hrfee/jfa-go
1
0
Fork 0
mirror of https://github.com/hrfee/jfa-go.git synced 2024-12-22 09:00:10 +00:00
Code Issues Projects Releases Wiki Activity

announce: URL encode/decode template labels

Browse Source 
Fixes #340, allowing slashes (/) in label names which would break the
URL otherwise.
This commit is contained in:
Harvey Tindall 2024-07-21 17:45:36 +01:00
parent 7c989fda08
commit 6b576f2ffe
Signed by: hrfee
GPG Key ID: BBC65952848FB1A2
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api-users.go
View File

@ -2,6 +2,7 @@ package main
import ( import (
"fmt" "fmt"
"net/url"
"os" "os"
"strings" "strings"
"time" "time"
@ -927,12 +928,17 @@ func (app *appContext) GetAnnounceTemplates(gc *gin.Context) {
// @Produce json // @Produce json
// @Success 200 {object} announcementTemplate // @Success 200 {object} announcementTemplate
// @Failure 400 {object} boolResponse // @Failure 400 {object} boolResponse
// @Param name path string true "name of template" // @Param name path string true "name of template (url encoded if necessary)"
// @Router /users/announce/template/{name} [get] // @Router /users/announce/template/{name} [get]
// @Security Bearer // @Security Bearer
// @tags Users // @tags Users
func (app *appContext) GetAnnounceTemplate(gc *gin.Context) { func (app *appContext) GetAnnounceTemplate(gc *gin.Context) {
name := gc.Param("name") escapedName := gc.Param("name")
name, err := url.QueryUnescape(escapedName)
if err != nil {
respondBool(400, false, gc)
return
}
if announcement, ok := app.storage.GetAnnouncementsKey(name); ok { if announcement, ok := app.storage.GetAnnouncementsKey(name); ok {
gc.JSON(200, announcement) gc.JSON(200, announcement)
return return

5
ts/modules/accounts.ts
View File

@ -1275,8 +1275,9 @@ export class accountsList {
el.innerHTML = ` el.innerHTML = `
<span class="button ~neutral sm full-width accounts-announce-template-button">${name}</span><span class="button ~critical fr ml-4 accounts-announce-template-delete">&times;</span> <span class="button ~neutral sm full-width accounts-announce-template-button">${name}</span><span class="button ~critical fr ml-4 accounts-announce-template-delete">&times;</span>
`; `;
let urlSafeName = encodeURIComponent(encodeURIComponent(name));
(el.querySelector("span.accounts-announce-template-button") as HTMLSpanElement).onclick = () => { (el.querySelector("span.accounts-announce-template-button") as HTMLSpanElement).onclick = () => {
_get("/users/announce/" + name, null, (req: XMLHttpRequest) => { _get("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
if (req.readyState == 4) { if (req.readyState == 4) {
let template: announcementTemplate; let template: announcementTemplate;
if (req.status != 200) { if (req.status != 200) {
@ -1289,7 +1290,7 @@ export class accountsList {
}); });
}; };
(el.querySelector("span.accounts-announce-template-delete") as HTMLSpanElement).onclick = () => { (el.querySelector("span.accounts-announce-template-delete") as HTMLSpanElement).onclick = () => {
_delete("/users/announce/" + name, null, (req: XMLHttpRequest) => { _delete("/users/announce/" + urlSafeName, null, (req: XMLHttpRequest) => {
if (req.readyState == 4) { if (req.readyState == 4) {
if (req.status != 200) { if (req.status != 200) {
window.notifications.customError("deleteTemplateError", window.lang.notif("errorFailureCheckLogs")); window.notifications.customError("deleteTemplateError", window.lang.notif("errorFailureCheckLogs"));