This was accomplished by disregarding any REST components to the right of
the part number, allowing the filename to be placed there. The filename is
sanitized to prevent script injection.
GET /ctdl/r/ROOMNAME/stat JSON dictionary of the server STAT command (room name and modification time)
GET /ctdl/r/ROOMNAME/MSGNUM Retrieve the content of an individual message
GET /ctdl/r/ROOMNAME/MSGNUM/json Retrieve an individual message in a room, encapsulated in JSON
GET /ctdl/r/ROOMNAME/stat JSON dictionary of the server STAT command (room name and modification time)
GET /ctdl/r/ROOMNAME/MSGNUM Retrieve the content of an individual message
GET /ctdl/r/ROOMNAME/MSGNUM/json Retrieve an individual message in a room, encapsulated in JSON
+GET /ctdl/r/ROOMNAME/MSGNUM/<part> Retrieve a MIME component of a message, specified by partnum
DELETE /ctdl/r/ROOMNAME/MSGNUM Deletes a message from a room
MOVE /ctdl/r/ROOMNAME/MSGNUM Moves a message to another room (requires Destination)
DELETE /ctdl/r/ROOMNAME/MSGNUM Deletes a message from a room
MOVE /ctdl/r/ROOMNAME/MSGNUM Moves a message to another room (requires Destination)
// A sixth component in the URL can be one of two things:
// (1) a MIME part specifier, in which case the client wants to download that component within the message
// (2) a content-type, in which ase the client wants us to try to render it a certain way
// A sixth component in the URL can be one of two things:
// (1) a MIME part specifier, in which case the client wants to download that component within the message
// (2) a content-type, in which ase the client wants us to try to render it a certain way
- if (num_tokens(h->url, '/') == 6) {
+ if (num_tokens(h->url, '/') >= 6) {
extract_token(buf, h->url, 5, '/', sizeof buf);
if (!IsEmptyStr(buf)) {
if (!strcasecmp(buf, "json")) {
extract_token(buf, h->url, 5, '/', sizeof buf);
if (!IsEmptyStr(buf)) {
if (!strcasecmp(buf, "json")) {
- if (num_tokens(h->url, '/') == 6) {
+ if (num_tokens(h->url, '/') >= 6) {
object_in_room(h, c); // /ctdl/r/roomname/object/ or possibly /ctdl/r/roomname/object/component
return;
}
object_in_room(h, c); // /ctdl/r/roomname/object/ or possibly /ctdl/r/roomname/object/component
return;
}
}
display_attachments += 1;
outmsg += "<li>"
}
display_attachments += 1;
outmsg += "<li>"
- + "<a href=\"/ctdl/r/" + escapeHTMLURI(current_room) + "/" + msgnum + "/" + msg.part[r].partnum + "\">"
+ + "<a href=\"/ctdl/r/" + escapeHTMLURI(current_room) + "/" + msgnum + "/" + msg.part[r].partnum + "/" + escapeHTMLURI(msg.part[r].filename) + "\">"
+ "<i class=\"fa fa-paperclip\"></i> " + msg.part[r].partnum + ": " + msg.part[r].filename
+ " (" + msg.part[r].len + " " + _("bytes") + ")"
+ "</a>"
+ "<i class=\"fa fa-paperclip\"></i> " + msg.part[r].partnum + ": " + msg.part[r].filename
+ " (" + msg.part[r].len + " " + _("bytes") + ")"
+ "</a>"