use pathescape/joinpath instead of equeryescape

4 files changed, 33 insertions, 19 deletions

diff --git a/TODO.md b/TODO.md
index e9ee6c2..9eee6f1 100644
--- a/TODO.md
+++ b/TODO.md
@@ -10,6 +10,7 @@
 https://github.com/crazcalm/go/commit/8b0b644cd02c59fe2461908304c44d64e8be431e
 * use direct url path instead of ?dir=xxx&file=yyyy use /prefix/dir/file
 * perhaps default action should check if target is file or dir and run disp or list files?
+* use url.Parse to get correct url/path
 
 ## Security
 * seperate prefix for admin/rw users eg /admin with readonly on /
diff --git a/dir.go b/dir.go
index b0b01ab..043d735 100644
--- a/dir.go
+++ b/dir.go
@@ -3,6 +3,7 @@ package main
 import (
 	"html"
 	"io/ioutil"
+	"log"
 	"net/http"
 	"net/url"
 	"os"
@@ -25,7 +26,7 @@ func (r *wfmRequest) listFiles(hi string) {
 
 	header(r.w, r.uDir, r.eSort, "")
 	toolbars(r.w, r.uDir, r.userName, sl, i)
-	qeDir := url.QueryEscape(r.uDir)
+	qeDir := url.PathEscape(r.uDir)
 
 	z := 0
 	var total uint64
@@ -56,9 +57,12 @@ func (r *wfmRequest) listFiles(hi string) {
 			r.w.Write([]byte(`<TR BGCOLOR="#F0F0F0">`))
 		}
 		z++
-		qeFile := url.QueryEscape(f.Name())
+		qeFile := url.PathEscape(f.Name())
 		heFile := html.EscapeString(f.Name())
-		nUrl := *wfmPfx + qeDir + `/` + qeFile
+		nUrl, err := url.JoinPath(*wfmPfx, qeDir, qeFile)
+		if err != nil {
+			log.Printf("Unable to parse url: %v", err)
+		}
 		if r.eSort != "" {
 			nUrl += `?sort=` + r.eSort
 		}
@@ -104,7 +108,7 @@ func (r *wfmRequest) listFiles(hi string) {
 			r.w.Write([]byte(`<TR BGCOLOR="#F0F0F0">`))
 		}
 		z++
-		qeFile := url.QueryEscape(f.Name())
+		qeFile := url.PathEscape(f.Name())
 		heFile := html.EscapeString(f.Name())
 		r.w.Write([]byte(`
 			<TD NOWRAP ALIGN="LEFT">
@@ -133,7 +137,7 @@ func (r *wfmRequest) listFiles(hi string) {
 
 func toolbars(w http.ResponseWriter, uDir, user string, sl []string, i map[string]string) {
 	eDir := html.EscapeString(uDir)
-	qeDir := url.QueryEscape(uDir)
+	qeDir := url.PathEscape(uDir)
 	// Topbar
 	w.Write([]byte(`
         <TABLE WIDTH="100%" BGCOLOR="#FFFFFF" CELLPADDING="0" CELLSPACING="0" BORDER="0" STYLE="height:28px;"><TR>
diff --git a/fileio.go b/fileio.go
index 4ed1867..805db0d 100644
--- a/fileio.go
+++ b/fileio.go
@@ -61,7 +61,7 @@ func (r *wfmRequest) downFile() {
 		return
 	}
 	r.w.Header().Set("Content-Type", "application/octet-stream")
-	r.w.Header().Set("Content-Disposition", "attachment; filename=\""+url.QueryEscape(r.uFbn)+"\";")
+	r.w.Header().Set("Content-Disposition", "attachment; filename=\""+url.PathEscape(r.uFbn)+"\";")
 	r.w.Header().Set("Content-Length", fmt.Sprint(f.Size()))
 	r.w.Header().Set("Cache-Control", *cacheCtl)
 	streamFile(r.w, fp)
@@ -87,7 +87,7 @@ func dispInline(w http.ResponseWriter, uFilePath string) {
 	fi.Close()
 
 	w.Header().Set("Content-Type", mt.String())
-	w.Header().Set("Content-Disposition", "inline; filename=\""+url.QueryEscape(filepath.Base(uFilePath))+"\";")
+	w.Header().Set("Content-Disposition", "inline; filename=\""+url.PathEscape(filepath.Base(uFilePath))+"\";")
 	w.Header().Set("Content-Length", fmt.Sprint(f.Size()))
 	w.Header().Set("Cache-Control", *cacheCtl)
 	streamFile(w, uFilePath)
@@ -140,7 +140,7 @@ func (r *wfmRequest) uploadFile(h *multipart.FileHeader, f multipart.File) {
 		htErr(r.w, "uploading file", fmt.Errorf("expected size=%v actual size=%v", h.Size, oSize))
 	}
 	log.Printf("Uploaded Dir=%v File=%v Size=%v", r.uDir, h.Filename, h.Size)
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.QueryEscape(h.Filename))
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.PathEscape(h.Filename))
 }
 
