Fix space on end of page name creates two pages, one shadowed #615

silverbulletmd · Mar 17, 2024 · 0e1f82c · 0e1f82c
1 parent 8a3782e
commit 0e1f82c
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 10 deletions.
diff --git a/common/spaces/http_space_primitives.ts b/common/spaces/http_space_primitives.ts
@@ -34,14 +34,18 @@ export class HttpSpacePrimitives implements SpacePrimitives {
         throw new Error("Offline");
       }
       if (result.redirected) {
-        // Got a redirect, we'll assume this is due to invalid credentials and redirecting to an auth page
-        console.log(
-          "Got a redirect via the API so will redirect to URL",
-          result.url,
-        );
-        alert("You are not authenticated, redirecting to login page...");
-        location.href = result.url;
-        throw new Error("Not authenticated");
+        if (result.status === 401) {
+          console.log(
+            "Received unauthorized status and got a redirect via the API so will redirect to URL",
+            result.url,
+          );
+          alert("You are not authenticated, redirecting to login page...");
+          location.href = result.url;
+          throw new Error("Not authenticated");
+        } else {
+          location.href = result.url;
+          throw new Error("Redirected");
+        }
       }
       if (result.status === 401) {
         location.reload();

diff --git a/server/http_server.ts b/server/http_server.ts
@@ -12,6 +12,7 @@ import { parse } from "$common/markdown_parser/parse_tree.ts";
 import { renderMarkdownToHtml } from "../plugs/markdown/markdown_render.ts";
 import { parsePageRef } from "$sb/lib/page_ref.ts";
 import { base64Encode } from "$lib/crypto.ts";
+import * as path from "$std/path/mod.ts";
 
 const authenticationExpirySeconds = 60 * 60 * 24 * 7; // 1 week
 
@@ -469,9 +470,10 @@ export class HttpServer {
         const req = c.req;
         const name = req.param("path")!;
         const spaceServer = await this.ensureSpaceServer(req);
+        const mdExt = ".md";
         console.log(
-          "Requested file",
           name,
+          "Requested file",
         );
         if (
           name.endsWith(".md") &&
@@ -486,7 +488,7 @@ export class HttpServer {
           console.warn(
             "Request was without X-Sync-Mode nor a CORS request, redirecting to page",
           );
-          return c.redirect(`/${name.slice(0, -3)}`);
+          return c.redirect(`/${name.slice(0, -mdExt.length)}`, 401);
         }
         if (name.startsWith(".")) {
           // Don't expose hidden files
@@ -518,6 +520,16 @@ export class HttpServer {
             return c.text(e.message, 500);
           }
         }
+
+        const filename = path.posix.basename(name, mdExt);
+        if (filename.trim() !== filename) {
+          const newName = path.posix.join(
+            path.posix.dirname(name),
+            filename.trim(),
+          );
+          return c.redirect(`/${newName}`);
+        }
+
         try {
           if (req.header("X-Get-Meta")) {
             // Getting meta via GET request
@@ -557,6 +569,11 @@ export class HttpServer {
           return c.text("Forbidden", 403);
         }
 
+        const filename = path.posix.basename(name, ".md");
+        if (filename.trim() !== filename) {
+          return c.text("Malformed filename", 400);
+        }
+
         const body = await req.arrayBuffer();
 
         try {