aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-11-05 19:47:44 -0800
committerzotlabs <mike@macgirvin.com>2017-11-05 19:47:44 -0800
commit7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e (patch)
tree4ebd4a9fef3f43b00516e15df2f7e27a214353a4
parent359bfb76f66efd585b0cba1b2f81494859931d61 (diff)
downloadvolse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.gz
volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.bz2
volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.zip
allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')
-rw-r--r--Zotlabs/Module/Cloud.php24
-rw-r--r--Zotlabs/Storage/Browser.php1
-rwxr-xr-xboot.php1
-rw-r--r--include/zid.php21
4 files changed, 15 insertions, 32 deletions
diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php
index d2264092b..0f7f9c47a 100644
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -59,19 +59,10 @@ class Cloud extends \Zotlabs\Web\Controller {
// if we arrived at this path with any query parameters in the url, build a clean url without
// them and redirect.
- // @fixme if the filename has an ampersand in it AND there are query parameters,
- // this may not do the right thing.
-
- if((strpos($_SERVER['QUERY_STRING'],'?') !== false) || (strpos($_SERVER['QUERY_STRING'],'&') !== false && strpos($_SERVER['QUERY_STRING'],'&amp;') === false)) {
- $path = z_root();
- if(argc()) {
- foreach(\App::$argv as $a) {
- $path .= '/' . $a;
- }
- }
- goaway($path);
- }
+ $x = clean_query_string();
+ if($x !== \App::$query_string)
+ goaway(z_root() . '/' . $x);
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
@@ -92,16 +83,17 @@ class Cloud extends \Zotlabs\Web\Controller {
$server->addPlugin($browser);
// Experimental QuotaPlugin
- // require_once('\Zotlabs\Storage/QuotaPlugin.php');
- // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+ // require_once('\Zotlabs\Storage/QuotaPlugin.php');
+ // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+
-// ob_start();
// All we need to do now, is to fire up the server
+
$server->exec();
-// ob_end_flush();
if($browser->build_page)
construct_page();
+
killme();
}
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index b5c3ac1cf..77201f387 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -233,6 +233,7 @@ class Browser extends DAV\Browser\Plugin {
$f[] = $ft;
}
+
$output = '';
if ($this->enablePost) {
$this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path));
diff --git a/boot.php b/boot.php
index d3989acd3..0ac1d08df 100755
--- a/boot.php
+++ b/boot.php
@@ -925,6 +925,7 @@ class App {
*/
self::$argv = explode('/', self::$cmd);
+
self::$argc = count(self::$argv);
if ((array_key_exists('0', self::$argv)) && strlen(self::$argv[0])) {
if(strpos(self::$argv[0],'.')) {
diff --git a/include/zid.php b/include/zid.php
index 359b1721f..d1a0fa88a 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -103,25 +103,14 @@ function strip_zats($s) {
return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s);
}
-function strip_auth_query_params() {
- $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
- $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
- $_SERVER['QUERY_STRING'] = strip_owt($_SERVER['QUERY_STRING']);
- $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
- $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
- $_SERVER['REQUEST_URI'] = strip_owt($_SERVER['REQUEST_URI']);
-
-
- $_ENV['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['QUERY_STRING']);
- $_ENV['QUERY_STRING'] = strip_zids($_ENV['QUERY_STRING']);
- $_ENV['QUERY_STRING'] = strip_owt($_ENV['QUERY_STRING']);
-
- $_ENV['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['REQUEST_URI']);
- $_ENV['REQUEST_URI'] = strip_zids($_ENV['REQUEST_URI']);
- $_ENV['REQUEST_URI'] = strip_owt($_ENV['REQUEST_URI']);
+function clean_query_string() {
+ $x = strip_zids(\App::$query_string);
+ $x = strip_owt($x);
+ $x = strip_zats($x);
+ return strip_query_param($x,'f');
}