sirtimbly/bewcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Windows clients sending the wrong path for public sharing

Browse Source 
Fixes #73
This commit is contained in:
Bruno Bernardino
2025-06-22 11:19:02 +01:00
parent 7fac7febcf
commit cb95085ea3
4 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
components/files/CreateShareModal.tsx
View File

@@ -28,12 +28,12 @@ export default function CreateShareModal(
<h1 class='text-2xl font-semibold my-5'>Create New Public Share Link</h1> <h1 class='text-2xl font-semibold my-5'>Create New Public Share Link</h1>
<section class='py-5 my-2 border-y border-slate-500'> <section class='py-5 my-2 border-y border-slate-500'>
<fieldset class='block mb-2'> <fieldset class='block mb-2'>
<label class='text-slate-300 block pb-1' for='password'>Password</label> <label class='text-slate-300 block pb-1' for='create-share-password'>Password</label>
<input <input
class='input-field' class='input-field'
type='password' type='password'
name='password' name='password'
id='password' id='create-share-password'
value={newPassword.value} value={newPassword.value}
onInput={(event) => { onInput={(event) => {
newPassword.value = event.currentTarget.value; newPassword.value = event.currentTarget.value;

6
components/files/ManageShareModal.tsx
View File

@@ -73,14 +73,14 @@ export default function ManageShareModal(
<code class='bg-slate-700 my-2 px-2 py-1 rounded-md'>{baseUrl}/file-share/{fileShareId}</code> <code class='bg-slate-700 my-2 px-2 py-1 rounded-md'>{baseUrl}/file-share/{fileShareId}</code>
</section> </section>
<fieldset class='block mb-2'> <fieldset class='block mb-2'>
<label class='text-slate-300 block pb-1' for='password'> <label class='text-slate-300 block pb-1' for='manage-share-password'>
{fileShare.value?.extra.hashed_password ? 'New Password' : 'Set Password'} {fileShare.value?.extra.hashed_password ? 'New Password' : 'Set Password'}
</label> </label>
<input <input
class='input-field' class='input-field'
type='password' type='password'
name='password' name='manage-share-password'
id='password' id='manage-share-password'
value={newPassword.value} value={newPassword.value}
onInput={(event) => { onInput={(event) => {
newPassword.value = event.currentTarget.value; newPassword.value = event.currentTarget.value;

4
components/files/ShareVerifyForm.tsx
View File

@@ -30,12 +30,12 @@ export default function ShareVerifyForm(
method='POST' method='POST'
> >
<fieldset class='block mb-4'> <fieldset class='block mb-4'>
<label class='text-slate-300 block pb-1' for='token'> <label class='text-slate-300 block pb-1' for='verify-password'>
Password Password
</label> </label>
<input <input
type='password' type='password'
id='password' id='verify-password'
name='password' name='password'
placeholder='Password' placeholder='Password'
class='mt-1 input-field' class='mt-1 input-field'

11
routes/api/files/create-share.tsx
View File

@@ -37,7 +37,16 @@ export const handler: Handlers<Data, FreshContextState> = {
if ( if (
!requestBody.filePath || !requestBody.pathInView || !requestBody.filePath.trim() || !requestBody.filePath || !requestBody.pathInView || !requestBody.filePath.trim() ||
!requestBody.pathInView.trim() || !requestBody.filePath.startsWith('/') || !requestBody.pathInView.trim()
) {
return new Response('Bad Request', { status: 400 });
}
// Fix Windows clients sending the directory path with backslashes
requestBody.filePath = requestBody.filePath.replace(/\\/g, '/');
if (
!requestBody.filePath.startsWith('/') ||
requestBody.filePath.includes('../') || !requestBody.pathInView.startsWith('/') || requestBody.filePath.includes('../') || !requestBody.pathInView.startsWith('/') ||
requestBody.pathInView.includes('../') requestBody.pathInView.includes('../')
) { ) {