 func (r *wfmRequest) saveText(uData string) {
@@ -174,7 +174,7 @@ func (r *wfmRequest) saveText(uData string) {
 		return
 	}
 	log.Printf("Saved Text Dir=%v File=%v Size=%v", r.uDir, fp, len(uData))
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.QueryEscape(r.uFbn))
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.PathEscape(r.uFbn))
 }
 
 func (r *wfmRequest) mkdir() {
@@ -193,7 +193,7 @@ func (r *wfmRequest) mkdir() {
 		log.Printf("mkdir error: %v", err)
 		return
 	}
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.QueryEscape(r.uFbn))
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.PathEscape(r.uFbn))
 }
 
 func (r *wfmRequest) mkfile() {
@@ -212,7 +212,7 @@ func (r *wfmRequest) mkfile() {
 		return
 	}
 	f.Close()
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.QueryEscape(r.uFbn))
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.PathEscape(r.uFbn))
 }
 
 func (r *wfmRequest) mkurl(eUrl string) {
@@ -235,7 +235,7 @@ func (r *wfmRequest) mkurl(eUrl string) {
 	// TODO(tenox): add upport for creating webloc, desktop and other formats
 	fmt.Fprintf(f, "[InternetShortcut]\r\nURL=%s\r\n", eUrl)
 	f.Close()
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.QueryEscape(r.uFbn))
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.PathEscape(r.uFbn))
 }
 
 func (r *wfmRequest) renFile(uNewf string) {
@@ -257,7 +257,7 @@ func (r *wfmRequest) renFile(uNewf string) {
 		htErr(r.w, "rename", err)
 		return
 	}
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.QueryEscape(newB))
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(r.uDir)+"&sort="+r.eSort+"&hi="+url.PathEscape(newB))
 }
 
 func (r *wfmRequest) moveFiles(uFilePaths []string, uDst string) {
@@ -281,7 +281,7 @@ func (r *wfmRequest) moveFiles(uFilePaths []string, uDst string) {
 		}
 		lF = fb
 	}
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(uDst)+"&sort="+r.eSort+"&hi="+url.QueryEscape(lF))
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(uDst)+"&sort="+r.eSort+"&hi="+url.PathEscape(lF))
 }
 
 func (r *wfmRequest) deleteFiles(uFilePaths []string) {
@@ -298,5 +298,5 @@ func (r *wfmRequest) deleteFiles(uFilePaths []string) {
 			return
 		}
 	}
-	redirect(r.w, *wfmPfx+"?dir="+url.QueryEscape(r.uDir)+"&sort="+r.eSort)
+	redirect(r.w, *wfmPfx+"?dir="+url.PathEscape(r.uDir)+"&sort="+r.eSort)
 }
diff --git a/handlers.go b/handlers.go
index bc191a0..7ce4e02 100644
--- a/handlers.go
+++ b/handlers.go
@@ -31,7 +31,7 @@ func wfmMain(w http.ResponseWriter, r *http.Request) {
 
 	wfm.w = w
 	wfm.remAddr = r.RemoteAddr
-	wfm.eSort = url.QueryEscape(r.FormValue("sort"))
+	wfm.eSort = r.FormValue("sort")
 	if strings.HasPrefix(r.UserAgent(), "Mozilla/5") {
 		wfm.modern = true
 	}
@@ -39,7 +39,8 @@ func wfmMain(w http.ResponseWriter, r *http.Request) {
 	wfm.uDir = filepath.Clean(r.FormValue("dir"))
 	// directory can come from form value or URI Path
 	if wfm.uDir == "" || wfm.uDir == "." {
-		u, _ := url.QueryUnescape(r.URL.Path)
+		// TODO(tenox): use url.Parse() instead
+		u, _ := url.PathUnescape(r.URL.Path)
 		wfm.uDir = filepath.Clean("/" + strings.TrimPrefix(u, *wfmPfx))
 	}
 	if wfm.uDir == "" || wfm.uDir == "." {
@@ -75,14 +76,22 @@ func wfmMain(w http.ResponseWriter, r *http.Request) {
 		wfm.saveText(r.FormValue("text"))
 		return
 	case r.FormValue("up") != "":
-		up := *wfmPfx + url.QueryEscape(filepath.Dir(wfm.uDir))
+		up, err := url.JoinPath(*wfmPfx, filepath.Dir(wfm.uDir))
+		if err != nil {
+			htErr(w, "up path build", err)
+			return
+		}
 		if wfm.eSort != "" {
 			up += "?sort=" + wfm.eSort
 		}
 		redirect(w, up)
 		return
 	case r.FormValue("refresh") != "":
-		re := *wfmPfx + url.QueryEscape(wfm.uDir)
+		re, err := url.JoinPath(*wfmPfx, wfm.uDir)
+		if err != nil {
+			htErr(w, "up path build", err)
+			return
+		}
 		if wfm.eSort != "" {
 			re += "?sort=" + wfm.eSort
 		}