Additional Escaping Of Paths In com_media (#20616)

* Additional Escaping Of Paths In com_media

* Additional Override Escaping

* carefully revert some escaping (security)

* more specific and special reverse encoding of slash

* C&P Error

administrator/components/com_media/views/medialist/tmpl/details_img.php

@@ -21,10 +21,10 @@
 
 <tr>
 	<td>
-		<a class="img-preview" href="<?php echo COM_MEDIA_BASEURL . '/' . rawurlencode($this->_tmp_img->path_relative); ?>" title="<?php echo $this->escape($this->_tmp_img->name); ?>"><?php echo JHtml::_('image', COM_MEDIA_BASEURL . '/' . $this->escape($this->_tmp_img->path_relative), JText::sprintf('COM_MEDIA_IMAGE_TITLE', $this->_tmp_img->title, JHtml::_('number.bytes', $this->_tmp_img->size)), array('width' => $this->_tmp_img->width_16, 'height' => $this->_tmp_img->height_16)); ?></a>
+		<a class="img-preview" href="<?php echo COM_MEDIA_BASEURL . '/' . str_replace('%2F', '/', rawurlencode($this->_tmp_img->path_relative)); ?>" title="<?php echo $this->escape($this->_tmp_img->name); ?>"><?php echo JHtml::_('image', COM_MEDIA_BASEURL . '/' . $this->escape($this->_tmp_img->path_relative), JText::sprintf('COM_MEDIA_IMAGE_TITLE', $this->_tmp_img->title, JHtml::_('number.bytes', $this->_tmp_img->size)), array('width' => $this->_tmp_img->width_16, 'height' => $this->_tmp_img->height_16)); ?></a>
 	</td>
 	<td class="description">
-		<a href="<?php echo  COM_MEDIA_BASEURL . '/' . rawurlencode($this->_tmp_img->path_relative); ?>" title="<?php echo $this->escape($this->_tmp_img->name); ?>" class="preview"><?php echo $this->escape($this->_tmp_img->title); ?></a>
+		<a href="<?php echo COM_MEDIA_BASEURL . '/' . str_replace('%2F', '/', rawurlencode($this->_tmp_img->path_relative)); ?>" title="<?php echo $this->escape($this->_tmp_img->name); ?>" class="preview"><?php echo $this->escape($this->_tmp_img->title); ?></a>
 	</td>
 	<td class="dimensions">
 		<?php echo JText::sprintf('COM_MEDIA_IMAGE_DIMENSIONS', $this->_tmp_img->width, $this->_tmp_img->height); ?>

administrator/components/com_media/views/medialist/tmpl/details_imgs.php

@@ -28,13 +28,13 @@
 		<?php endif; ?>
 
 		<td>
-			<a class="img-preview" href="<?php echo COM_MEDIA_BASEURL, '/', rawurlencode($image->path_relative); ?>" title="<?php echo $this->escape($image->name); ?>">
+			<a class="img-preview" href="<?php echo COM_MEDIA_BASEURL . '/' . str_replace('%2F', '/', rawurlencode($image->path_relative)); ?>" title="<?php echo $this->escape($image->name); ?>">
 				<?php echo JHtml::_('image', COM_MEDIA_BASEURL . '/' . $this->escape($image->path_relative), JText::sprintf('COM_MEDIA_IMAGE_TITLE', $this->escape($image->title), JHtml::_('number.bytes', $image->size)), array('width' => $image->width_16, 'height' => $image->height_16)); ?>
 			</a>
 		</td>
 
 		<td class="description">
-			<a href="<?php echo  COM_MEDIA_BASEURL, '/', rawurlencode($image->path_relative); ?>" title="<?php echo $this->escape($image->name); ?>" class="preview">
+			<a href="<?php echo  COM_MEDIA_BASEURL . '/' . str_replace('%2F', '/', rawurlencode($image->path_relative)); ?>" title="<?php echo $this->escape($image->name); ?>" class="preview">
 				<?php echo $this->escape($image->title); ?>
 			</a>
 		</td>

administrator/components/com_media/views/medialist/tmpl/thumbs_imgs.php

@@ -29,7 +29,7 @@
 		<?php endif; ?>
 
 		<div class="height-50">
-			<a class="img-preview" href="<?php echo COM_MEDIA_BASEURL, '/', rawurlencode($img->path_relative); ?>" title="<?php echo $this->escape($img->name); ?>" >
+			<a class="img-preview" href="<?php echo COM_MEDIA_BASEURL . '/' . str_replace('%2F', '/', rawurlencode($img->path_relative)); ?>" title="<?php echo $this->escape($img->name); ?>" >
 				<?php echo JHtml::_('image', COM_MEDIA_BASEURL . '/' . $this->escape($img->path_relative), JText::sprintf('COM_MEDIA_IMAGE_TITLE', $this->escape($img->title), JHtml::_('number.bytes', $img->size)), array('width' => $img->width_60, 'height' => $img->height_60)); ?>
 			</a>
 		</div>

administrator/templates/isis/html/com_media/imageslist/default_folder.php

@@ -17,7 +17,7 @@
 			<span class="icon-folder-2"></span>
 		</div>
 		<div class="small">
-			<?php echo JHtml::_('string.truncate', $this->_tmp_folder->name, 10, false); ?>
+			<?php echo JHtml::_('string.truncate', $this->escape($this->_tmp_folder->name), 10, false); ?>
 		</div>
 	</a>
 </li>

administrator/templates/isis/html/com_media/medialist/thumbs_imgs.php

@@ -37,7 +37,7 @@
 		</div>
 
 		<div class="imgPreview nowrap small">
-			<a href="<?php echo COM_MEDIA_BASEURL, '/', rawurlencode($img->path_relative); ?>" title="<?php echo $this->escape($img->name); ?>" class="preview truncate">
+			<a href="<?php echo COM_MEDIA_BASEURL . '/' . str_replace('%2F', '/', rawurlencode($img->path_relative)); ?>" title="<?php echo $this->escape($img->name); ?>" class="preview truncate">
 				<span class="icon-search" aria-hidden="true"></span><?php echo $this->escape($img->name); ?>
 			</a>
 		</div>

templates/protostar/html/com_media/imageslist/default_folder.php

@@ -12,12 +12,12 @@
 $input = JFactory::getApplication()->input;
 ?>
 <li class="imgOutline thumbnail height-80 width-80 center">
-	<a href="index.php?option=com_media&amp;view=imagesList&amp;tmpl=component&amp;folder=<?php echo $this->_tmp_folder->path_relative; ?>&amp;asset=<?php echo $input->getCmd('asset');?>&amp;author=<?php echo $input->getCmd('author');?>" target="imageframe">
+	<a href="index.php?option=com_media&amp;view=imagesList&amp;tmpl=component&amp;folder=<?php echo rawurlencode($this->_tmp_folder->path_relative); ?>&amp;asset=<?php echo $input->getCmd('asset');?>&amp;author=<?php echo $input->getCmd('author');?>" target="imageframe">
 		<div class="imgFolder">
 			<span class="icon-folder-2"></span>
 		</div>
 		<div class="small">
-			<?php echo JHtml::_('string.truncate', $this->_tmp_folder->name, 10, false); ?>
+			<?php echo JHtml::_('string.truncate', $this->escape($this->_tmp_folder->name), 10, false); ?>
 		</div>
 	</a>
 </li>