Skip to content

Commit

Permalink
fix: correctly handle non-ascii passwords for shared resources
Browse files Browse the repository at this point in the history
  • Loading branch information
@o1egl
o1egl committed Feb 21, 2022
1 parent 0942fc7 commit c782f21
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
2 changes: 1 addition & 1 deletion frontend/src/api/pub.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ export async function fetch(url, password = "") {
url = removePrefix(url);

const res = await fetchURL(`/api/public/share${url}`, {
headers: { "X-SHARE-PASSWORD": password },
headers: { "X-SHARE-PASSWORD": encodeURIComponent(password) },
});

if (res.status === 200) {
Expand Down
5 changes: 5 additions & 0 deletions http/public.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package http
import (
"errors"
"net/http"
"net/url"
"path"
"path/filepath"
"strings"
Expand Down Expand Up @@ -124,6 +125,10 @@ func authenticateShareRequest(r *http.Request, l *share.Link) (int, error) {
}

password := r.Header.Get("X-SHARE-PASSWORD")
password, err := url.QueryUnescape(password)
if err != nil {
return 0, err
}
if password == "" {
return http.StatusUnauthorized, nil
}
Expand Down

0 comments on commit c782f21

Please sign in to comment.