From 6b576f2ffe0a09fdd4f210fa4490d7bb5fd5e1e1 Mon Sep 17 00:00:00 2001
From: Harvey Tindall <hrfee@protonmail.ch>
Date: Sun, 21 Jul 2024 17:45:36 +0100
Subject: [PATCH] announce: URL encode/decode template labels

Fixes #340, allowing slashes (/) in label names which would break the
URL otherwise.
---
 api-users.go           | 10 ++++++++--
 ts/modules/accounts.ts |  5 +++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/api-users.go b/api-users.go
index b5a47ad..8af1efc 100644
--- a/api-users.go
+++ b/api-users.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 	"time"
@@ -927,12 +928,17 @@ func (app *appContext) GetAnnounceTemplates(gc *gin.Context) {
 // @Produce json
 // @Success 200 {object} announcementTemplate
 // @Failure 400 {object} boolResponse
-// @Param name path string true "name of template"
+// @Param name path string true "name of template (url encoded if necessary)"
 // @Router /users/announce/template/{name} [get]
 // @Security Bearer
 // @tags Users
 func (app *appContext) GetAnnounceTemplate(gc *gin.Context) {
-	name := gc.Param("name")
+	escapedName := gc.Param("name")
+	name, err := url.QueryUnescape(escapedName)
+	if err != nil {
+		respondBool(400, false, gc)
+		return
+	}
 	if announcement, ok := app.storage.GetAnnouncementsKey(name); ok {
 		gc.JSON(200, announcement)
 		return
diff --git a/ts/modules/accounts.ts b/ts/modules/accounts.ts
index 2365b60..95a39e9 100644
--- a/ts/modules/accounts.ts
+++ b/ts/modules/accounts.ts
@@ -1275,8 +1275,9 @@ export class accountsList {
                 el.innerHTML = `
                 <span class="button ~neutral sm full-width accounts-announce-template-button">${name}</span><span class="button ~critical fr ml-4 accounts-announce-template-delete">&times;</span>
                 `;
+                let urlSafeName = encodeURIComponent(encodeURIComponent(name));
                 (el.querySelector("span.accounts-announce-template-button") as HTMLSpanElement).onclick = () => {
-                    _get("/users/announce/" + name, null, (req: XMLHttpRequest) => {
+                    _get("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
                         if (req.readyState == 4) {
                             let template: announcementTemplate;
                             if (req.status != 200) {
@@ -1289,7 +1290,7 @@ export class accountsList {
                     });
                 };
                 (el.querySelector("span.accounts-announce-template-delete") as HTMLSpanElement).onclick = () => {
-                    _delete("/users/announce/" + name, null, (req: XMLHttpRequest) => {
+                    _delete("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
                         if (req.readyState == 4) {
                             if (req.status != 200) {
                                 window.notifications.customError("deleteTemplateError", window.lang.notif("errorFailureCheckLogs"));