fix: escape filename (#21)

author sigoden <sigoden@gmail.com>

Sun, 5 Jun 2022 22:51:35 +0000 (06:51 +0800)

committer GitHub <noreply@github.com>

Sun, 5 Jun 2022 22:51:35 +0000 (06:51 +0800)
author sigoden <sigoden@gmail.com>
Sun, 5 Jun 2022 22:51:35 +0000 (06:51 +0800)
committer GitHub <noreply@github.com>
Sun, 5 Jun 2022 22:51:35 +0000 (06:51 +0800)
diff --git a/Cargo.lock b/Cargo.lock

index 6b390a3da06cbf99b0de6c5b7df091a1d8e1e8c6..b6c42676fe19e7d70a12907d1351a0f40fcf8f78 100644 (file)
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -309,6 +309,7 @@ dependencies = [
   "tokio-rustls",
   "tokio-stream",
   "tokio-util",
+ "urlencoding",
   "uuid",
  ]
  
@@ -1154,6 +1155,12 @@ version = "0.7.1"
  source = "registry+https://github.com/rust-lang/crates.io-index"
  checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
  
+[[package]]
+name = "urlencoding"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68b90931029ab9b034b300b797048cf23723400aa757e8a2bfb9d748102f9821"
+
  [[package]]
  name = "uuid"
  version = "1.1.1"
diff --git a/Cargo.toml b/Cargo.toml

index d67c15e1aceacc5597e8203da1da92cb91de30ab..81028c05d0779d43052cef9cd91bea2dfb5bd6ff 100644 (file)
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -34,6 +34,7 @@ rustls-pemfile = "1"
  md5 = "0.7.0"
  lazy_static = "1.4.0"
  uuid = { version = "1.1.1", features = ["v4", "fast-rng"] }
+urlencoding = "2.1.0"
  
  [profile.release]
  lto = true
diff --git a/src/args.rs b/src/args.rs

index 55e70e8e290f58c7ab6ba90eea805c1ce4c3f7d7..c9c4e77bb27f21d4368faaa2a42077901eb0b58e 100644 (file)
--- a/src/args.rs
+++ b/src/args.rs
@@ -143,7 +143,7 @@ impl Args {
          let uri_prefix = if path_prefix.is_empty() {
              "/".to_owned()
          } else {
-            format!("/{}/", &path_prefix)
+            format!("/{}/", encode_uri(&path_prefix))
          };
          let cors = matches.is_present("cors");
          let auth = match matches.value_of("auth") {
@@ -237,3 +237,8 @@ pub fn load_private_key(filename: &str) -> BoxResult<PrivateKey> {
      }
      Ok(PrivateKey(keys[0].to_owned()))
  }
+
+pub fn encode_uri(v: &str) -> String {
+    let parts: Vec<_> = v.split('/').map(urlencoding::encode).collect();
+    parts.join("/")
+}
diff --git a/src/main.rs b/src/main.rs

index 30eb929b225e2e16bb1a3a8074abb1e51b5f0137..793403db4332db5d82f375a57d05e9feca39ec9c 100644 (file)
--- a/src/main.rs
+++ b/src/main.rs
@@ -4,7 +4,7 @@ mod server;
  
  pub type BoxResult<T> = Result<T, Box<dyn std::error::Error>>;
  
-use crate::args::{matches, Args};
+use crate::args::{encode_uri, matches, Args};
  use crate::server::serve;
  
  #[tokio::main]
diff --git a/src/server.rs b/src/server.rs

index 2bbfd5ce5b33a175ca9ab9afa8e02342c8e7a692..d17545357c89b21c1f8385fe39344382ddbb0058 100644 (file)
--- a/src/server.rs
+++ b/src/server.rs
@@ -1,5 +1,5 @@
  use crate::auth::{generate_www_auth, valid_digest};
-use crate::{Args, BoxResult};
+use crate::{encode_uri, Args, BoxResult};
  
  use async_walkdir::WalkDir;
  use async_zip::write::{EntryOptions, ZipFileWriter};
@@ -370,7 +370,11 @@ impl InnerService {
          *res.body_mut() = Body::wrap_stream(stream);
          res.headers_mut().insert(
              CONTENT_DISPOSITION,
-            HeaderValue::from_str(&format!("attachment; filename=\"{}.zip\"", filename,)).unwrap(),
+            HeaderValue::from_str(&format!(
+                "attachment; filename=\"{}.zip\"",
+                encode_uri(filename),
+            ))
+            .unwrap(),
          );
          Ok(())
      }
@@ -821,7 +825,10 @@ impl PathItem {
  <D:status>HTTP/1.1 200 OK</D:status>
  </D:propstat>
  </D:response>"#,
-                prefix, self.name, self.base_name, mtime
+                prefix,
+                encode_uri(&self.name),
+                urlencoding::encode(&self.base_name),
+                mtime
              ),
              PathType::File | PathType::SymlinkFile => format!(
                  r#"<D:response>
@@ -837,8 +844,8 @@ impl PathItem {
  </D:propstat>
  </D:response>"#,
                  prefix,
-                self.name,
-                self.base_name,
+                encode_uri(&self.name),
+                urlencoding::encode(&self.base_name),
                  self.size.unwrap_or_default(),
                  mtime
              ),
author	sigoden <sigoden@gmail.com>
	Sun, 5 Jun 2022 22:51:35 +0000 (06:51 +0800)
committer	GitHub <noreply@github.com>
	Sun, 5 Jun 2022 22:51:35 +0000 (06:51 +0800)
Cargo.lock		patch \| blob \| history
Cargo.toml		patch \| blob \| history
src/args.rs		patch \| blob \| history
src/main.rs		patch \| blob \| history
src/server.rs		patch \| blob \| history