diff options
| author | tenox <as@tenoware.com> | 2016-08-27 01:51:50 -0700 |
|---|---|---|
| committer | tenox <as@tenoware.com> | 2016-08-27 01:51:50 -0700 |
| commit | 0284f7cc574b34a78da1151254225c0f6bdb6834 (patch) | |
| tree | 5b2e12bb9ab1e8f4541d1fcc505c69e152543642 | |
| parent | b234251a4d6b05ea4e951553071702715b7e6747 (diff) | |
| download | wfm-0284f7cc574b34a78da1151254225c0f6bdb6834.tar.gz | |
URL encoding to allow some non-portable characters in file names1.1.0
| -rw-r--r-- | dialogs.c | 3 | ||||
| -rw-r--r-- | dir.c | 96 | ||||
| -rw-r--r-- | fileio.c | 13 | ||||
| -rw-r--r-- | wfm.c | 16 | ||||
| -rw-r--r-- | wfm.h | 12 |
5 files changed, 76 insertions, 64 deletions
@@ -246,6 +246,7 @@ void about(void) { "Server Side RFC 1321 implementation by L. Peter Deutsch<BR>\n" "Client Side RFC 1321 implementation by Paul Johnston<BR>\n" "Icons by Yusuke Kamiyamane<BR>\n" + "URL Encoding routines by Fred Bulback<BR>\n" "Copyright © 1994-2016 by Antoni Sawicki<BR>\n" "Copyright © 1996-2011 by Thomas Boutell and Boutell.Com, Inc.<BR>\n" "Copyright © 2002 by Aladdin Enterprises<BR>\n" @@ -318,7 +319,7 @@ void login_ui(void) { if(js>=2) fprintf(cgiOut, "onClick=\"self.location='%s?directory=%s&login=client&token=' + hex_md5('%s:' + document.wfm.username.value + ':' + document.wfm.password.value); return false;\"", - cgiScriptName, virt_dirname, cgiRemoteAddr); + cgiScriptName, virt_dirname_urlencoded, cgiRemoteAddr); fputs( ">\n" @@ -63,7 +63,7 @@ void dirlist(void) { char rtime[64], mtime[64], atime[64]; char *stime; char sortby[64]={0}; - char *name, *icon, *linecolor; + char *name, *name_urlencoded, *icon, *linecolor; int nentr=0, e=0, n=1; int editable; int upload_id=0; @@ -74,7 +74,7 @@ void dirlist(void) { if(upload_id<1) upload_id=now; // holy shit - cgiFormStringNoNewlines("highlight", highlight, VIRT_FILENAME_SIZE-1); + cgiFormStringNoNewlines("highlight", highlight, VIRT_FILENAME_SIZE-1); //TODO: urlencode ? cgiFormStringNoNewlines("sortby", sortby, 63); if(strlen(sortby)<4) snprintf(sortby, 63, "name"); @@ -189,8 +189,7 @@ void dirlist(void) { "<TD NOWRAP WIDTH=\"100%%\" BGCOLOR=\"#0072c6\" VALIGN=\"MIDDLE\" ALIGN=\"LEFT\" STYLE=\"color:#FFFFFF; font-weight:bold;\">\n" " <IMG SRC=\"%s%s\" ALIGN=\"MIDDLE\" ALT=\"WFM\">\n" "%s : %c%s \n" - "<TD NOWRAP BGCOLOR=\"#F1F1F1\" VALIGN=\"MIDDLE\" ALIGN=\"RIGHT\" STYLE=\"color:#000000; font-weight:bold; white-space:nowrap\">\n" - , + "<TD NOWRAP BGCOLOR=\"#F1F1F1\" VALIGN=\"MIDDLE\" ALIGN=\"RIGHT\" STYLE=\"color:#000000; font-weight:bold; white-space:nowrap\">\n", ICONSURL, FAVICON, TAGLINE, (strlen(virt_dirname)>0) ? ' ' : '/', virt_dirname ); @@ -200,24 +199,21 @@ void dirlist(void) { fprintf(cgiOut, "<A HREF=\"%s?action=login&directory=%s\">" " <IMG SRC=\"%s%s.gif\" ALIGN=\"MIDDLE\" BORDER=\"0\" ALT=\"Access\"></A> %s\n", - cgiScriptName, virt_dirname, ICONSURL, access_string[access_level], access_string[access_level]); + cgiScriptName, virt_dirname_urlencoded, ICONSURL, access_string[access_level], access_string[access_level]); else fprintf(cgiOut, "<A HREF=\"%s?directory=%s\"><IMG SRC=\"%s%s.gif\" BORDER=\"0\" ALIGN=\"MIDDLE\" ALT=\"Access\">" "</A> %s <IMG SRC=\"%suser.gif\" ALIGN=\"MIDDLE\" ALT=\"User\"> %s \n", - cgiScriptName, virt_dirname, ICONSURL, access_string[access_level], access_string[access_level], ICONSURL, loggedinuser); + cgiScriptName, virt_dirname_urlencoded, ICONSURL, access_string[access_level], access_string[access_level], ICONSURL, loggedinuser); // about / version fprintf(cgiOut, - //"</TD><TD NOWRAP BGCOLOR=\"#F1F1F1\" VALIGN=\"MIDDLE\" ALIGN=\"RIGHT\" STYLE=\"color:#000000; font-weight:bold; white-space:nowrap\">" - " <IMG