diff options
| author | zotlabs <mike@macgirvin.com> | 2017-11-05 19:47:44 -0800 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-11-05 19:47:44 -0800 |
| commit | 7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e (patch) | |
| tree | 4ebd4a9fef3f43b00516e15df2f7e27a214353a4 /Zotlabs | |
| parent | 359bfb76f66efd585b0cba1b2f81494859931d61 (diff) | |
| download | volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.gz volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.bz2 volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.zip | |
allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Module/Cloud.php | 24 | ||||
| -rw-r--r-- | Zotlabs/Storage/Browser.php | 1 |
2 files changed, 9 insertions, 16 deletions
diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index d2264092b..0f7f9c47a 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -59,19 +59,10 @@ class Cloud extends \Zotlabs\Web\Controller { // if we arrived at this path with any query parameters in the url, build a clean url without // them and redirect. - // @fixme if the filename has an ampersand in it AND there are query parameters, - // this may not do the right thing. - - if((strpos($_SERVER['QUERY_STRING'],'?') !== false) || (strpos($_SERVER['QUERY_STRING'],'&') !== false && strpos($_SERVER['QUERY_STRING'],'&') === false)) { - $path = z_root(); - if(argc()) { - foreach(\App::$argv as $a) { - $path .= '/' . $a; - } - } - goaway($path); - } + $x = clean_query_string(); + if($x !== \App::$query_string) + goaway(z_root() . '/' . $x); $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); @@ -92,16 +83,17 @@ class Cloud extends \Zotlabs\Web\Controller { $server->addPlugin($browser); // Experimental QuotaPlugin - // require_once('\Zotlabs\Storage/QuotaPlugin.php'); - // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth)); + // require_once('\Zotlabs\Storage/QuotaPlugin.php'); + // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth)); + -// ob_start(); // All we need to do now, is to fire up the server + $server->exec(); -// ob_end_flush(); if($browser->build_page) construct_page(); + killme(); } diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index b5c3ac1cf..77201f387 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -233,6 +233,7 @@ class Browser extends DAV\Browser\Plugin { $f[] = $ft; } + $output = ''; if ($this->enablePost) { $this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path)); |