From 328073e6efff99eea3751a97b1aa5a2fc7516439 Mon Sep 17 00:00:00 2001 From: Marco Dickert Date: Wed, 26 Jul 2017 10:48:58 +0200 Subject: [PATCH] fixed encoding of href attribute; use dirname( __FILE__ ) instead of getSCriptRoot() --- build/libifm.php | 46 +++++++++++++++++++++++++++++++++++++--------- ifm.php | 46 +++++++++++++++++++++++++++++++++++++--------- src/ifm.js | 36 ++++++++++++++++++++++++++++++++++-- src/main.php | 10 +++------- 4 files changed, 111 insertions(+), 27 deletions(-) diff --git a/build/libifm.php b/build/libifm.php index 1d5f6b6..07b043d 100644 --- a/build/libifm.php +++ b/build/libifm.php @@ -900,7 +900,7 @@ function IFM( params ) { }); } else { if( self.config.isDocroot ) - $(this).attr( "href", self.pathCombine( self.currentDir, $(this).parent().parent().data( 'filename' ) ) ); + $(this).attr( "href", self.hrefEncode( self.pathCombine( self.currentDir, $(this).parent().parent().data( 'filename' ) ) ) ); else $(this).on( 'click', function() { $( '#d_' + this.id ).submit(); @@ -1762,7 +1762,39 @@ function IFM( params ) { * @param string s - decoded string */ this.HTMLEncode = function( s ) { - return s.replace(/'/g, ''').replace(/"/g, '+'); + return s.replace( /'/g, ''').replace( /"/g, '+'); + } + + /** + * Encodes a string for use in the href attribute of an anchor. + * + * @param string s - decoded string + */ + this.hrefEncode = function( s ) { + return s + .replace( '%', '%25' ) + .replace( ';', '%3B' ) + .replace( '?', '%3F' ) + .replace( ':', '%3A' ) + .replace( '@', '%40' ) + .replace( '&', '%26' ) + .replace( '=', '%3D' ) + .replace( '+', '%2B' ) + .replace( '$', '%24' ) + .replace( ',', '%2C' ) + .replace( '<', '%3C' ) + .replace( '>', '%3E' ) + .replace( '#', '%23' ) + .replace( '"', '%22' ) + .replace( '{', '%7B' ) + .replace( '}', '%7D' ) + .replace( '|', '%7C' ) + .replace( '^', '%5E' ) + .replace( '[', '%5B' ) + .replace( ']', '%5D' ) + .replace( '`', '%60' ) + .replace( '\\', '%5C' ) + ; } /** @@ -2166,7 +2198,7 @@ function IFM( params ) { if( $handle = opendir( "." ) ) { while( false !== ( $result = readdir( $handle ) ) ) { - if( $result == basename( $_SERVER['SCRIPT_NAME'] ) && $this->getScriptRoot() == getcwd() ) { } + if( $result == basename( $_SERVER['SCRIPT_NAME'] ) && dirname( __FILE__ ) == getcwd() ) { } elseif( ( $result == ".htaccess" || $result==".htpasswd" ) && $this->config['showhtdocs'] != 1 ) {} elseif( $result == "." ) {} elseif( $result != ".." && substr( $result, 0, 1 ) == "." && $this->config['showhiddenfiles'] != 1 ) {} @@ -2557,7 +2589,7 @@ function IFM( params ) { try { IFMArchive::createZip( realpath( $d['filename'] ), $dfile, ( $d['filename'] == "." ) ); if( $d['filename'] == "." ) { - if( getcwd() == $this->getScriptRoot() ) + if( getcwd() == dirname( __FILE__ ) ) $d['filename'] = "root"; else $d['filename'] = basename( getcwd() ); @@ -2783,12 +2815,8 @@ function IFM( params ) { return false; } - private function getScriptRoot() { - return dirname( $_SERVER["SCRIPT_FILENAME"] ); - } - private function chDirIfNecessary($d) { - if( substr( getcwd(), strlen( $this->getScriptRoot() ) ) != $this->getValidDir($d) ) { + if( substr( getcwd(), strlen( dirname( __FILE__ ) ) ) != $this->getValidDir($d) ) { chdir( $d ); } } diff --git a/ifm.php b/ifm.php index 35a0961..ec2fbe3 100644 --- a/ifm.php +++ b/ifm.php @@ -900,7 +900,7 @@ function IFM( params ) { }); } else { if( self.config.isDocroot ) - $(this).attr( "href", self.pathCombine( self.currentDir, $(this).parent().parent().data( 'filename' ) ) ); + $(this).attr( "href", self.hrefEncode( self.pathCombine( self.currentDir, $(this).parent().parent().data( 'filename' ) ) ) ); else $(this).on( 'click', function() { $( '#d_' + this.id ).submit(); @@ -1762,7 +1762,39 @@ function IFM( params ) { * @param string s - decoded string */ this.HTMLEncode = function( s ) { - return s.replace(/'/g, ''').replace(/"/g, '+'); + return s.replace( /'/g, ''').replace( /"/g, '+'); + } + + /** + * Encodes a string for use in the href attribute of an anchor. + * + * @param string s - decoded string + */ + this.hrefEncode = function( s ) { + return s + .replace( '%', '%25' ) + .replace( ';', '%3B' ) + .replace( '?', '%3F' ) + .replace( ':', '%3A' ) + .replace( '@', '%40' ) + .replace( '&', '%26' ) + .replace( '=', '%3D' ) + .replace( '+', '%2B' ) + .replace( '$', '%24' ) + .replace( ',', '%2C' ) + .replace( '<', '%3C' ) + .replace( '>', '%3E' ) + .replace( '#', '%23' ) + .replace( '"', '%22' ) + .replace( '{', '%7B' ) + .replace( '}', '%7D' ) + .replace( '|', '%7C' ) + .replace( '^', '%5E' ) + .replace( '[', '%5B' ) + .replace( ']', '%5D' ) + .replace( '`', '%60' ) + .replace( '\\', '%5C' ) + ; } /** @@ -2166,7 +2198,7 @@ function IFM( params ) { if( $handle = opendir( "." ) ) { while( false !