7 files changed, 61 insertions, 22 deletions

diff --git a/build/server.js b/build/server.js
index e9d6d3c..af245ac 100644
--- a/build/server.js
+++ b/build/server.js
@@ -4334,6 +4334,8 @@ server_HttpServer.prototype = {
 			if(js_node_Fs.existsSync(path)) {
 				filePath = path;
 			}
+			var ext1 = haxe_io_Path.extension(filePath).toLowerCase();
+			res.setHeader("content-type",this.getMimeType(ext1));
 		}
 		if(this.isMediaExtension(ext)) {
 			if(this.serveMedia(req,res,filePath)) {
@@ -4353,7 +4355,16 @@ server_HttpServer.prototype = {
 	}
 	,uploadFileLastChunk: function(req,res) {
 		var _gthis = this;
-		var name = this.cache.getFreeFileName(req.headers["content-name"]);
+		var fileName;
+		try {
+			fileName = decodeURIComponent(req.headers["content-name"]);
+		} catch( _g ) {
+			fileName = "";
+		}
+		if(StringTools.trim(fileName).length == 0) {
+			fileName = null;
+		}
+		var name = this.cache.getFreeFileName(fileName);
 		var filePath = this.cache.getFilePath(name);
 		var body = [];
 		req.on("data",function(chunk) {
@@ -4369,7 +4380,16 @@ server_HttpServer.prototype = {
 	}
 	,uploadFile: function(req,res) {
 		var _gthis = this;
-		var name = this.cache.getFreeFileName(req.headers["content-name"]);
+		var fileName;
+		try {
+			fileName = decodeURIComponent(req.headers["content-name"]);
+		} catch( _g ) {
+			fileName = "";
+		}
+		if(StringTools.trim(fileName).length == 0) {
+			fileName = null;
+		}
+		var name = this.cache.getFreeFileName(fileName);
 		var filePath = this.cache.getFilePath(name);
 		var tmp = Std.parseInt(req.headers["content-length"]);
 		if(tmp == null) {
@@ -4415,7 +4435,7 @@ server_HttpServer.prototype = {
 			}
 		});
 		stream.on("error",function(err) {
-			haxe_Log.trace(err,{ fileName : "src/server/HttpServer.hx", lineNumber : 196, className : "server.HttpServer", methodName : "uploadFile"});
+			haxe_Log.trace(err,{ fileName : "src/server/HttpServer.hx", lineNumber : 201, className : "server.HttpServer", methodName : "uploadFile"});
 			res.statusCode = 500;
 			res.end(JSON.stringify({ info : "File write stream error."}));
 			var _this = _gthis.uploadingFilesSizes;
@@ -4429,7 +4449,7 @@ server_HttpServer.prototype = {
 			_gthis.cache.remove(name);
 		});
 		req.on("error",function(err) {
-			haxe_Log.trace("Request Error:",{ fileName : "src/server/HttpServer.hx", lineNumber : 203, className : "server.HttpServer", methodName : "uploadFile", customParams : [err]});
+			haxe_Log.trace("Request Error:",{ fileName : "src/server/HttpServer.hx", lineNumber : 208, className : "server.HttpServer", methodName : "uploadFile", customParams : [err]});
 			stream.destroy();
 			res.statusCode = 500;
 			res.end(JSON.stringify({ info : "File request error."}));
@@ -4445,8 +4465,7 @@ server_HttpServer.prototype = {
 		});
 	}
 	,getPath: function(dir,url) {
-		var filePath = dir + url.pathname;
-		filePath = decodeURIComponent(filePath.split("+").join(" "));
+		var filePath = decodeURIComponent(dir.split("+").join(" ")) + decodeURIComponent(url.pathname);
 		if(!sys_FileSystem.isDirectory(filePath)) {
 			return filePath;
 		}
diff --git a/res/client.js b/res/client.js
index 31cca3e..b320491 100644
--- a/res/client.js
+++ b/res/client.js
@@ -795,12 +795,18 @@ client_Buttons.init = function(main) {
 	};
 	window.document.querySelector("#mediaurl-upload").onclick = function(e) {
 		client_Utils.browseFile(function(buffer,name) {
-			if(name == null || name.length == 0) {
+			if(name == null) {
+				name = "";
+			}
+			var _this_r = new RegExp("[?#%/\\\\]","g".split("u").join(""));
+			name = StringTools.trim(name.replace(_this_r,""));
+			if(name.length == 0) {
 				name = "video";
 			}
+			name = window.encodeURIComponent(name);
 			var a = buffer.byteLength - 5242880;
 			var lastChunk = buffer.slice(a < 0 ? 0 : a);
-			var chunkReq = window.fetch("/upload-last-chunk",{ method : "POST", headers : { "content-name" : name, "client-name" : main.personal.name}, body : lastChunk});
+			var chunkReq = window.fetch("/upload-last-chunk",{ method : "POST", headers : { "content-name" : name}, body : lastChunk});
 			chunkReq.then(function(e) {
 				return e.json().then(function(data) {
 					if(data.errorId != null) {
@@ -813,7 +819,6 @@ client_Buttons.init = function(main) {
 			var request = new XMLHttpRequest();
 			request.open("POST","/upload",true);
 			request.setRequestHeader("content-name",name);
-			request.setRequestHeader("client-name",main.personal.name);
 			request.upload.onprogress = function(event) {
 				var ratio = 0.0;
 				if(event.lengthComputable) {
@@ -827,7 +832,7 @@ client_Buttons.init = function(main) {
 				try {
 					data = JSON.parse(request.responseText);
 				} catch( _g ) {
-					haxe_Log.trace(haxe_Exception.caught(_g),{ fileName : "src/client/Buttons.hx", lineNumber : 299, className : "client.Buttons", methodName : "init"});
+					haxe_Log.trace(haxe_Exception.caught(_g),{ fileName : "src/client/Buttons.hx", lineNumber : 300, className : "client.Buttons", methodName : "init"});
 					return;
 				}
 				if(data.errorId == null) {
@@ -3799,7 +3804,12 @@ client_players_Raw.prototype = {
 		var url = data.url;
 		var title = StringTools.trim(this.titleInput.value);
 		if(title.length == 0) {
-			var decodedUrl = decodeURIComponent(url.split("+").join(" "));
+			var decodedUrl;
+			try {
+				decodedUrl = decodeURIComponent(url.split("+").join(" "));
+			} catch( _g ) {
+				decodedUrl = url;
+			}
 			if(this.matchName.match(HxOverrides.substr(decodedUrl,decodedUrl.lastIndexOf("/") + 1,null))) {
 				title = this.matchName.matched(1);
 			} else {
diff --git a/src/client/Buttons.hx b/src/client/Buttons.hx
index 513133a..11b8f7c 100644
--- a/src/client/Buttons.hx
+++ b/src/client/Buttons.hx
@@ -248,7 +248,10 @@ class Buttons {
 
