announce: URL encode/decode template labels

Fixes #340, allowing slashes (/) in label names which would break the URL otherwise.
2024-12-22 09:00:10 +00:00 · 2024-07-21 17:45:36 +01:00 · 2024-07-21 17:45:36 +01:00 · 6b576f2ffe
commit 6b576f2ffe
parent 7c989fda08
2 changed files with 11 additions and 4 deletions
--- a/api-users.go
+++ b/api-users.go
@ -2,6 +2,7 @@ package main

 import (
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 	"time"
@ -927,12 +928,17 @@ func (app *appContext) GetAnnounceTemplates(gc *gin.Context) {
 // @Produce json
 // @Success 200 {object} announcementTemplate
 // @Failure 400 {object} boolResponse
-// @Param name path string true "name of template"
+// @Param name path string true "name of template (url encoded if necessary)"
 // @Router /users/announce/template/{name} [get]
 // @Security Bearer
 // @tags Users
 func (app *appContext) GetAnnounceTemplate(gc *gin.Context) {
-	name := gc.Param("name")
+	escapedName := gc.Param("name")
+	name, err := url.QueryUnescape(escapedName)
+	if err != nil {
+		respondBool(400, false, gc)
+		return
+	}
 	if announcement, ok := app.storage.GetAnnouncementsKey(name); ok {
 		gc.JSON(200, announcement)
 		return
--- a/ts/modules/accounts.ts
+++ b/ts/modules/accounts.ts
@ -1275,8 +1275,9 @@ export class accountsList {
                el.innerHTML = `
                <span class="button ~neutral sm full-width accounts-announce-template-button">${name}</span><span class="button ~critical fr ml-4 accounts-announce-template-delete">&times;</span>
                `;
+                let urlSafeName = encodeURIComponent(encodeURIComponent(name));
                (el.querySelector("span.accounts-announce-template-button") as HTMLSpanElement).onclick = () => {
-                    _get("/users/announce/" + name, null, (req: XMLHttpRequest) => {
+                    _get("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
                        if (req.readyState == 4) {
                            let template: announcementTemplate;
                            if (req.status != 200) {
@ -1289,7 +1290,7 @@ export class accountsList {
                    });
                };
                (el.querySelector("span.accounts-announce-template-delete") as HTMLSpanElement).onclick = () => {
-                    _delete("/users/announce/" + name, null, (req: XMLHttpRequest) => {
+                    _delete("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
                        if (req.readyState == 4) {
                            if (req.status != 200) {
                                window.notifications.customError("deleteTemplateError", window.lang.notif("errorFailureCheckLogs"));