions

View file

@ -28,7 +28,7 @@
<xsl:template match="ListingEntry[@Type='File']"> <xsl:template match="ListingEntry[@Type='File']">
<a href="{Name}" class="preview-backdrop"> <a href="{Name}" class="preview-backdrop">
<figure class="preview file" style="background-image: url('{Name}?type=thumbnail');"> <figure class="preview file" style="background-image: url('{Name}?type=thumbnail');">
<figcaption><xsl:value-of select="Name" /></figcaption> <figcaption><xsl:value-of select="DisplayName" /></figcaption>
</figure> </figure>
</a> </a>
</xsl:template> </xsl:template>
@ -36,7 +36,7 @@
<a href="{Name}" class="preview-backdrop"> <a href="{Name}" class="preview-backdrop">
<figure class="preview directory"> <figure class="preview directory">
(coming soon) (coming soon)
<figcaption><xsl:value-of select="Name" /></figcaption> <figcaption><xsl:value-of select="DisplayName" /></figcaption>
</figure> </figure>
</a> </a>
</xsl:template> </xsl:template>

View file

@ -46,7 +46,7 @@ namespace GalleryShare.RequestRouter
await xmlData.WriteStartDocumentAsync(); await xmlData.WriteStartDocumentAsync();
await xmlData.WriteProcessingInstructionAsync("xml-stylesheet", "type=\"text/xsl\" href=\"/!Transform-DirListing.xslt\""); await xmlData.WriteProcessingInstructionAsync("xml-stylesheet", "type=\"text/xsl\" href=\"/!Transform-DirListing.xslt\"");
await xmlData.WriteStartElementAsync(null, "DirectoryListing", null); await xmlData.WriteStartElementAsync(null, "DirectoryListing", null);
await xmlData.WriteElementStringAsync(null, "CurrentDirectory", null, Uri.EscapeDataString(cycle.Request.RawUrl)); await xmlData.WriteElementStringAsync(null, "CurrentDirectory", null, cycle.Request.RawUrl);
await xmlData.WriteStartElementAsync(null, "Contents", null); await xmlData.WriteStartElementAsync(null, "Contents", null);
foreach (string directoryName in dirDirectories) foreach (string directoryName in dirDirectories)
@ -54,7 +54,8 @@ namespace GalleryShare.RequestRouter
await xmlData.WriteStartElementAsync(null, "ListingEntry", null); await xmlData.WriteStartElementAsync(null, "ListingEntry", null);
await xmlData.WriteAttributeStringAsync(null, "Type", null, "Directory"); await xmlData.WriteAttributeStringAsync(null, "Type", null, "Directory");
await xmlData.WriteElementStringAsync(null, "Name", null, Uri.EscapeDataString("/" + directoryName.Substring(parentServer.ServingDirectory.Length))); await xmlData.WriteElementStringAsync(null, "Name", null, escapePath("/" + directoryName.Substring(parentServer.ServingDirectory.Length)));
await xmlData.WriteElementStringAsync(null, "DisplayName", null, directoryName.Substring(parentServer.ServingDirectory.Length));
await xmlData.WriteElementStringAsync(null, "ItemCount", null, Directory.GetFileSystemEntries(directoryName).Length.ToString()); await xmlData.WriteElementStringAsync(null, "ItemCount", null, Directory.GetFileSystemEntries(directoryName).Length.ToString());
await xmlData.WriteEndElementAsync(); await xmlData.WriteEndElementAsync();
@ -64,7 +65,8 @@ namespace GalleryShare.RequestRouter
await xmlData.WriteStartElementAsync(null, "ListingEntry", null); await xmlData.WriteStartElementAsync(null, "ListingEntry", null);
await xmlData.WriteAttributeStringAsync(null, "Type", null, "File"); await xmlData.WriteAttributeStringAsync(null, "Type", null, "File");
await xmlData.WriteElementStringAsync(null, "Name", null, Uri.EscapeDataString("/" + filename.Substring(parentServer.ServingDirectory.Length))); await xmlData.WriteElementStringAsync(null, "Name", null, escapePath("/" + filename.Substring(parentServer.ServingDirectory.Length)));
await xmlData.WriteElementStringAsync(null, "DisplayName", null, "/" + filename.Substring(parentServer.ServingDirectory.Length));
await xmlData.WriteEndElementAsync(); await xmlData.WriteEndElementAsync();
} }
@ -72,6 +74,17 @@ namespace GalleryShare.RequestRouter
await xmlData.WriteEndDocumentAsync(); await xmlData.WriteEndDocumentAsync();
await xmlData.FlushAsync(); await xmlData.FlushAsync();
} }
/// <summary>
/// Escapes a path to make it safe for sending to a browser.
/// Does not escape forward slashes ('/').
/// </summary>
/// <param name="path">The path to escape.</param>
/// <returns>An escaped version of the given path.</returns>
private string escapePath(string path)
{
return Uri.EscapeDataString(path).Replace("%2F", "/");
}
} }
} }