fix: correctly handle non-ascii passwords for shared resources

2025-11-26 14:25:26 +08:00 · 2022-02-21 20:47:28 +01:00
parent 0942fc7042
commit c782f21b0f
2 changed files with 6 additions and 1 deletions
--- a/http/public.go
+++ b/http/public.go
@@ -3,6 +3,7 @@ package http
 import (
 	"errors"
 	"net/http"
+	"net/url"
 	"path"
 	"path/filepath"
 	"strings"
@@ -124,6 +125,10 @@ func authenticateShareRequest(r *http.Request, l *share.Link) (int, error) {
 	}

 	password := r.Header.Get("X-SHARE-PASSWORD")
+	password, err := url.QueryUnescape(password)
+	if err != nil {
+		return 0, err
+	}
 	if password == "" {
 		return http.StatusUnauthorized, nil
 	}