URI decode all paths

author: Johannes <johannes@cloudron.io> 2016-11-06 15:06:31 +0100
committer: Johannes <johannes@cloudron.io> 2016-11-06 15:06:31 +0100
commit: 94ff5399e8f067a1beef899950c789be64ab36f3 (patch)
tree: 97a0bd33feb2f949fd927f20008fec5d2fbba75e /src
parent: 5d361bf98214a6838f1beb886f0443dc7e1b0ab7 (diff)
download: Surfer-94ff5399e8f067a1beef899950c789be64ab36f3.tar.gz
Surfer-94ff5399e8f067a1beef899950c789be64ab36f3.tar.zst
Surfer-94ff5399e8f067a1beef899950c789be64ab36f3.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/files.js b/src/files.js
index 6c67539..747acf7 100644
--- a/src/files.js
+++ b/src/files.js
@@ -77,7 +77,7 @@ function removeBasePath(filePath) {
 }
 function get(req, res, next) {
-    var filePath = req.params[0];
+    var filePath = decodeURIComponent(req.params[0]);
    var absoluteFilePath = getAbsolutePath(filePath);
    if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed'));
@@ -145,7 +145,7 @@ function put(req, res, next) {
 }
 function del(req, res, next) {
-    var filePath = req.params[0];
+    var filePath = decodeURIComponent(req.params[0]);
    var recursive = !!req.query.recursive;
    var dryRun = !!req.query.dryRun;
author	Johannes <johannes@cloudron.io>	2016-11-06 15:06:31 +0100
committer	Johannes <johannes@cloudron.io>	2016-11-06 15:06:31 +0100
commit	94ff5399e8f067a1beef899950c789be64ab36f3 (patch)
tree	97a0bd33feb2f949fd927f20008fec5d2fbba75e /src
parent	5d361bf98214a6838f1beb886f0443dc7e1b0ab7 (diff)
download	Surfer-94ff5399e8f067a1beef899950c789be64ab36f3.tar.gz Surfer-94ff5399e8f067a1beef899950c789be64ab36f3.tar.zst Surfer-94ff5399e8f067a1beef899950c789be64ab36f3.zip

diff --git a/src/files.js b/src/files.js index 6c67539..747acf7 100644 --- a/src/files.js +++ b/src/files.js
@@ -77,7 +77,7 @@ function removeBasePath(filePath) {
77	}	77	}
78		78
79	function get(req, res, next) {	79	function get(req, res, next) {
80	var filePath = req.params[0];	80	var filePath = decodeURIComponent(req.params[0]);
81	var absoluteFilePath = getAbsolutePath(filePath);	81	var absoluteFilePath = getAbsolutePath(filePath);
82	if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed'));	82	if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed'));
83		83
@@ -145,7 +145,7 @@ function put(req, res, next) {
145	}	145	}
146		146
147	function del(req, res, next) {	147	function del(req, res, next) {
148	var filePath = req.params[0];	148	var filePath = decodeURIComponent(req.params[0]);
149	var recursive = !!req.query.recursive;	149	var recursive = !!req.query.recursive;
150	var dryRun = !!req.query.dryRun;	150	var dryRun = !!req.query.dryRun;
151		151