allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')

4 files changed, 15 insertions, 32 deletions

diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php
index d2264092b..0f7f9c47a 100644
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -59,19 +59,10 @@ class Cloud extends \Zotlabs\Web\Controller {
 
 		// if we arrived at this path with any query parameters in the url, build a clean url without
 		// them and redirect.
-		// @fixme if the filename has an ampersand in it AND there are query parameters, 
-		// this may not do the right thing. 
-
-		if((strpos($_SERVER['QUERY_STRING'],'?') !== false) || (strpos($_SERVER['QUERY_STRING'],'&') !== false && strpos($_SERVER['QUERY_STRING'],'&') === false)) {
-			$path = z_root();
-			if(argc()) {
-				foreach(\App::$argv as $a) {
-					$path .= '/' . $a;
-				}
-			}
-			goaway($path);
-		}
 
+		$x = clean_query_string();
+		if($x !== \App::$query_string)
+			goaway(z_root() . '/' . $x);
 
 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
 
@@ -92,16 +83,17 @@ class Cloud extends \Zotlabs\Web\Controller {
 		$server->addPlugin($browser);
 
 		// Experimental QuotaPlugin
-	//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
-	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+		//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
+		//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+
 
-//		ob_start();
 		// All we need to do now, is to fire up the server
+
 		$server->exec();
 
-//		ob_end_flush();
 		if($browser->build_page)
 			construct_page();
+		
 		killme();
 	}
 
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index b5c3ac1cf..77201f387 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -233,6 +233,7 @@ class Browser extends DAV\Browser\Plugin {
 			$f[] = $ft;
 		}
 
+
 		$output = '';
 		if ($this->enablePost) {
 			$this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path));
diff --git a/boot.php b/boot.php
index d3989acd3..0ac1d08df 100755
--- a/boot.php
+++ b/boot.php
@@ -925,6 +925,7 @@ class App {
 		 */
 
 		self::$argv = explode('/', self::$cmd);
+
 		self::$argc = count(self::$argv);
 		if ((array_key_exists('0', self::$argv)) && strlen(self::$argv[0])) {
 			if(strpos(self::$argv[0],'.')) {
diff --git a/include/zid.php b/include/zid.php
index 359b1721f..d1a0fa88a 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -103,25 +103,14 @@ function strip_zats($s) {
 	return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s);
 }
 
-function strip_auth_query_params() {
 
-		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
-		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
-		$_SERVER['QUERY_STRING'] = strip_owt($_SERVER['QUERY_STRING']);
 
-		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
-		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
-		$_SERVER['REQUEST_URI'] = strip_owt($_SERVER['REQUEST_URI']);
-
-
-		$_ENV['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['QUERY_STRING']);
-		$_ENV['QUERY_STRING'] = strip_zids($_ENV['QUERY_STRING']);
-		$_ENV['QUERY_STRING'] = strip_owt($_ENV['QUERY_STRING']);
-
-		$_ENV['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['REQUEST_URI']);
-		$_ENV['REQUEST_URI'] = strip_zids($_ENV['REQUEST_URI']);
-		$_ENV['REQUEST_URI'] = strip_owt($_ENV['REQUEST_URI']);
+function clean_query_string() {
+	$x = strip_zids(\App::$query_string);
+	$x = strip_owt($x);
+	$x = strip_zats($x);
 
+	return strip_query_param($x,'f');
 }