Improve upload filename encoding

author: RblSb <msrblsb@gmail.com> 2025-03-02 10:09:26 +0300
committer: RblSb <msrblsb@gmail.com> 2025-03-03 00:51:38 +0300
commit: aed0d8ed6865a3e966fa866af4b99f5d4b4d33eb (patch)
tree: c6c0274dc824f15855af4534747e5d36433e42a0 /src
parent: 3b22ce9b59e1e549dddbba99b90b87a1dc1fcf87 (diff)
4 files changed, 20 insertions, 10 deletions
diff --git a/src/client/Buttons.hx b/src/client/Buttons.hx
index 513133a..11b8f7c 100644
--- a/src/client/Buttons.hx
+++ b/src/client/Buttons.hx
@@ -248,7 +248,10 @@ class Buttons {
 
 		getEl("#mediaurl-upload").onclick = e -> {
 			Utils.browseFile((buffer, name) -> {
-				if (name == null || name.length == 0) name = "video";
+				name ??= "";
+				name = ~/[?#%\/\\]/g.replace(name, "").trim();
+				if (name.length == 0) name = "video";
+				name = (window : Dynamic).encodeURIComponent(name);
 
 				// send last chunk separately to allow server file streaming while uploading
 				final chunkSize = 1024 * 1024 * 5; // 5 MB
@@ -258,7 +261,6 @@ class Buttons {
 					method: "POST",
 					headers: {
 						"content-name": name,
-						"client-name": main.getName(),
 					},
 					body: lastChunk,
 				});
@@ -276,7 +278,6 @@ class Buttons {
 				final request = new XMLHttpRequest();
 				request.open("POST", "/upload", true);
 				request.setRequestHeader("content-name", name);
-				request.setRequestHeader("client-name", main.getName());
 
 				request.upload.onprogress = (event:ProgressEvent) -> {
 					var ratio = 0.0;
diff --git a/src/client/Utils.hx b/src/client/Utils.hx
index 9217e07..f071b76 100644
--- a/src/client/Utils.hx
+++ b/src/client/Utils.hx
@@ -4,6 +4,7 @@ import haxe.io.Mime;
 import js.Browser.document;
 import js.Browser.navigator;
 import js.Browser.window;
+import js.html.Blob;
 import js.html.Element;
 import js.html.FileReader;
 import js.html.URL;
@@ -181,7 +182,7 @@ class Utils {
 	}
 
 	public static function saveFile(name:String, mime:Mime, data:String):Void {
-		final blob = new js.html.Blob([data], {
+		final blob = new Blob([data], {
 			type: mime
 		});
 		final url = URL.createObjectURL(blob);
diff --git a/src/client/players/Raw.hx b/src/client/players/Raw.hx
index f51bd9e..5a037c3 100644
--- a/src/client/players/Raw.hx
+++ b/src/client/players/Raw.hx
@@ -54,7 +54,7 @@ class Raw implements IPlayer {
 
 		var title = titleInput.value.trim();
 		if (title.length == 0) {
-			final decodedUrl = url.urlDecode();
+			final decodedUrl = try url.urlDecode() catch (e) url;
 			final lastPart = decodedUrl.substr(decodedUrl.lastIndexOf("/") + 1);
 			if (matchName.match(lastPart)) title = matchName.matched(1);
 			else title = Lang.get("rawVideo");
diff --git a/src/server/HttpServer.hx b/src/server/HttpServer.hx
index 8f0b56e..4734815 100644
--- a/src/server/HttpServer.hx
+++ b/src/server/HttpServer.hx
@@ -113,6 +113,8 @@ class HttpServer {
 		if (hasCustomRes) {
 			final path = getPath(customDir, url);
 			if (Fs.existsSync(path)) filePath = path;
+			final ext = Path.extension(filePath).toLowerCase();
+			res.setHeader("content-type", getMimeType(ext));
 		}
 
 		if (isMediaExtension(ext)) {
@@ -133,7 +135,9 @@ class HttpServer {
 	}
 
 	function uploadFileLastChunk(req:IncomingMessage, res:ServerResponse) {
-		final name = cache.getFreeFileName(req.headers["content-name"]);
+		var fileName = try decodeURIComponent(req.headers["content-name"]) catch (e) "";
+		if (fileName.trim().length == 0) fileName = null;
+		final name = cache.getFreeFileName(fileName);
 		final filePath = cache.getFilePath(name);
 		final body:Array<Any> = [];
 		req.on("data", chunk -> body.push(chunk));
@@ -152,8 +156,9 @@ class HttpServer {
 	}
 
 	function uploadFile(req:IncomingMessage, res:ServerResponse) {
-		final name = cache.getFreeFileName(req.headers["content-name"]);
-		final clientName = req.headers["client-name"];
+		var fileName = try decodeURIComponent(req.headers["content-name"]) catch (e) "";
+		if (fileName.trim().length == 0) fileName = null;
+		final name = cache.getFreeFileName(fileName);
 		final filePath = cache.getFilePath(name);
 		final size = Std.parseInt(req.headers["content-length"]) ?? return;
 
@@ -210,8 +215,7 @@ class HttpServer {
 	}
 
 	function getPath(dir:String, url:URL):String {
-		var filePath = dir + url.pathname;
-		filePath = filePath.urlDecode();
+		final filePath = dir.urlDecode() + decodeURIComponent(url.pathname);
 		if (!FileSystem.isDirectory(filePath)) return filePath;
 		return Path.addTrailingSlash(filePath) + "index.html";
 	}
@@ -378,4 +382,8 @@ class HttpServer {
 	inline function decodeURI(data:String):String {
 		return js.Syntax.code("decodeURI({0})", data);
 	}
+
+	inline function decodeURIComponent(data:String):String {
+		return js.Syntax.code("decodeURIComponent({0})", data);
+	}
 }
author	RblSb <msrblsb@gmail.com>	2025-03-02 10:09:26 +0300
committer	RblSb <msrblsb@gmail.com>	2025-03-03 00:51:38 +0300
commit	aed0d8ed6865a3e966fa866af4b99f5d4b4d33eb (patch)
tree	c6c0274dc824f15855af4534747e5d36433e42a0 /src
parent	3b22ce9b59e1e549dddbba99b90b87a1dc1fcf87 (diff)