github
/
filebrowser
mirror of https://github.com/filebrowser/filebrowser
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: correctly handle non-ascii passwords for shared resources

pull/1841/head
Oleg Lobanov 2022-02-21 20:47:28 +01:00
parent 0942fc7042
commit c782f21b0f
No known key found for this signature in database
GPG Key ID: 65FF3DB864FE3D2A
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/src/api/pub.js
View File

@ -5,7 +5,7 @@ export async function fetch(url, password = "") {
url = removePrefix(url); url = removePrefix(url);
const res = await fetchURL(`/api/public/share${url}`, { const res = await fetchURL(`/api/public/share${url}`, {
headers: { "X-SHARE-PASSWORD": password }, headers: { "X-SHARE-PASSWORD": encodeURIComponent(password) },
}); });
if (res.status === 200) { if (res.status === 200) {

5
http/public.go
View File

@ -3,6 +3,7 @@ package http
import ( import (
"errors" "errors"
"net/http" "net/http"
"net/url"
"path" "path"
"path/filepath" "path/filepath"
"strings" "strings"
@ -124,6 +125,10 @@ func authenticateShareRequest(r *http.Request, l *share.Link) (int, error) {
} }
password := r.Header.Get("X-SHARE-PASSWORD") password := r.Header.Get("X-SHARE-PASSWORD")
password, err := url.QueryUnescape(password)
if err != nil {
return 0, err
}
if password == "" { if password == "" {
return http.StatusUnauthorized, nil return http.StatusUnauthorized, nil
} }