SRC=\"%snet.gif\" ALIGN=\"MIDDLE\" ALT=\"Client IP\"> %s "//</TD>" - //"<TD NOWRAP BGCOLOR=\"#F1F1F1\" VALIGN=\"MIDDLE\" ALIGN=\"RIGHT\" STYLE=\"color:#000000; font-weight:bold; white-space:nowrap\">" + " <IMG SRC=\"%snet.gif\" ALIGN=\"MIDDLE\" ALT=\"Client IP\"> %s " "<A HREF=\"%s?action=about&directory=%s&token=%s\"><IMG BORDER=\"0\" SRC=\"%sver.gif\" ALIGN=\"MIDDLE\" ALT=\"Version\"></A> v%s " "</TD>\n"\ "</TR>\n"\ "</TABLE>\n", - ICONSURL, cgiRemoteAddr, cgiScriptName, virt_dirname, token, ICONSURL, VERSION - ); + ICONSURL, cgiRemoteAddr, cgiScriptName, virt_dirname_urlencoded, token, ICONSURL, VERSION); @@ -234,7 +230,7 @@ void dirlist(void) { "<IMG SRC=\"%sdir_up.gif\" BORDER=0 ALIGN=\"MIDDLE\" WIDTH=\"16\" HEIGHT=\"16\" ALT=\"Dir Up\"> Up" "</A>\n" "</TD>\n", - cgiScriptName, sortby, virt_parent, token, ICONSURL); + cgiScriptName, sortby, virt_parent_urlencoded, token, ICONSURL); fprintf(cgiOut, "<!-- HOME -->\n" @@ -252,7 +248,7 @@ void dirlist(void) { "<IMG SRC=\"%sreload.gif\" BORDER=0 ALIGN=\"MIDDLE\" ALT=\"Reload\"> Refresh" "</A>\n" "</TD>\n", - cgiScriptName, sortby, virt_dirname, token, ICONSURL); + cgiScriptName, sortby, virt_dirname_urlencoded, token, ICONSURL); fprintf(cgiOut, "<!-- MULTI DELETE -->\n"\ @@ -277,7 +273,7 @@ void dirlist(void) { "<IMG SRC=\"%smkdir.gif\" BORDER=0 ALIGN=\"MIDDLE\" ALT=\"New Folder\"> New Folder\n" "</A>\n" "</TD>\n", - cgiScriptName, virt_dirname, token, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, token, ICONSURL); fprintf(cgiOut, @@ -287,7 +283,7 @@ void dirlist(void) { "<IMG SRC=\"%smkfile.gif\" BORDER=0 ALIGN=\"MIDDLE\" ALT=\"New File\"> New File" "</A>\n" "</TD>\n", - cgiScriptName, virt_dirname, token, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, token, ICONSURL); @@ -308,33 +304,33 @@ void dirlist(void) { // SORT BY // if(strcmp(sortby, "size")==0) { - snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname, token); - snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=rsize\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A> %s", cgiScriptName, virt_dirname, token, ADNIMG); - snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname, token); + snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=rsize\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A> %s", cgiScriptName, virt_dirname_urlencoded, token, ADNIMG); + snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname_urlencoded, token); } else if(strcmp(sortby, "rsize")==0) { - snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname, token); - snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A> %s", cgiScriptName, virt_dirname, token, AUPIMG); - snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname, token); + snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A> %s", cgiScriptName, virt_dirname_urlencoded, token, AUPIMG); + snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname_urlencoded, token); } else if(strcmp(sortby, "date")==0) { - snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname, token); - snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname, token); - snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=rdate\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A> %s", cgiScriptName, virt_dirname, token, ADNIMG); + snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=rdate\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A> %s", cgiScriptName, virt_dirname_urlencoded, token, ADNIMG); } else if(strcmp(sortby, "rdate")==0) { - snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname, token); - snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname, token); - snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A> %s", cgiScriptName, virt_dirname, token, AUPIMG); + snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A> %s", cgiScriptName, virt_dirname_urlencoded, token, AUPIMG); } else