goldcollection
/
muwire
mirror of https://github.com/zlatinb/muwire
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

unescape file names, this fixes unsharing of files with html characters

pull/34/head
Zlatin Balevsky 2019-12-07 12:59:43 +00:00
parent f579c8754f
commit 8c661ca1ae
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webui/src/main/java/com/muwire/webui/FilesServlet.java
View File

@ -110,7 +110,7 @@ public class FilesServlet extends HttpServlet {
String pathElements = req.getParameter("path"); String pathElements = req.getParameter("path");
File current = null; File current = null;
for (String element : pathElements.split(",")) { for (String element : pathElements.split(",")) {
element = Base64.decodeToString(element); element = Util.unescapeHTMLinXML(Base64.decodeToString(element));
if (current == null) if (current == null)
current = new File(element); current = new File(element);
else else

11
webui/src/main/java/com/muwire/webui/Util.java
View File

@ -5,6 +5,8 @@ public class Util {
private static final String escapeChars[] = {"&", "\"", "<", ">", "'"}; private static final String escapeChars[] = {"&", "\"", "<", ">", "'"};
private static final String escapeCodes[] = {"&amp;amp;", "&amp;quot;", "&amp;lt;", "&amp;gt;", "&amp;apos;"}; private static final String escapeCodes[] = {"&amp;amp;", "&amp;quot;", "&amp;lt;", "&amp;gt;", "&amp;apos;"};
private static final String escapedCodes[] = {"&amp;", "&quot;", "&lt;", "&gt;", "&apos;"};
/** /**
* Double-Escape an HTML string for inclusion in XML * Double-Escape an HTML string for inclusion in XML
* @param unescaped the unescaped string, may be null * @param unescaped the unescaped string, may be null
@ -18,4 +20,13 @@ public class Util {
} }
return escaped; return escaped;
} }
public static String unescapeHTMLinXML(String escaped) {
if (escaped == null) return null;
String unescaped = escaped;
for (int i = 0; i < escapedCodes.length; i++) {
unescaped = unescaped.replace(escapedCodes[i], escapeChars[i]);
}
return unescaped;
}
} }