dreamer/hotmixes.lapis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

properly handle escaping of paths

Browse Source
This commit is contained in:
dreamer 2026-03-31 11:16:28 +02:00
parent 0493632932
commit 807e124570
3 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/handlers/roothandler.lua
View File

@ -11,13 +11,14 @@ local function Roothandler(self)
local latest_path, latest_name = hotmixes.utils.these_latest( path ) local latest_path, latest_name = hotmixes.utils.these_latest( path )
self.total = hotmixes.utils.total_files_dir( path ) self.total = hotmixes.utils.total_files_dir( path )
self.uri = hotmixes.utils.request_path self.uri = hotmixes.utils.request_path:sub(2) -- remove leading slash
self.path = '/data/' .. self.titles.url .. hotmixes.utils.request_path self.path = '/data/' .. self.titles.url .. hotmixes.utils.request_path
self.dirs = stuff.dirs self.dirs = stuff.dirs
self.files = stuff.files self.files = stuff.files
self.images = stuff.images self.images = stuff.images
self.latestpath = latest_path self.latestpath = latest_path
self.latestname = latest_name self.latestname = latest_name
self.functions = { escape = escape }
if self.titles['url'] == "panamaracing.club" then if self.titles['url'] == "panamaracing.club" then
return { render = "root", layout = require "views.prc_layout" } return { render = "root", layout = require "views.prc_layout" }

18
code/hotmixes/utils.lua
View File

@ -15,7 +15,7 @@ end
local request_path local request_path
if request_uri ~= '/' then if request_uri ~= '/' then
request_path = request_uri .. '/' request_path = request_uri .. '/'
else else
request_path = request_uri request_path = request_uri
end end
@ -30,14 +30,6 @@ local type_allowed = { jpg=true, jpeg=true, png=true, gif=true, mp3=true, flac=t
local utils = {} local utils = {}
utils['compare_file'] = function(a, b)
return a["file"] < b["file"]
end
utils['compare_dir'] = function(a, b)
return a["dir"] < b["dir"]
end
utils['request_path'] = request_path utils['request_path'] = request_path
utils['data_path'] = data_path utils['data_path'] = data_path
@ -72,17 +64,17 @@ utils['these_files'] = function( path )
if utils.match_ext( file, type_image ) then if utils.match_ext( file, type_image ) then
table.insert( images, file ) table.insert( images, file )
elseif utils.match_ext( file, type_media ) then elseif utils.match_ext( file, type_media ) then
table.insert( files, {sane=escape(file), file=file} ) table.insert( files, file )
end end
elseif lfs.attributes( path .. file, "mode" ) == "directory" then elseif lfs.attributes( path .. file, "mode" ) == "directory" then
table.insert( dirs, {sane=escape(file), dir=file} ) table.insert( dirs, file )
end end
end end
end end
table.sort( images ) table.sort( images )
table.sort( files, utils.compare_file ) table.sort( files )
table.sort( dirs, utils.compare_dir ) table.sort( dirs )
local stuff = { local stuff = {
files = files, files = files,

6
code/views/root.etlua
View File

@ -10,14 +10,14 @@
<% for i, dir in ipairs(dirs) do %> <% for i, dir in ipairs(dirs) do %>
<br> <br>
<a href="<%= uri .. dir["sane"] %>" class="djsection"><span><%= dir["dir"] %></span></a> <a href="<%- functions.escape(uri .. dir) %>" class="djsection"><span><%= dir %></span></a>
<br> <br>
<% end %> <% end %>
<br> <br>
<% for i, file in ipairs(files) do %> <% for i, file in ipairs(files) do %>
<a class="amixlink" href="<%= path .. file["sane"] %>"> <a class="amixlink" href="<%- functions.escape(path .. file) %>">
<span class="mixlink"><%= file["file"] %></span> <span class="mixlink"><%= file %></span>
</a> </a>
<br> <br>
<% end %> <% end %>