if(strcmp(sortby, "name")==0) { - snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=rname\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A> %s", cgiScriptName, virt_dirname, token, ADNIMG); - snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname, token); - snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname, token); + snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=rname\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A> %s", cgiScriptName, virt_dirname_urlencoded, token, ADNIMG); + snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname_urlencoded, token); } else if(strcmp(sortby, "rname")==0) { - snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A> %s", cgiScriptName, virt_dirname, token, AUPIMG); - snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname, token); - snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname, token); + snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A> %s", cgiScriptName, virt_dirname_urlencoded, token, AUPIMG); + snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname_urlencoded, token); } else { - snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname, token); - snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname, token); - snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname, token); + snprintf(namepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=name\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Filename</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(sizepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=size\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Size</A>", cgiScriptName, virt_dirname_urlencoded, token); + snprintf(datepfx, 1024, " <A HREF=\"%s?directory=%s&token=%s&sortby=date\" STYLE=\"text-decoration: none; color:#FFFFFF;\">Modified</A>", cgiScriptName, virt_dirname_urlencoded, token); } @@ -376,8 +372,9 @@ void dirlist(void) { "<!-- End of Header -->\n\n", namepfx, sizepfx, datepfx); - - // Directories + // + // Enumerate Directories + // for(e=0; e<nentr; e++) { if(!S_ISDIR(direntry[e].type)) continue; @@ -385,6 +382,8 @@ void dirlist(void) { continue; name=direntry[e].name; + name_urlencoded=url_encode(name); + if(recursive_du) { snprintf(phys_filename, PHYS_FILENAME_SIZE, "%s/%s", phys_dirname, direntry[e].name); size=du(phys_filename); @@ -448,7 +447,7 @@ void dirlist(void) { "<TD NOWRAP ALIGN=\"RIGHT\"><SPAN TITLE=\"Created:%s\n Modified:%s\n Accessed:%s\n\">%s %s</FONT></SPAN></TD>\n"\ "<TD NOWRAP > </TD>"\ "<TD NOWRAP ALIGN=\"LEFT\">", - cgiScriptName, sortby, (strcmp(virt_dirname, "/")==0) ? "" : virt_dirname, name, token, icon, name, + cgiScriptName, sortby, (strcmp(virt_dirname, "/")==0) ? "" : virt_dirname_urlencoded, name_urlencoded, token, icon, name, buprintf(size, TRUE), rtime, mtime, atime, stime, mtime); // rename @@ -456,14 +455,14 @@ void dirlist(void) { "<A HREF=\"%s?action=rename_prompt&directory=%s&filename=%s&token=%s\" TITLE=\"Rename '%s'\">\n"\ "<IMG SRC=\"%srename.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Rename File\">\n"\ "</A>\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL); // move fprintf(cgiOut, "\n"\ "<A HREF=\"%s?action=move_prompt&directory=%s&filename=%s&token=%s\" TITLE=\"Move '%s'\">\n"\ "<IMG SRC=\"%smove.