khaledmahfouz5/Maqtaa
1
0
نسخ 1
الشفرة المشكلات طلبات السحب Actions Packages المشاريع الإصدارات الويكي النشاط

Clean file path names on file creation (#624)

تصفح المصدر
هذا الالتزام موجود في:
Thomas Miceli
2026-02-25 22:30:26 +07:00
ملتزم من قبل GitHub
الأصل 7b1048ec30
التزام b097cfcbc0
3 ملفات معدلة مع 47 إضافات و25 حذوفات
تنزيل ملف التصحيح تنزيل ملف الاختلاف توسيع جميع الملفات طي جميع الملفات

18
internal/db/gist.go
عرض الملف

@@ -720,13 +720,17 @@ func (gist *Gist) ToDTO() (*GistDTO, error) {
// -- DTO -- // // -- DTO -- //
type GistDTO struct { type GistDTO struct {
Title string `validate:"max=250" form:"title"` Title string `validate:"max=250" form:"title"`
Description string `validate:"max=1000" form:"description"` Description string `validate:"max=1000" form:"description"`
URL string `validate:"max=32,alphanumdashorempty" form:"url"` URL string `validate:"max=32,alphanumdashorempty" form:"url"`
Files []FileDTO `validate:"min=1,dive"` Files []FileDTO `validate:"min=1,dive"`
Name []string `form:"name"` Name []string `form:"name"`
Content []string `form:"content"` Content []string `form:"content"`
Topics string `validate:"gisttopics" form:"topics"` Topics string `validate:"gisttopics" form:"topics"`
UploadedFilesUUID []string `validate:"omitempty,dive,required,uuid" form:"uploadedfile_uuid"`
UploadedFilesNames []string `validate:"omitempty,dive,required" form:"uploadedfile_filename"`
BinaryFileOldName []string `form:"binary_old_name"`
BinaryFileNewName []string `form:"binary_new_name"`
VisibilityDTO VisibilityDTO
} }

19
internal/git/file.go Normal file
عرض الملف

@@ -0,0 +1,19 @@
package git
import (
"path/filepath"
"strings"
)
func CleanTreePathName(s string) string {
name := filepath.Base(s)
if name == "." || name == ".." {
return ""
}
name = strings.ReplaceAll(name, "/", "")
name = strings.ReplaceAll(name, "\\", "")
return name
}

35
internal/web/handlers/gist/create.go
عرض الملف

@@ -24,11 +24,6 @@ func Create(ctx *context.Context) error {
func ProcessCreate(ctx *context.Context) error { func ProcessCreate(ctx *context.Context) error {
isCreate := ctx.Request().URL.Path == "/" isCreate := ctx.Request().URL.Path == "/"
err := ctx.Request().ParseForm()
if err != nil {
return ctx.ErrorRes(400, ctx.Tr("error.bad-request"), err)
}
dto := new(db.GistDTO) dto := new(db.GistDTO)
var gist *db.Gist var gist *db.Gist
@@ -39,25 +34,24 @@ func ProcessCreate(ctx *context.Context) error {
ctx.SetData("htmlTitle", ctx.TrH("gist.edit.edit-gist", gist.Title)) ctx.SetData("htmlTitle", ctx.TrH("gist.edit.edit-gist", gist.Title))
} }
if err := ctx.Bind(dto); err != nil { err := ctx.Bind(dto)
if err != nil {
return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err) return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
} }
dto.Files = make([]db.FileDTO, 0) dto.Files = make([]db.FileDTO, 0)
fileCounter := 0
names := ctx.Request().PostForm["name"] names := dto.Name
contents := ctx.Request().PostForm["content"] contents := dto.Content
// Process files from text editors // Process files from text editors
for i, content := range contents { for i, content := range contents {
if content == "" { if content == "" {
continue continue
} }
name := names[i] name := git.CleanTreePathName(names[i])
if name == "" { if name == "" {
fileCounter += 1 name = "gistfile" + strconv.Itoa(len(dto.Files)+1) + ".txt"
name = "gistfile" + strconv.Itoa(fileCounter) + ".txt"
} }
escapedValue, err := url.PathUnescape(content) escapedValue, err := url.PathUnescape(content)
@@ -72,8 +66,8 @@ func ProcessCreate(ctx *context.Context) error {
} }
// Process uploaded files from UUID arrays // Process uploaded files from UUID arrays
fileUUIDs := ctx.Request().PostForm["uploadedfile_uuid"] fileUUIDs := dto.UploadedFilesUUID
fileFilenames := ctx.Request().PostForm["uploadedfile_filename"] fileFilenames := dto.UploadedFilesNames
if len(fileUUIDs) == len(fileFilenames) { if len(fileUUIDs) == len(fileFilenames) {
for i, fileUUID := range fileUUIDs { for i, fileUUID := range fileUUIDs {
filePath := filepath.Join(filepath.Join(config.GetHomeDir(), "uploads"), fileUUID) filePath := filepath.Join(filepath.Join(config.GetHomeDir(), "uploads"), fileUUID)
@@ -82,8 +76,13 @@ func ProcessCreate(ctx *context.Context) error {
continue continue
} }
name := git.CleanTreePathName(fileFilenames[i])
if name == "" {
name = "gistfile" + strconv.Itoa(len(dto.Files)+1) + ".txt"
}
dto.Files = append(dto.Files, db.FileDTO{ dto.Files = append(dto.Files, db.FileDTO{
Filename: fileFilenames[i], Filename: name,
SourcePath: filePath, SourcePath: filePath,
Content: "", // Empty since we're using SourcePath Content: "", // Empty since we're using SourcePath
}) })
@@ -91,11 +90,11 @@ func ProcessCreate(ctx *context.Context) error {
} }
// Process binary file operations (edit mode) // Process binary file operations (edit mode)
binaryOldNames := ctx.Request().PostForm["binary_old_name"] binaryOldNames := dto.BinaryFileOldName
binaryNewNames := ctx.Request().PostForm["binary_new_name"] binaryNewNames := dto.BinaryFileNewName
if len(binaryOldNames) == len(binaryNewNames) { if len(binaryOldNames) == len(binaryNewNames) {
for i, oldName := range binaryOldNames { for i, oldName := range binaryOldNames {
newName := binaryNewNames[i] newName := git.CleanTreePathName(binaryNewNames[i])
if newName == "" { // deletion if newName == "" { // deletion
continue continue