From 7bc8928f0dc4fc310bdc60d646138e68fbfba86d Mon Sep 17 00:00:00 2001 From: Adrien Castex Date: Fri, 30 Jun 2017 10:35:15 +0200 Subject: [PATCH] Fixed the urls in PROPFIND, PROPPATCH and LOCK responses not being encoded --- lib/server/v2/commands/Lock.js | 2 +- lib/server/v2/commands/Propfind.js | 6 ++--- lib/server/v2/commands/Proppatch.js | 2 +- src/server/v2/commands/Lock.ts | 2 +- src/server/v2/commands/Propfind.ts | 37 ++++------------------------- src/server/v2/commands/Proppatch.ts | 2 +- 6 files changed, 11 insertions(+), 40 deletions(-) diff --git a/lib/server/v2/commands/Lock.js b/lib/server/v2/commands/Lock.js index d9fe8632..825565ea 100644 --- a/lib/server/v2/commands/Lock.js +++ b/lib/server/v2/commands/Lock.js @@ -17,7 +17,7 @@ function createResponse(ctx, lock) { activelock.ele('D:locktype').ele(lock.lockKind.type.value); activelock.ele('D:lockscope').ele(lock.lockKind.scope.value); activelock.ele('D:locktoken').ele('D:href', undefined, true).add(lock.uuid); - activelock.ele('D:lockroot').ele('D:href', undefined, true).add(ctx.fullUri()); + activelock.ele('D:lockroot').ele('D:href', undefined, true).add(encodeURI(ctx.fullUri())); activelock.ele('D:depth').add(lock.depth === -1 ? 'infinity' : lock.depth.toString()); activelock.ele('D:owner').add(lock.owner); activelock.ele('D:timeout').add('Second-' + lock.lockKind.timeout); diff --git a/lib/server/v2/commands/Propfind.js b/lib/server/v2/commands/Propfind.js index 984bf3a0..1920b940 100644 --- a/lib/server/v2/commands/Propfind.js +++ b/lib/server/v2/commands/Propfind.js @@ -215,7 +215,7 @@ var default_1 = (function () { activelock.ele('D:owner').add(lock.owner); activelock.ele('D:timeout').add('Second-' + (lock.expirationDate - Date.now())); activelock.ele('D:locktoken').ele('D:href', undefined, true).add(lock.uuid); - activelock.ele('D:lockroot').ele('D:href', undefined, true).add(ctx.fullUri(path).replace(' ', '%20')); + activelock.ele('D:lockroot').ele('D:href', undefined, true).add(encodeURI(ctx.fullUri(path))); } } nbOut(null); @@ -228,7 +228,7 @@ var default_1 = (function () { resource.fs.getFullPath(ctx, resource.path, function (e, path) { if (e) return nbOut(e); - var p = ctx.fullUri(path.toString()).replace(' ', '%20'); + var p = encodeURI(ctx.fullUri(path.toString())); var href = p.lastIndexOf('/') !== p.length - 1 && type.isDirectory ? p + '/' : p; response.ele('D:href', undefined, true).add(href); response.ele('D:location').ele('D:href', undefined, true).add(p); @@ -263,7 +263,7 @@ var default_1 = (function () { methodDisplayName = resource.displayName; methodDisplayName.bind(resource)(function (e, name) { return process.nextTick(function () { if (!e) - tags.displayname.el.add(name ? name : ''); + tags.displayname.el.add(name ? encodeURI(name) : ''); nbOut(e); }); }); }); diff --git a/lib/server/v2/commands/Proppatch.js b/lib/server/v2/commands/Proppatch.js index e17c01b8..66ece2ff 100644 --- a/lib/server/v2/commands/Proppatch.js +++ b/lib/server/v2/commands/Proppatch.js @@ -16,7 +16,7 @@ var default_1 = (function () { 'xmlns:D': 'DAV:' }); var response = multistatus.ele('D:response'); - response.ele('D:href', undefined, true).add(ctx.fullUri()); + response.ele('D:href', undefined, true).add(encodeURI(ctx.fullUri())); try { var xml = XML_1.XML.parse(data); var root_1 = xml.find('DAV:propertyupdate'); diff --git a/src/server/v2/commands/Lock.ts b/src/server/v2/commands/Lock.ts index 5a844a64..47a82c67 100644 --- a/src/server/v2/commands/Lock.ts +++ b/src/server/v2/commands/Lock.ts @@ -20,7 +20,7 @@ function createResponse(ctx : RequestContext, lock : Lock) activelock.ele('D:locktype').ele(lock.lockKind.type.value); activelock.ele('D:lockscope').ele(lock.lockKind.scope.value); activelock.ele('D:locktoken').ele('D:href', undefined, true).add(lock.uuid); - activelock.ele('D:lockroot').ele('D:href', undefined, true).add(ctx.fullUri()); + activelock.ele('D:lockroot').ele('D:href', undefined, true).add(encodeURI(ctx.fullUri())); activelock.ele('D:depth').add(lock.depth === -1 ? 