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Move File\">\n"\ "</A>\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL); // delete fprintf(cgiOut, "\n"\ @@ -472,7 +471,7 @@ void dirlist(void) { "</A>\n"\ "</TD>\n"\ "</TR>\n\n\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL); totalsize+=size; n++; @@ -487,6 +486,7 @@ void dirlist(void) { continue; name=direntry[e].name; + name_urlencoded=url_encode(name); size=direntry[e].size; ctime_r(&direntry[e].atime, atime); @@ -545,7 +545,7 @@ void dirlist(void) { fprintf(cgiOut, ">\n<TD NOWRAP ALIGN=\"LEFT\"><INPUT TYPE=\"CHECKBOX\" NAME=\"multiselect_filename\" STYLE=\"border: none;\" VALUE=\"%s\">" "<A HREF=\"%s?action=%s&directory=%s&filename=%s&token=%s\" TITLE=\"Open '%s'\">%s %s</A></TD>\n", - name, cgiScriptName, (edit_by_default && editable) ? "edit" : "sendfile", virt_dirname, name, token, name, icon, name); + name, cgiScriptName, (edit_by_default && editable) ? "edit" : "sendfile", virt_dirname_urlencoded, name_urlencoded, token, name, icon, name); // size / date @@ -565,7 +565,7 @@ void dirlist(void) { "<A HREF=\"%s?action=rename_prompt&directory=%s&filename=%s&token=%s\" TITLE=\"Rename '%s'\">\n" "<IMG SRC=\"%srename.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Rename File\">\n" "</A>\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL); // move fprintf(cgiOut, @@ -573,7 +573,7 @@ void dirlist(void) { "<A HREF=\"%s?action=move_prompt&directory=%s&filename=%s&token=%s\" TITLE=\"Move '%s'\">" "<IMG SRC=\"%smove.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Move '%s'\">\n" "</A>\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL, name); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL, name); // delete fprintf(cgiOut, @@ -582,7 +582,7 @@ void dirlist(void) { "TITLE=\"Remove '%s'\"> \n" "<IMG SRC=\"%sdelete.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Delete File\">\n" "</A>\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL); // view @@ -605,7 +605,7 @@ void dirlist(void) { "</A>\n" "</TD>\n" "</TR>\n\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL); else fprintf(cgiOut, "\n" @@ -614,7 +614,7 @@ void dirlist(void) { "</A>\n" "</TD>\n" "</TR>\n\n", - cgiScriptName, virt_dirname, name, token, name, ICONSURL); + cgiScriptName, virt_dirname_urlencoded, name_urlencoded, token, name, ICONSURL); } else { fprintf(cgiOut, @@ -82,7 +82,7 @@ void receivefile(void) { cgiFormFileClose(input); fclose(output); - redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename, virt_dirname, token); + redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename_urlencoded, virt_dirname_urlencoded, token); } @@ -102,7 +102,8 @@ void mkfile(void) { fclose(output); - redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename, virt_dirname, token); + redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename_urlencoded, virt_dirname_urlencoded + , token); } @@ -117,7 +118,7 @@ void newdir(void) { if(mkdir(phys_filename, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH )!=0) error("Unable to create directory.<BR>%s", strerror(errno)); - redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename, virt_dirname, token); + redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename_urlencoded, virt_dirname_urlencoded, token); } @@ -201,7 +202,7 @@ void edit_save(void) { free(buff); - redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename, virt_dirname, token); + redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_filename_urlencoded, virt_dirname_urlencoded, token); } // @@ -286,7 +287,7 @@ void delete(void) { } } - redirect("%s?directory=%s&token=%s", cgiScriptName, virt_dirname, token); + redirect("%s?directory=%s&token=%s", cgiScriptName, virt_dirname_urlencoded, token); } // @@ -331,7 +332,7 @@ void