diff options
-rw-r--r-- | storage-backend/config/config.inc.php | 1 | ||||
-rw-r--r-- | storage-backend/index.php | 11 |
2 files changed, 7 insertions, 5 deletions
diff --git a/storage-backend/config/config.inc.php b/storage-backend/config/config.inc.php index dd05a15..bfc2c9a 100644 --- a/storage-backend/config/config.inc.php +++ b/storage-backend/config/config.inc.php @@ -11,3 +11,4 @@ return [ // Array of characters which are not allowed in filenames 'invalid_characters_in_filename' => ['/'], ]; +?>
\ No newline at end of file diff --git a/storage-backend/index.php b/storage-backend/index.php index ab59617..5d70b79 100644 --- a/storage-backend/index.php +++ b/storage-backend/index.php @@ -44,7 +44,7 @@ switch ($method) { // parse post parameters // check if all parameters are present - return 400 (bad request) if a parameter is missing / empty $xmppServerKey = getMandatoryPostParameter('xmpp_server_key'); - $filename = getMandatoryPostParameter('filename'); + $filename = rawurlencode(getMandatoryPostParameter('filename')); $filesize = getMandatoryPostParameter('size'); $type = getOptionalPostParameter('content_type'); $userJid = getMandatoryPostParameter('user_jid'); @@ -128,13 +128,13 @@ function checkXmppServerKey($validXmppServerKeys, $xmppServerKey) { } function checkFilenameParameter($filename, $slotParameters) { - $filename = rawurldecode($filename); // the filename is a http get parameter and therefore encoded + $filename = $filename; // the filename is a http get parameter and therefore encoded return $slotParameters['filename'] == $filename; } function loadSlotParameters($slotUUID, $config) { $slotParameters = require(getSlotFilePath($slotUUID, $config)); - $slotParameters['filename'] = rawurldecode($slotParameters['filename']); + $slotParameters['filename'] = $slotParameters['filename']; return $slotParameters; } @@ -180,8 +180,8 @@ function getFilenameFromUri($uri) { function registerSlot($slotUUID, $filename, $filesize, $contentType, $userJid, $config) { $contents = "<?php\n/*\n * This is an autogenerated file - do not edit\n */\n\n"; - $contents .= 'return [\'filename\' => \''.rawurlencode($filename).'\', \'filesize\' => \''.$filesize.'\', '; - $contents .= '\'content_type\' => \''.$contentType.'\', \'user_jid\' => \''.$userJid.'\'];'; + $contents .= 'return [\'filename\' => \''.$filename.'\', \'filesize\' => \''.$filesize.'\', '; + $contents .= '\'content_type\' => \''.$contentType.'\', \'user_jid\' => \''.$userJid.'\'];\n?>'; if (!file_put_contents(getSlotFilePath($slotUUID, $config), $contents)) { sendHttpReturnCodeAndMessage(500, "Could not create slot registry entry."); } @@ -250,3 +250,4 @@ function generate_uuid() { mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ) ); } +?>
\ No newline at end of file |