== ( $result = readdir( $handle ) ) ) { - if( $result == basename( $_SERVER['SCRIPT_NAME'] ) && $this->getScriptRoot() == getcwd() ) { } + if( $result == basename( $_SERVER['SCRIPT_NAME'] ) && dirname( __FILE__ ) == getcwd() ) { } elseif( ( $result == ".htaccess" || $result==".htpasswd" ) && $this->config['showhtdocs'] != 1 ) {} elseif( $result == "." ) {} elseif( $result != ".." && substr( $result, 0, 1 ) == "." && $this->config['showhiddenfiles'] != 1 ) {} @@ -2557,7 +2589,7 @@ function IFM( params ) { try { IFMArchive::createZip( realpath( $d['filename'] ), $dfile, ( $d['filename'] == "." ) ); if( $d['filename'] == "." ) { - if( getcwd() == $this->getScriptRoot() ) + if( getcwd() == dirname( __FILE__ ) ) $d['filename'] = "root"; else $d['filename'] = basename( getcwd() ); @@ -2783,12 +2815,8 @@ function IFM( params ) { return false; } - private function getScriptRoot() { - return dirname( $_SERVER["SCRIPT_FILENAME"] ); - } - private function chDirIfNecessary($d) { - if( substr( getcwd(), strlen( $this->getScriptRoot() ) ) != $this->getValidDir($d) ) { + if( substr( getcwd(), strlen( dirname( __FILE__ ) ) ) != $this->getValidDir($d) ) { chdir( $d ); } } diff --git a/src/ifm.js b/src/ifm.js index 97231d7..1f77184 100644 --- a/src/ifm.js +++ b/src/ifm.js @@ -161,7 +161,7 @@ function IFM( params ) { }); } else { if( self.config.isDocroot ) - $(this).attr( "href", self.pathCombine( self.currentDir, $(this).parent().parent().data( 'filename' ) ) ); + $(this).attr( "href", self.hrefEncode( self.pathCombine( self.currentDir, $(this).parent().parent().data( 'filename' ) ) ) ); else $(this).on( 'click', function() { $( '#d_' + this.id ).submit(); @@ -1023,7 +1023,39 @@ function IFM( params ) { * @param string s - decoded string */ this.HTMLEncode = function( s ) { - return s.replace(/'/g, ''').replace(/"/g, '+'); + return s.replace( /'/g, ''').replace( /"/g, '+'); + } + + /** + * Encodes a string for use in the href attribute of an anchor. + * + * @param string s - decoded string + */ + this.hrefEncode = function( s ) { + return s + .replace( '%', '%25' ) + .replace( ';', '%3B' ) + .replace( '?', '%3F' ) + .replace( ':', '%3A' ) + .replace( '@', '%40' ) + .replace( '&', '%26' ) + .replace( '=', '%3D' ) + .replace( '+', '%2B' ) + .replace( '$', '%24' ) + .replace( ',', '%2C' ) + .replace( '<', '%3C' ) + .replace( '>', '%3E' ) + .replace( '#', '%23' ) + .replace( '"', '%22' ) + .replace( '{', '%7B' ) + .replace( '}', '%7D' ) + .replace( '|', '%7C' ) + .replace( '^', '%5E' ) + .replace( '[', '%5B' ) + .replace( ']', '%5D' ) + .replace( '`', '%60' ) + .replace( '\\', '%5C' ) + ; } /** diff --git a/src/main.php b/src/main.php index 729444e..bc51b0f 100644 --- a/src/main.php +++ b/src/main.php @@ -250,7 +250,7 @@ f00bar; if( $handle = opendir( "." ) ) { while( false !== ( $result = readdir( $handle ) ) ) { - if( $result == basename( $_SERVER['SCRIPT_NAME'] ) && $this->getScriptRoot() == getcwd() ) { } + if( $result == basename( $_SERVER['SCRIPT_NAME'] ) && dirname( __FILE__ ) == getcwd() ) { } elseif( ( $result == ".htaccess" || $result==".htpasswd" ) && $this->config['showhtdocs'] != 1 ) {} elseif( $result == "." ) {} elseif( $result != ".." && substr( $result, 0, 1 ) == "." && $this->config['showhiddenfiles'] != 1 ) {} @@ -641,7 +641,7 @@ f00bar; try { IFMArchive::createZip( realpath( $d['filename'] ), $dfile, ( $d['filename'] == "." ) ); if( $d['filename'] == "." ) { - if( getcwd() == $this->getScriptRoot() ) + if( getcwd() == dirname( __FILE__ ) ) $d['filename'] = "root"; else $d['filename'] = basename( getcwd() ); @@ -867,12 +867,8 @@ f00bar; return false; } - private function getScriptRoot() { - return dirname( $_SERVER["SCRIPT_FILENAME"] ); - } - private function chDirIfNecessary($d) { - if( substr( getcwd(), strlen( $this->getScriptRoot() ) ) != $this->getValidDir($d) ) { + if( substr( getcwd(), strlen( dirname( __FILE__ ) ) ) != $this->getValidDir($d) ) { chdir( $d ); } }