Attachments now download with the appropriate filename.

This was accomplished by disregarding any REST components to the right of
the part number, allowing the filename to be placed there.  The filename is
sanitized to prevent script injection.

diff --git a/webcit-ng/api.txt b/webcit-ng/api.txt
index 67e13b4a2893255f54d0cdce4f4993ecdf451295..3182f4c20bcf8e4e3e3e415afa2b6794f3078395 100644 (file)
--- a/webcit-ng/api.txt
+++ b/webcit-ng/api.txt
@@ -13,6 +13,7 @@ GET             /ctdl/r/ROOMNAME/mailbox        JSON dictionary of a mailbox sum
 GET             /ctdl/r/ROOMNAME/stat           JSON dictionary of the server STAT command (room name and modification time)
 GET             /ctdl/r/ROOMNAME/MSGNUM         Retrieve the content of an individual message
 GET             /ctdl/r/ROOMNAME/MSGNUM/json    Retrieve an individual message in a room, encapsulated in JSON
+GET             /ctdl/r/ROOMNAME/MSGNUM/<part>  Retrieve a MIME component of a message, specified by partnum
 DELETE          /ctdl/r/ROOMNAME/MSGNUM         Deletes a message from a room
 MOVE            /ctdl/r/ROOMNAME/MSGNUM         Moves a message to another room (requires Destination)
 

diff --git a/webcit-ng/server/room_functions.c b/webcit-ng/server/room_functions.c
index 92ed577e874ef54516b8943a632306bb121b71a4..1b5d9335b2665f4d9e0dc806b9ac1ba04a5fad8d 100644 (file)
--- a/webcit-ng/server/room_functions.c
+++ b/webcit-ng/server/room_functions.c
@@ -262,7 +262,7 @@ void object_in_room(struct http_transaction *h, struct ctdlsession *c) {
        // A sixth component in the URL can be one of two things:
        // (1) a MIME part specifier, in which case the client wants to download that component within the message
        // (2) a content-type, in which ase the client wants us to try to render it a certain way
-       if (num_tokens(h->url, '/') == 6) {
+       if (num_tokens(h->url, '/') >= 6) {
                extract_token(buf, h->url, 5, '/', sizeof buf);
                if (!IsEmptyStr(buf)) {
                        if (!strcasecmp(buf, "json")) {
@@ -679,7 +679,7 @@ void ctdl_r(struct http_transaction *h, struct ctdlsession *c) {
                }
                return;
        }
-       if (num_tokens(h->url, '/') == 6) {
+       if (num_tokens(h->url, '/') >= 6) {
                object_in_room(h, c);   //      /ctdl/r/roomname/object/ or possibly /ctdl/r/roomname/object/component
                return;
        }

diff --git a/webcit-ng/static/js/view_mail.js b/webcit-ng/static/js/view_mail.js
index 0c7052cb7617da8d1fe7cbd2930b5b002169233c..0b6cf8ce4a87b23c05b43a81d1ec1962c23238ae 100644 (file)
--- a/webcit-ng/static/js/view_mail.js
+++ b/webcit-ng/static/js/view_mail.js
@@ -217,7 +217,7 @@ function mail_render_one(msgnum, msg, target_div, include_controls) {
                                        }
                                        display_attachments += 1;
                                        outmsg += "<li>"
-                                               + "<a href=\"/ctdl/r/" + escapeHTMLURI(current_room) + "/" + msgnum + "/" + msg.part[r].partnum + "\">"
+                                               + "<a href=\"/ctdl/r/" + escapeHTMLURI(current_room) + "/" + msgnum + "/" + msg.part[r].partnum + "/" + escapeHTMLURI(msg.part[r].filename) + "\">"
                                                + "<i class=\"fa fa-paperclip\"></i>&nbsp;" + msg.part[r].partnum + ": " + msg.part[r].filename
                                                + " (" + msg.part[r].len + " " + _("bytes") + ")"
                                                + "</a>"