From c2ac0b3ac4f6bb51ee20ca60cdc1f0ddf2235436 Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Tue, 19 Sep 2023 16:26:13 -0400 Subject: [PATCH] Attachments now download with the appropriate filename. This was accomplished by disregarding any REST components to the right of the part number, allowing the filename to be placed there. The filename is sanitized to prevent script injection. --- webcit-ng/api.txt | 1 + webcit-ng/server/room_functions.c | 4 ++-- webcit-ng/static/js/view_mail.js | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/webcit-ng/api.txt b/webcit-ng/api.txt index 67e13b4a2..3182f4c20 100644 --- a/webcit-ng/api.txt +++ b/webcit-ng/api.txt @@ -13,6 +13,7 @@ GET /ctdl/r/ROOMNAME/mailbox JSON dictionary of a mailbox sum GET /ctdl/r/ROOMNAME/stat JSON dictionary of the server STAT command (room name and modification time) GET /ctdl/r/ROOMNAME/MSGNUM Retrieve the content of an individual message GET /ctdl/r/ROOMNAME/MSGNUM/json Retrieve an individual message in a room, encapsulated in JSON +GET /ctdl/r/ROOMNAME/MSGNUM/ Retrieve a MIME component of a message, specified by partnum DELETE /ctdl/r/ROOMNAME/MSGNUM Deletes a message from a room MOVE /ctdl/r/ROOMNAME/MSGNUM Moves a message to another room (requires Destination) diff --git a/webcit-ng/server/room_functions.c b/webcit-ng/server/room_functions.c index 92ed577e8..1b5d9335b 100644 --- a/webcit-ng/server/room_functions.c +++ b/webcit-ng/server/room_functions.c @@ -262,7 +262,7 @@ void object_in_room(struct http_transaction *h, struct ctdlsession *c) { // A sixth component in the URL can be one of two things: // (1) a MIME part specifier, in which case the client wants to download that component within the message // (2) a content-type, in which ase the client wants us to try to render it a certain way - if (num_tokens(h->url, '/') == 6) { + if (num_tokens(h->url, '/') >= 6) { extract_token(buf, h->url, 5, '/', sizeof buf); if (!IsEmptyStr(buf)) { if (!strcasecmp(buf, "json")) { @@ -679,7 +679,7 @@ void ctdl_r(struct http_transaction *h, struct ctdlsession *c) { } return; } - if (num_tokens(h->url, '/') == 6) { + if (num_tokens(h->url, '/') >= 6) { object_in_room(h, c); // /ctdl/r/roomname/object/ or possibly /ctdl/r/roomname/object/component return; } diff --git a/webcit-ng/static/js/view_mail.js b/webcit-ng/static/js/view_mail.js index 0c7052cb7..0b6cf8ce4 100644 --- a/webcit-ng/static/js/view_mail.js +++ b/webcit-ng/static/js/view_mail.js @@ -217,7 +217,7 @@ function mail_render_one(msgnum, msg, target_div, include_controls) { } display_attachments += 1; outmsg += "
  • " - + "" + + "" + " " + msg.part[r].partnum + ": " + msg.part[r].filename + " (" + msg.part[r].len + " " + _("bytes") + ")" + "" -- 2.39.2