aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-11-05 19:47:44 -0800
committerzotlabs <mike@macgirvin.com>2017-11-05 19:47:44 -0800
commit7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e (patch)
tree4ebd4a9fef3f43b00516e15df2f7e27a214353a4 /Zotlabs
parent359bfb76f66efd585b0cba1b2f81494859931d61 (diff)
downloadvolse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.gz
volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.bz2
volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.zip
allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Cloud.php24
-rw-r--r--Zotlabs/Storage/Browser.php1
2 files changed, 9 insertions, 16 deletions
diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php
index d2264092b..0f7f9c47a 100644
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -59,19 +59,10 @@ class Cloud extends \Zotlabs\Web\Controller {
// if we arrived at this path with any query parameters in the url, build a clean url without
// them and redirect.
- // @fixme if the filename has an ampersand in it AND there are query parameters,
- // this may not do the right thing.
-
- if((strpos($_SERVER['QUERY_STRING'],'?') !== false) || (strpos($_SERVER['QUERY_STRING'],'&') !== false && strpos($_SERVER['QUERY_STRING'],'&amp;') === false)) {
- $path = z_root();
- if(argc()) {
- foreach(\App::$argv as $a) {
- $path .= '/' . $a;
- }
- }
- goaway($path);
- }
+ $x = clean_query_string();
+ if($x !== \App::$query_string)
+ goaway(z_root() . '/' . $x);
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
@@ -92,16 +83,17 @@ class Cloud extends \Zotlabs\Web\Controller {
$server->addPlugin($browser);
// Experimental QuotaPlugin
- // require_once('\Zotlabs\Storage/QuotaPlugin.php');
- // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+ // require_once('\Zotlabs\Storage/QuotaPlugin.php');
+ // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+
-// ob_start();
// All we need to do now, is to fire up the server
+
$server->exec();
-// ob_end_flush();
if($browser->build_page)
construct_page();
+
killme();
}
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index b5c3ac1cf..77201f387 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -233,6 +233,7 @@ class Browser extends DAV\Browser\Plugin {
$f[] = $ft;
}
+
$output = '';
if ($this->enablePost) {
$this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path));