From e5543a20775641fcd2ab8b594b14fcb22cf8167d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E8=B5=AB=E7=84=B6?= Date: Wed, 13 Nov 2024 18:19:41 +0800 Subject: [PATCH] Encode url path --- server/access-file.c | 2 +- server/http-tx-mgr.c | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/server/access-file.c b/server/access-file.c index b76f4cce..0672add5 100644 --- a/server/access-file.c +++ b/server/access-file.c @@ -1537,7 +1537,7 @@ access_v2_cb(evhtp_request_t *req, void *arg) error_str = "Both token and cookie are not set\n"; goto out; } - if (http_tx_manager_check_file_access (repo_id, token, cookie, path, "download", &user) < 0) { + if (http_tx_manager_check_file_access (repo_id, token, cookie, dec_path, "download", &user) < 0) { error_str = "No permission to access file\n"; error_code = EVHTP_RES_FORBIDDEN; goto out; diff --git a/server/http-tx-mgr.c b/server/http-tx-mgr.c index de580a57..73a60213 100644 --- a/server/http-tx-mgr.c +++ b/server/http-tx-mgr.c @@ -700,6 +700,7 @@ http_tx_manager_check_file_access (const char *repo_id, const char *token, const char *jwt_token = NULL; char *rsp_content = NULL; gint64 rsp_size; + char *esc_path = NULL; char *url = NULL; jwt_token = gen_jwt_token (); @@ -733,7 +734,8 @@ http_tx_manager_check_file_access (const char *repo_id, const char *token, const g_free (cookie_header); } - url = g_strdup_printf("%s/repos/%s/check-access/?path=%s", seaf->seahub_url, repo_id, path); + esc_path = g_uri_escape_string(path, NULL, FALSE); + url = g_strdup_printf("%s/repos/%s/check-access/?path=%s", seaf->seahub_url, repo_id, esc_path); ret = http_post_common (curl, url, &headers, jwt_token, req_content, strlen(req_content), &rsp_status, &rsp_content, &rsp_size, TRUE, 1); if (ret < 0) { @@ -755,6 +757,7 @@ http_tx_manager_check_file_access (const char *repo_id, const char *token, const out: if (content) json_decref (content); + g_free (esc_path); g_free (url); g_free (jwt_token); g_free (req_content);