projects / citadel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8858ddf)
upload.c: rename "tempfilename" to "ref"
authorArt Cancro <ajc@citadel.org>
Sat, 30 Sep 2023 04:55:54 +0000 (00:55 -0400)
committerArt Cancro <ajc@citadel.org>
Sat, 30 Sep 2023 04:55:54 +0000 (00:55 -0400)
This will hopefully discourage people from trying to play stupid tricks
involving guessing the filename and trying to escape the containment.

webcit-ng/server/upload.c patch | blob | history
webcit-ng/static/js/upload.js patch | blob | history

diff --git a/webcit-ng/server/upload.c b/webcit-ng/server/upload.c
index 5d296626fd437c283abfe051028d317042afe661..1d7fbf95676ae64710160d03b7753ccb4a3acd41 100644 (file)
--- a/webcit-ng/server/upload.c
+++ b/webcit-ng/server/upload.c
@@ -37,7 +37,7 @@ void upload_handler(char *name, char *filename, char *partnum, char *disp,
 
        // Create a JSON object describing this upload
        JsonValue *j_one_upload = NewJsonObject(HKEY(""));
-       JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("tempfilename"), tempfile, -1));
+       JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("ref"), &tempfile[strlen(tempfile)-6], -1));
        JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("uploadfilename"), filename, -1));
        JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("contenttype"), cbtype, -1));
        JsonObjectAppend(j_one_upload, NewJsonNumber(HKEY("contentlength"), length));
diff --git a/webcit-ng/static/js/upload.js b/webcit-ng/static/js/upload.js
index b19d1bb3159660490a50a4749b0fbc128357de94..c62d1c4f212b2edb9db7365e719d3d4add82167a 100644 (file)
--- a/webcit-ng/static/js/upload.js
+++ b/webcit-ng/static/js/upload.js
@@ -84,7 +84,7 @@ function upload_file(file) {
                        // Add these uploads to the displayed list
                        j_response.forEach((item) => {
                                let new_upl = document.createElement("li");
-                               new_upl.innerHTML = item["tempfilename"] + " " + item["uploadfilename"] + " " + item["contenttype"] + " " + item["contentlength"];
+                               new_upl.innerHTML = "Ref: " + item["ref"] + " , Filename: " + item["uploadfilename"] + " , Content-type: " + item["contenttype"] + " , Length: " + item["contentlength"];
                                document.getElementById("ctdl-upload_list").appendChild(new_upl);
                        });
 
Citadel server, clients, utilities