'infinity' : lock.depth.toString()); activelock.ele('D:owner').add(lock.owner); activelock.ele('D:timeout').add('Second-' + lock.lockKind.timeout); diff --git a/src/server/v2/commands/Propfind.ts b/src/server/v2/commands/Propfind.ts index 778f253a..31d6d935 100644 --- a/src/server/v2/commands/Propfind.ts +++ b/src/server/v2/commands/Propfind.ts @@ -325,36 +325,7 @@ export default class implements HTTPMethod }) displayValue('lockdiscovery', () => - {/* - ++nb; - lockDiscovery(lockDiscoveryCache, ctx, resource.path, resource, (e, l) => { - if(e) - { - nbOut(e); - return; - } - - for(const path in l) - { - for(const _lock of l[path]) - { - const lock : Lock = _lock; - const activelock = tags.lockdiscovery.el.ele('D:activelock'); - - activelock.ele('D:lockscope').ele('D:' + lock.lockKind.scope.value.toLowerCase()) - activelock.ele('D:locktype').ele('D:' + lock.lockKind.type.value.toLowerCase()) - activelock.ele('D:depth').add('Infinity') - if(lock.owner) - activelock.ele('D:owner').add(lock.owner) - activelock.ele('D:timeout').add('Second-' + (lock.expirationDate - Date.now())) - activelock.ele('D:locktoken').ele('D:href', undefined, true).add(lock.uuid) - activelock.ele('D:lockroot').ele('D:href', undefined, true).add(ctx.fullUri(path).replace(' ', '%20')) - } - } - - nbOut(null); - })*/ - + { resource.listDeepLocks((e, locks) => { if(e) return nbOut(e); @@ -373,7 +344,7 @@ export default class implements HTTPMethod activelock.ele('D:owner').add(lock.owner) activelock.ele('D:timeout').add('Second-' + (lock.expirationDate - Date.now())) activelock.ele('D:locktoken').ele('D:href', undefined, true).add(lock.uuid) - activelock.ele('D:lockroot').ele('D:href', undefined, true).add(ctx.fullUri(path).replace(' ', '%20')) + activelock.ele('D:lockroot').ele('D:href', undefined, true).add(encodeURI(ctx.fullUri(path))) } } @@ -390,7 +361,7 @@ export default class implements HTTPMethod if(e) return nbOut(e); - const p = ctx.fullUri(path.toString()).replace(' ', '%20'); + const p = encodeURI(ctx.fullUri(path.toString())); const href = p.lastIndexOf('/') !== p.length - 1 && type.isDirectory ? p + '/' : p; response.ele('D:href', undefined, true).add(href); response.ele('D:location').ele('D:href', undefined, true).add(p); @@ -436,7 +407,7 @@ export default class implements HTTPMethod methodDisplayName.bind(resource)((e, name) => process.nextTick(() => { if(!e) - tags.displayname.el.add(name ? name : ''); + tags.displayname.el.add(name ? encodeURI(name) : ''); nbOut(e); })) }) diff --git a/src/server/v2/commands/Proppatch.ts b/src/server/v2/commands/Proppatch.ts index 19cb753e..062a7c37 100644 --- a/src/server/v2/commands/Proppatch.ts +++ b/src/server/v2/commands/Proppatch.ts @@ -17,7 +17,7 @@ export default class implements HTTPMethod 'xmlns:D': 'DAV:' }); const response = multistatus.ele('D:response'); - response.ele('D:href', undefined, true).add(ctx.fullUri()); + response.ele('D:href', undefined, true).add(encodeURI(ctx.fullUri())); try {