From: Art Cancro <ajc@citadel.org>
Date: Sat, 30 Sep 2023 04:55:54 +0000 (-0400)
Subject: upload.c: rename "tempfilename" to "ref"
X-Git-Tag: v997~133
X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=6e421fb58f6df8052fb30094283f8c88383cdd28;p=citadel.git

upload.c: rename "tempfilename" to "ref"

This will hopefully discourage people from trying to play stupid tricks
involving guessing the filename and trying to escape the containment.
---

diff --git a/webcit-ng/server/upload.c b/webcit-ng/server/upload.c
index 5d296626f..1d7fbf956 100644
--- a/webcit-ng/server/upload.c
+++ b/webcit-ng/server/upload.c
@@ -37,7 +37,7 @@ void upload_handler(char *name, char *filename, char *partnum, char *disp,
 
 	// Create a JSON object describing this upload
 	JsonValue *j_one_upload = NewJsonObject(HKEY(""));
-	JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("tempfilename"), tempfile, -1));
+	JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("ref"), &tempfile[strlen(tempfile)-6], -1));
 	JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("uploadfilename"), filename, -1));
 	JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("contenttype"), cbtype, -1));
 	JsonObjectAppend(j_one_upload, NewJsonNumber(HKEY("contentlength"), length));
diff --git a/webcit-ng/static/js/upload.js b/webcit-ng/static/js/upload.js
index b19d1bb31..c62d1c4f2 100644
--- a/webcit-ng/static/js/upload.js
+++ b/webcit-ng/static/js/upload.js
@@ -84,7 +84,7 @@ function upload_file(file) {
 			// Add these uploads to the displayed list
 			j_response.forEach((item) => {
 				let new_upl = document.createElement("li");
-				new_upl.innerHTML = item["tempfilename"] + " " + item["uploadfilename"] + " " + item["contenttype"] + " " + item["contentlength"];
+				new_upl.innerHTML = "Ref: " + item["ref"] + " , Filename: " + item["uploadfilename"] + " , Content-type: " + item["contenttype"] + " , Length: " + item["contentlength"];
 				document.getElementById("ctdl-upload_list").appendChild(new_upl);
 			});