 		getEl("#mediaurl-upload").onclick = e -> {
 			Utils.browseFile((buffer, name) -> {
-				if (name == null || name.length == 0) name = "video";
+				name ??= "";
+				name = ~/[?#%\/\\]/g.replace(name, "").trim();
+				if (name.length == 0) name = "video";
+				name = (window : Dynamic).encodeURIComponent(name);
 
 				// send last chunk separately to allow server file streaming while uploading
 				final chunkSize = 1024 * 1024 * 5; // 5 MB
@@ -258,7 +261,6 @@ class Buttons {
 					method: "POST",
 					headers: {
 						"content-name": name,
-						"client-name": main.getName(),
 					},
 					body: lastChunk,
 				});
@@ -276,7 +278,6 @@ class Buttons {
 				final request = new XMLHttpRequest();
 				request.open("POST", "/upload", true);
 				request.setRequestHeader("content-name", name);
-				request.setRequestHeader("client-name", main.getName());
 
 				request.upload.onprogress = (event:ProgressEvent) -> {
 					var ratio = 0.0;
diff --git a/src/client/Utils.hx b/src/client/Utils.hx
index 9217e07..f071b76 100644
--- a/src/client/Utils.hx
+++ b/src/client/Utils.hx
@@ -4,6 +4,7 @@ import haxe.io.Mime;
 import js.Browser.document;
 import js.Browser.navigator;
 import js.Browser.window;
+import js.html.Blob;
 import js.html.Element;
 import js.html.FileReader;
 import js.html.URL;
@@ -181,7 +182,7 @@ class Utils {
 	}
 
