From: Paul Hänsch Date: Tue, 9 Jun 2020 18:13:50 +0000 (+0200) Subject: updated for new cgilite escaping X-Git-Url: https://git.plutz.net/?a=commitdiff_plain;h=d036b70f149d2b3cc296470644c676cd81a3cc2c;p=serve0 updated for new cgilite escaping --- diff --git a/index.cgi b/index.cgi index a33211d..3cee46f 100755 --- a/index.cgi +++ b/index.cgi @@ -17,7 +17,7 @@ FILTER="$(GET f)" SEARCH="$(GET s)" ORDER="$(GET o |grep -m1 -axE 'Date|Name|Length|Group' || printf Name)" LISTSIZE="$(COOKIE pagesize |grep -m1 -axE '[1-9][0-9]*' || printf 50)" -ITEM="$(PATH "${PATH_INFO#/}")" +ITEM="${PATH_INFO%/}" ACTION="$(GET a)" case $ACTION in @@ -50,23 +50,23 @@ case $ACTION in ;; esac -if [ "$ITEM" = "/style.css" ]; then +if [ "$PATH_INFO" = "/style.css" ]; then . "$_EXEC/cgilite/file.sh" - [ -r "$_DATA/$ITEM" ] && FILE "$_DATA/$ITEM" \ + [ -r "$_DATA/$PATH_INFO" ] && FILE "$_DATA/$PATH_INFO" \ || FILE "$_EXEC/style.css" -elif [ "$ITEM" = "/stereoview.js" ]; then +elif [ "$PATH_INFO" = "/stereoview.js" ]; then . "$_EXEC/cgilite/file.sh" FILE "$_EXEC/stereoview.js" -elif [ -f "$_DATA/$ITEM" ]; then +elif [ -f "$_DATA/$PATH_INFO" ]; then case $ACTION in thumbnail) . "$_EXEC/cgilite/file.sh" . "$_EXEC/thumbnail.sh" - index="$_DATA/${ITEM%/*}/.index" - thumb="$index/${ITEM##*/}"; thumb="${thumb%.*}.jpg" + index="$_DATA/${PATH_INFO%/*}/.index" + thumb="$index/${PATH_INFO##*/}"; thumb="${thumb%.*}.jpg" [ -d "$index" -a ! -f "$thumb" ] \ - && { printf %s "$ITEM" |grep -qE -e "${file_pattern}" ;} \ - && gen_thumb "$_DATA/$ITEM" "$thumb" + && { printf %s "$PATH_INFO" |grep -qE -e "${file_pattern}" ;} \ + && gen_thumb "$_DATA/$PATH_INFO" "$thumb" FILE "$thumb" ;; delete) @@ -75,26 +75,26 @@ elif [ -f "$_DATA/$ITEM" ]; then . "$_EXEC/cgilite/file.sh" fakemp4="$(COOKIE fakemp4)" downscale="$(COOKIE downscale)" - downfile="$_DATA/${ITEM%/*}/.transcode/${ITEM%.*}.480p.webm" + downfile="$_DATA/${PATH_INFO%/*}/.transcode/${PATH_INFO%.*}.480p.webm" if [ "$downscale" = yes -a -f "$downfile" ]; then FILE "$downfile" "$([ "$fakemp4" = yes ] && printf 'video/mp4')" else - FILE "$_DATA/$ITEM" "$([ "$fakemp4" = yes ] && printf 'video/mp4')" + FILE "$_DATA/$PATH_INFO" "$([ "$fakemp4" = yes ] && printf 'video/mp4')" fi ;; *) . "$_EXEC/view.sh" esac -elif [ -d "$_DATA/$ITEM" ]; then +elif [ -d "$_DATA/$PATH_INFO" ]; then case $ACTION in advsearch) . "$_EXEC/advsearch.sh" ;; spawnindex) if [ "$(POST recursive)" = yes ]; then - find "$_DATA/$ITEM" -depth -type d \! -name .index \ + find "$_DATA/$PATH_INFO" -depth -type d \! -name .index \ -exec mkdir -p '{}'/.index \; else - mkdir -p "$_DATA/$ITEM/.index" + mkdir -p "$_DATA/$PATH_INFO/.index" fi REDIRECT "$(POST ref)" ;; diff --git a/list.sh b/list.sh index 8ba460e..259b9cd 100644 --- a/list.sh +++ b/list.sh @@ -9,7 +9,7 @@ list_item() { if [ "$type" = dir ]; then name="${meta%% *}"; - display="$(HTML "$name")"; link="$(URL "$ITEM/$name")" + display="$(HTML "$name")"; link="$(URL "${PATH_INFO%/}/$name")" printf '[a .list .dir href="%s" %s]' "${link}?${w_refuri#*\?}" "$name" return 0 fi @@ -24,15 +24,15 @@ list_item() { if [ "$type" = metashort ]; then name="$(list_fullname "$(UNSTRING "${name%${CR}}")")" fi - if [ -f "$_DATA/$ITEM/$name" ]; then - link="$(URL "$ITEM/$name")" - name="$(HTML "$ITEM/$name")" + if [ -f "$_DATA/${PATH_INFO%/}/$name" ]; then + link="$(URL "${PATH_INFO%/}/${name#./}")" + name="$(HTML "${PATH_INFO%/}/${name#./}")" printf '[div .list .file - [a href="%s" [img src="%s?a=thumbnail"]][label %s] + [a href="%s" [img src="%s?a=thumbnail"]][label . %s] [span .time %i:%02imin] [span .dim %ix%i] %s [checkbox "select" "%s" id="select_%s"][label for="select_%s" +] ]' \ - "$link" "$link" "${name##*/}" \ + "$link" "$link" "${name##/}" \ "$((length / 60))" "$((length % 60))" \ "$width" "$height" \ "$(printf '%s\n' "${tags#tags=}" \