move(void) { } } - redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, virt_destination, virt_dirname, token); + redirect("%s?highlight=%s&directory=%s&token=%s", cgiScriptName, url_encode(virt_destination), virt_dirname_urlencoded, token); } @@ -101,7 +101,7 @@ void login(void) { if(strlen(username)) { snprintf(token_inp, sizeof(token_inp), "%s:%s:%s", cgiRemoteAddr, username, password); - redirect("%s?directory=%s&login=server&token=%s", cgiScriptName, virt_dirname, mktoken(token_inp)); // generate MD5 as if it was the client + redirect("%s?directory=%s&login=server&token=%s", cgiScriptName, virt_dirname_urlencoded, mktoken(token_inp)); // generate MD5 as if it was the client } else login_ui(); // display actual login page, which normally generates token in JavaScript @@ -203,17 +203,19 @@ void checkfilename(char *inp_filename) { strncpy(temp_dirname, phys_filename, PHYS_FILENAME_SIZE); if(strlen(dirname(temp_dirname)) < strlen(HOMEDIR)) error("Invalid directory name."); + + virt_filename_urlencoded=url_encode(virt_filename); } // // Check destination -// Only used by move() +// Only called by move() // void checkdestination(void) { int absolute_destination; cgiFormStringNoNewlines("destination", virt_destination, VIRT_DESTINATION_SIZE); - strip(virt_destination, VIRT_DESTINATION_SIZE, VALIDCHRS_DST); + strip(virt_destination, VIRT_DESTINATION_SIZE, VALIDCHRS_DIR); cgiFormInteger("absdst", &absolute_destination, 0); // move operation relies on absolute paths if(absolute_destination) snprintf(phys_destination, PHYS_DESTINATION_SIZE, "%s/%s", HOMEDIR, virt_destination); @@ -228,13 +230,13 @@ void checkdestination(void) { // // Check directory -// Only used by cgiMain during initialization +// Only called by cgiMain during initialization // void checkdirectory(void) { char temp[VIRT_DIRNAME_SIZE]={0}; cgiFormStringNoNewlines("directory", virt_dirname, VIRT_DIRNAME_SIZE); - strip(virt_dirname, VIRT_DIRNAME_SIZE, VALIDCHRS_DST); + strip(virt_dirname, VIRT_DIRNAME_SIZE, VALIDCHRS_DIR); snprintf(phys_dirname, PHYS_DIRNAME_SIZE, "%s/%s", HOMEDIR, virt_dirname); if(strlen(phys_dirname)<2 || strlen(phys_dirname)>(PHYS_DIRNAME_SIZE-2)) @@ -245,9 +247,12 @@ void checkdirectory(void) { if(!strlen(virt_dirname)) strcpy(virt_dirname, "/"); + virt_dirname_urlencoded=url_encode(virt_dirname); + // parent strncpy(temp, virt_dirname, VIRT_DIRNAME_SIZE); strncpy(virt_parent, dirname(temp), VIRT_DIRNAME_SIZE); + virt_parent_urlencoded=url_encode(virt_parent); } @@ -440,6 +445,7 @@ int cgiMain(void) { if(!strlen(FAVICON)) strcpy(FAVICON, "wfmicon.gif"); + snprintf(VALIDCHRS_DIR, sizeof(VALIDCHRS_DIR), "%s/", VALIDCHRS); checkdirectory(); // JavaScript check @@ -1,4 +1,4 @@ -#define VERSION "1.0.5" +#define VERSION "1.1.0" #define copyright "<!-- WFM Version " VERSION ", Mountain View, CA, " __DATE__ " [" __TIME__ "] -->\n<!-- Copyright (c) 1994-2016 by Antoni Sawicki -->\n" #define CSS_STYLE \ @@ -52,8 +52,8 @@ #include "cgic.h" #include "wfmiconres.h" -#define VALIDCHRS "anu-_." -#define VALIDCHRS_DST "anu-_./" +#define VALIDCHRS "an ()[]{}-_.,!@#$%^&=+;" +char VALIDCHRS_DIR[256]; // above + / #define P1024_1 1024.0f @@ -71,12 +71,15 @@ #define PHYS_DESTINATION_SIZE 1280 char virt_dirname[VIRT_DIRNAME_SIZE]; +char *virt_dirname_urlencoded; char phys_dirname[PHYS_DIRNAME_SIZE]; char virt_filename[VIRT_FILENAME_SIZE]; +char *virt_filename_urlencoded; char phys_filename[PHYS_FILENAME_SIZE]; char virt_destination[VIRT_DESTINATION_SIZE]; char phys_destination[PHYS_DESTINATION_SIZE]; char virt_parent[VIRT_DIRNAME_SIZE]; +char *virt_parent_urlencoded; char ICONSURL[1024]; char HOMEDIR[1024]; @@ -144,4 +147,5 @@ void login_ui(void); void tstop(void); void html_title(char *); void singleprompt_ui(char *); - +char *url_encode(char *); +char *url_decode(char *); |