unescape file names, this fixes unsharing of files with html characters

2019-12-07 12:59:43 +00:00
parent f579c8754f
commit 8c661ca1ae
2 changed files with 12 additions and 1 deletions
--- a/webui/src/main/java/com/muwire/webui/FilesServlet.java
+++ b/webui/src/main/java/com/muwire/webui/FilesServlet.java
@ -110,7 +110,7 @@ public class FilesServlet extends HttpServlet {
            String pathElements = req.getParameter("path");
            File current = null;
            for (String element : pathElements.split(",")) {
-                element = Base64.decodeToString(element);
+                element = Util.unescapeHTMLinXML(Base64.decodeToString(element));
                if (current == null)
                    current = new File(element);
                else 
--- a/webui/src/main/java/com/muwire/webui/Util.java
+++ b/webui/src/main/java/com/muwire/webui/Util.java
@ -4,6 +4,8 @@ public class Util {
    
    private static final String escapeChars[] = {"&", "\"", "<", ">", "'"};
    private static final String escapeCodes[] = {"&amp;amp;", "&amp;quot;", "&amp;lt;", "&amp;gt;", "&amp;apos;"};
+    
+    private static final String escapedCodes[] = {"&amp;", "&quot;", "&lt;", "&gt;", "&apos;"};

    /**
     * Double-Escape an HTML string for inclusion in XML
@ -18,4 +20,13 @@ public class Util {
        }
        return escaped;
    }
+    
+    public static String unescapeHTMLinXML(String escaped) {
+        if (escaped == null) return null;
+        String unescaped = escaped;
+        for (int i = 0; i < escapedCodes.length; i++) {
+            unescaped = unescaped.replace(escapedCodes[i], escapeChars[i]);
+        }
+        return unescaped;
+    }
 }