zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

more fixes for file path

Browse source
This commit is contained in:
Kyle Drake 2024-09-17 17:14:30 -05:00
parent 208950df55
commit 48cef121a1
3 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/api.rb
View file

@ -106,6 +106,7 @@ post '/api/upload' do
end
files.each do |file|
file[:filename] = Rack::Utils.unescape file[:filename]
if !current_site.okay_to_upload?(file)
api_error 400, 'invalid_file_type', "#{file[:filename]} is not an allowed file type for free sites, supporter required"
end

6
models/site.rb
View file

@ -1428,6 +1428,10 @@ class Site < Sequel::Model
'https'
end
def self.escape_path(val)
Rack::Utils.escape_path(val).gsub('?', '%3F')
end
def uri(path=nil)
uri = "#{default_schema}://#{host}"
@ -1437,7 +1441,7 @@ class Site < Sequel::Model
path = path.sub(%r{^/}, '').sub(%r{/index\.html$}, '/').sub(/\.html$/, '')
unless path.empty?
escaped_path = Rack::Utils.escape_path(path).gsub('?', '%3F')
escaped_path = self.class.escape_path path
uri += "/#{escaped_path}"
end

10
views/site_files/text_editor.erb
View file

@ -89,7 +89,7 @@
</div>
<a id="saveButton" class="btn-Action" href="#" onclick="saveTextFile(false); return false" style="opacity: 0.5"><span class="hide-on-mobile"><i class="fa fa-save"></i></span>Save</a>
<span class="hide-on-mobile">
<a class="btn-Action" href="<%= current_site.uri %>/<%= @filename == 'index.html' ? '' : @filename %>" target="_blank"><i class="fa fa-globe"></i> View</a>
<a class="btn-Action" href="<%= current_site.uri @filename %>" target="_blank"><i class="fa fa-globe"></i> View</a>
<a href="#" id="shareButton" class="btn-Action" data-container="body" data-toggle="popover" data-placement="bottom" data-content='<%== erb :'_share', layout: false, locals: {site: current_site, page_uri: "#{current_site.uri}/#{@filename}"} %>'><i class="fa fa-share-alt chat-button"></i> Share</a><% if current_site.supporter? %><a class="btn-Action" id="chatButton"><i class="fa fa-comments"></i> Penelope <span style="font-size: 8pt">(beta)</span></a><% end %>
</span>
<!-- <a id="saveAndExitButton" class="btn-Action" href="#" onclick="saveTextFile(true); return false" style="opacity: 0.5"><i class="fa fa-save"></i>&nbsp;&nbsp;Save and Exit</a> -->
@ -162,9 +162,9 @@
var formData = new FormData();
var fileContent = editor.getValue();
formData.append('<%= escape_javascript @filename %>', new File([fileContent], '<%= escape_javascript @filename %>', { type: 'text/html' }));
formData.append('csrf_token', '<%= escape_javascript csrf_token %>');
formData.append('username', '<%= escape_javascript current_site.username %>');
formData.append('<%== escape_javascript @filename %>', new File([fileContent], '<%== escape_javascript @filename %>', { type: 'text/html' }));
formData.append('csrf_token', '<%== escape_javascript csrf_token %>');
formData.append('username', '<%== escape_javascript current_site.username %>');
$.ajax({
url: '/api/upload',
@ -219,7 +219,7 @@
$(document).ready(function() {
$.ajax({
url: "/site_files/download/<%= Rack::Utils.escape(@filename) %>",
url: "/site_files/download/<%= Site.escape_path(@filename) %>",
cache: false,
success: function(resp) {
editor = ace.edit("editor")