From: <bla...@us...> - 2009-08-28 02:39:18
|
Revision: 20564 http://bzflag.svn.sourceforge.net/bzflag/?rev=20564&view=rev Author: blast007 Date: 2009-08-28 02:39:11 +0000 (Fri, 28 Aug 2009) Log Message: ----------- Properly handle directories and files with special characters. Modified Paths: -------------- trunk/web/submitimages/directory.index.php trunk/web/submitimages/templates/directory.tpl Modified: trunk/web/submitimages/directory.index.php =================================================================== --- trunk/web/submitimages/directory.index.php 2009-08-27 19:29:47 UTC (rev 20563) +++ trunk/web/submitimages/directory.index.php 2009-08-28 02:39:11 UTC (rev 20564) @@ -7,6 +7,7 @@ // Set up some variables for this session $data['filedirectory'] = $_SERVER['DOCUMENT_ROOT'].rtrim(urldecode($_SERVER['REQUEST_URI']), '/')."/"; $data['httpdirectory'] = $_SERVER['REQUEST_URI']; + $data['httpdirectoryclean'] = urldecode($data['httpdirectory']); // Not even sure if Apache would handle a request that included .. in it, but // better safe than sorry. if (strstr('..', $_SERVER['REQUEST_URI'])) exit; Modified: trunk/web/submitimages/templates/directory.tpl =================================================================== --- trunk/web/submitimages/templates/directory.tpl 2009-08-27 19:29:47 UTC (rev 20563) +++ trunk/web/submitimages/templates/directory.tpl 2009-08-28 02:39:11 UTC (rev 20564) @@ -33,7 +33,7 @@ <body> <a href="{$config.paths.baseURL}">Submit Images</a><hr> - <h1>Index of {$data.httpdirectory}</h1> + <h1>Index of {$data.httpdirectoryclean}</h1> <table> <tr><th>Name</th><th>Size</th><th>Author</th><th>Uploader</th><th>License</th></tr> @@ -41,11 +41,11 @@ <tr><td><a href="../">Parent Directory</a></td><td><DIR></td><td>N/A</td><td>N/A</td><td>N/A</td></tr> {/if} {foreach from=$data.directories item=directoryname name=directories} - <tr><td><a href="{$data.httpdirectory}{$directoryname}/">{$directoryname}</a></td><td><DIR></td><td>N/A</td><td>N/A</td><td>N/A</td></tr> + <tr><td><a href="{$data.httpdirectory}{$directoryname|escape:'url'}/">{$directoryname}</a></td><td><DIR></td><td>N/A</td><td>N/A</td><td>N/A</td></tr> {/foreach} {foreach from=$data.files item=file name=files} <tr> - <td><a href="{$data.httpdirectory}{$file.filename}">{$file.filename}</a></td> + <td><a href="{$data.httpdirectory}{$file.filename|escape:'url'}">{$file.filename}</a></td> <td>{$file.filesize}</td> <td>{if $file.authorname}{$file.authorname}{else}(Unknown){/if}</td> <td>{if $file.uploaderfirstname && $file.uploaderlastname}{$file.uploaderfirstname} {$file.uploaderlastname}{else}(Unknown){/if}</td> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |