CLOUD: Add query parameters URL encoding

In local webserver's links. Fixed URL decoding to understand '+', by the way. Firefox sends these instead of spaces and "%2B" instead of '+'.
2025-01-09 11:20:56 +00:00 · 2016-07-07 15:01:07 +06:00 · 2016-07-07 15:01:07 +06:00 · 4d88f51de9
commit 4d88f51de9
parent 89a1a54982
5 changed files with 49 additions and 5 deletions
--- a/backends/networking/sdl_net/handlers/createdirectoryhandler.cpp
+++ b/backends/networking/sdl_net/handlers/createdirectoryhandler.cpp
@ -44,8 +44,9 @@ void CreateDirectoryHandler::handle(Client &client) {
 		handleErrorMessage(
 			client,
 			Common::String::format(
-				"%s<br/><a href=\"files?path=/\">%s</a>",
+				"%s<br/><a href=\"files?path=%s\">%s</a>",
 				errorMessage.c_str(),
+				"%2F", //that's encoded "/"
 				_("Back to the files manager")
 				)
 			);
@ -65,7 +66,10 @@ void CreateDirectoryHandler::handle(Client &client) {
 			_("Back to parent directory")
 		)
 	);
-	LocalWebserver::setClientRedirectHandler(client, response, "/files?path=" + client.queryParameter("path"));
+	LocalWebserver::setClientRedirectHandler(
+		client, response,
+		"/files?path=" + LocalWebserver::urlEncodeQueryParameterValue(client.queryParameter("path"))
+	);
 }

 void CreateDirectoryHandler::handleErrorMessage(Client &client, Common::String message) {
--- a/backends/networking/sdl_net/handlers/downloadfilehandler.cpp
+++ b/backends/networking/sdl_net/handlers/downloadfilehandler.cpp
@ -44,8 +44,9 @@ void DownloadFileHandler::handle(Client &client) {
 		handleErrorMessage(
 			client,
 			Common::String::format(
-				"%s<br/><a href=\"files?path=/\">%s</a>",
+				"%s<br/><a href=\"files?path=%s\">%s</a>",
 				errorMessage.c_str(),
+				"%2F", //that's encoded "/"
 				_("Back to the files manager")
 				)
 			);
--- a/backends/networking/sdl_net/handlers/filespagehandler.cpp
+++ b/backends/networking/sdl_net/handlers/filespagehandler.cpp
@ -50,8 +50,9 @@ void FilesPageHandler::handle(Client &client) {
 		handleErrorMessage(
 			client,
 			Common::String::format(
-				"%s<br/><a href=\"files?path=/\">%s</a>",
+				"%s<br/><a href=\"files?path=%s\">%s</a>",
 				_("ScummVM couldn't list the directory you specified."),
+				"%2F", //that's encoded "/"
 				_("Back to the files manager")
 			)
 		);
@ -133,7 +134,7 @@ bool FilesPageHandler::listDirectory(Common::String path, Common::String &conten

 void FilesPageHandler::addItem(Common::String &content, const Common::String &itemTemplate, bool isDirectory, Common::String path, Common::String name, Common::String size) {
 	Common::String item = itemTemplate;
-	replace(item, "{link}", (isDirectory ? "files?path=" : "download?path=") + path);
+	replace(item, "{link}", (isDirectory ? "files?path=" : "download?path=") + LocalWebserver::urlEncodeQueryParameterValue(path));
 	replace(item, "{name}", name);
 	replace(item, "{size}", size);
 	content += item;
--- a/backends/networking/sdl_net/localwebserver.cpp
+++ b/backends/networking/sdl_net/localwebserver.cpp
@ -301,6 +301,11 @@ Common::String LocalWebserver::urlDecode(Common::String value) {
 	Common::String result = "";
 	uint32 size = value.size();
 	for (uint32 i = 0; i < size; ++i) {
+		if (value[i] == '+') {
+			result += ' ';
+			continue;
+		}
+
 		if (value[i] == '%' && i+2 < size) {
 			int d1 = hexDigit(value[i+1]);
 			int d2 = hexDigit(value[i+2]);
@ -316,4 +321,36 @@ Common::String LocalWebserver::urlDecode(Common::String value) {
 	return result;
 }

+namespace {
+bool isQueryUnreserved(char c) {
+	return (
+		('0' <= c && c <= '9') ||
+		('A' <= c && c <= 'Z') ||
+		('a' <= c && c <= 'z') ||
+		c == '-' || c == '_' || c == '.' || c == '!' ||
+		c == '~' || c == '*' || c == '\'' || c == '(' || c == ')'
+	);
+}
+}
+
+Common::String LocalWebserver::urlEncodeQueryParameterValue(Common::String value) {
+	//OK chars = alphanum | "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
+	//reserved for query are ";", "/", "?", ":", "@", "&", "=", "+", ","
+	//that means these must be encoded too or otherwise they could malform the query
+	Common::String result = "";
+	char hexChar[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
+	for (uint32 i = 0; i < value.size(); ++i) {
+		char c = value[i];
+		if (isQueryUnreserved(c))
+			result += c;
+		else {
+			result += '%';
+			result += hexChar[(c >> 4) & 0xF];
+			result += hexChar[c & 0xF];
+		}
+	}
+	return result;
+}
+
+
 } // End of namespace Networking
--- a/backends/networking/sdl_net/localwebserver.h
+++ b/backends/networking/sdl_net/localwebserver.h
@ -94,6 +94,7 @@ public:
 	static void setClientRedirectHandler(Client &client, Common::SeekableReadStream *responseStream, Common::String location, const char *mimeType = nullptr);
 	static const char *determineMimeType(Common::String &filename);
 	static Common::String urlDecode(Common::String value);
+	static Common::String urlEncodeQueryParameterValue(Common::String value);
 };

 /** Shortcut for accessing the local webserver. */