 	public static function saveFile(name:String, mime:Mime, data:String):Void {
-		final blob = new js.html.Blob([data], {
+		final blob = new Blob([data], {
 			type: mime
 		});
 		final url = URL.createObjectURL(blob);
diff --git a/src/client/players/Raw.hx b/src/client/players/Raw.hx
index f51bd9e..5a037c3 100644
--- a/src/client/players/Raw.hx
+++ b/src/client/players/Raw.hx
@@ -54,7 +54,7 @@ class Raw implements IPlayer {
 
 		var title = titleInput.value.trim();
 		if (title.length == 0) {
-			final decodedUrl = url.urlDecode();
+			final decodedUrl = try url.urlDecode() catch (e) url;
 			final lastPart = decodedUrl.substr(decodedUrl.lastIndexOf("/") + 1);
 			if (matchName.match(lastPart)) title = matchName.matched(1);
 			else title = Lang.get("rawVideo");
diff --git a/src/server/HttpServer.hx b/src/server/HttpServer.hx
index 8f0b56e..4734815 100644
--- a/src/server/HttpServer.hx
+++ b/src/server/HttpServer.hx
@@ -113,6 +113,8 @@ class HttpServer {
 		if (hasCustomRes) {
 			final path = getPath(customDir, url);
 			if (Fs.existsSync(path)) filePath = path;
+			final ext = Path.extension(filePath).toLowerCase();
+			res.setHeader("content-type", getMimeType(ext));
 		}
 
 		if (isMediaExtension(ext)) {
@@ -133,7 +135,9 @@ class HttpServer {
 	}
 
 	function uploadFileLastChunk(req:IncomingMessage, res:ServerResponse) {
-		final name = cache.getFreeFileName(req.headers["content-name"]);
+		var fileName = try decodeURIComponent(req.headers["content-name"]) catch (e) "";
+		if (fileName.trim().length == 0) fileName = null;
+		final name = cache.getFreeFileName(fileName);
 		final filePath = cache.getFilePath(name);
 		final body:Array<Any> = [];
 		req.on("data", chunk -> body.push(chunk));
@@ -152,8 +156,9 @@ class HttpServer {
 	}
 
 	function uploadFile(req:IncomingMessage, res:ServerResponse) {
-		final name = cache.getFreeFileName(req.headers["content-name"]);
-		final clientName = req.headers["client-name"];
+		var fileName = try decodeURIComponent(req.headers["content-name"]) catch (e) "";
+		if (fileName.trim().length == 0) fileName = null;
+		final name = cache.getFreeFileName(fileName);
 		final filePath = cache.getFilePath(name);
 		final size = Std.parseInt(req.headers["content-length"]) ?? return;
 
@@ -210,8 +215,7 @@ class HttpServer {
 	}
 
 	function getPath(dir:String, url:URL):String {
-		var filePath = dir + url.pathname;
-		filePath = filePath.urlDecode();
+		final filePath = dir.urlDecode() + decodeURIComponent(url.pathname);
 		if (!FileSystem.isDirectory(filePath)) return filePath;
 		return Path.addTrailingSlash(filePath) + "index.html";
 	}
@@ -378,4 +382,8 @@ class HttpServer {
 	inline function decodeURI(data:String):String {
 		return js.Syntax.code("decodeURI({0})", data);
 	}
+
+	inline function decodeURIComponent(data:String):String {
+		return js.Syntax.code("decodeURIComponent({0})", data);
+	}
 }
diff --git a/test/tests/TestServer.hx b/test/tests/TestServer.hx
index b02bb90..f9074b3 100644
--- a/test/tests/TestServer.hx
+++ b/test/tests/TestServer.hx
@@ -22,7 +22,7 @@ class TestServer extends Test {
 		server.onServerInited = () -> {
 			final url = 'http://${server.localIp}:${server.port}';
 			request('$url/你好，世界!@$^&*)_+-=', data -> {
-				Assert.equals("File 你好，世界!@$^&*)_ -= not found.", data);
+				Assert.equals("File 你好，世界!@$^&*)_+-= not found.", data);
 			});
 			request('$url/Привет%00мир!', data -> {
 				Assert.equals("File Приветмир! not found.", data);