Skip to content

Commit

Permalink
Error 401 When Accessing Parent Folder with "+" in Name (#138)
Browse files Browse the repository at this point in the history 
* test

* fix parent

* fix parent

* fix parent
  • Loading branch information
@artgris
artgris authored Feb 13, 2024
1 parent 28c2755 commit e0ab8ec
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 46 deletions.
4 changes: 2 additions & 2 deletions Controller/ManagerController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ public function deleteAction(Request $request): RedirectResponse {
}

$this->dispatch(FileManagerEvents::POST_DELETE_FOLDER);
$queryParameters['route'] = \dirname($fileManager->getCurrentRoute());
$queryParameters['route'] = \dirname($fileManager->getRoute());
if ($queryParameters['route'] == '/') {
unset($queryParameters['route']);
}
Expand Down Expand Up @@ -409,7 +409,7 @@ private function retrieveSubDirectories(FileManager $fileManager, string $path,
'href' => $fileName ? $this->generateUrl('file_manager', $queryParameters) : $this->generateUrl('file_manager', $queryParametersRoute),
],
'state' => [
'selected' => $fileManager->getCurrentRoute() === $fileName,
'selected' => $fileManager->getRoute() === $fileName,
'opened' => true,
],
];
Expand Down
113 changes: 72 additions & 41 deletions Helpers/FileManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,29 +13,34 @@
/**
* @author Arthur Gribet <[email protected]>
*/
class FileManager {
class FileManager
{
const VIEW_THUMBNAIL = 'thumbnail';
const VIEW_LIST = 'list';

/**
* FileManager constructor.
*/
public function __construct(private array $queryParameters, private array $configuration, private RouterInterface $router, private EventDispatcherInterface $dispatcher, private string $webDir) {
public function __construct(private array $queryParameters, private array $configuration, private RouterInterface $router, private EventDispatcherInterface $dispatcher, private string $webDir)
{
// Check Security
$this->checkSecurity();
}

public function getDirName(): string {
public function getDirName(): string
{
return \dirname($this->getBasePath());
}

public function getBaseName(): string {
public function getBaseName(): string
{
return basename($this->getBasePath());
}

public function getRegex(): string {
public function getRegex(): string
{
if (isset($this->configuration['regex'])) {
return '/'.$this->configuration['regex'].'/i';
return '/' . $this->configuration['regex'] . '/i';
}

return match ($this->getType()) {
Expand All @@ -45,28 +50,29 @@ public function getRegex(): string {
};
}

public function getCurrentRoute(): ?string {
if ($this->getRoute()) {
return urldecode($this->getRoute());
}

return null;
}
// public function getCurrentRoute(): ?string {
// if ($this->getRoute()) {
// return urldecode($this->getRoute());
// }
//
// return null;
// }

public function getCurrentPath(): bool|string {
return realpath($this->getBasePath().$this->getCurrentRoute());
public function getCurrentPath(): bool|string
{
return realpath($this->getBasePath() . $this->getRoute());
}

// parent url
public function getParent(): ?string {
public function getParent(): ?string
{
$queryParentParameters = $this->queryParameters;

if ($this->getCurrentRoute()) {

$parentRoute = \dirname($this->getCurrentRoute());
if ($this->getRoute()) {

$parentRoute = \dirname($this->getRoute());
if (\DIRECTORY_SEPARATOR !== $parentRoute) {
$queryParentParameters['route'] = \dirname($this->getCurrentRoute());
$queryParentParameters['route'] = \dirname($this->getRoute());
} else {
unset($queryParentParameters['route']);
}
Expand All @@ -79,28 +85,33 @@ public function getParent(): ?string {
return null;
}

public function getImagePath(): bool|string {
public function getImagePath(): bool|string
{
$baseUrl = $this->getBaseUrl();

if ($baseUrl) {
return $baseUrl.$this->getCurrentRoute().'/';
$routePath = $this->getRoutePath();
return $baseUrl . $routePath . '/';
}

return false;
}

private function getBaseUrl(): bool|string {
private function getBaseUrl(): bool|string
{
$webPath = $this->webDir;
$dirl = new \SplFileInfo($this->getConfiguration()['dir']);
$base = $dirl->getPathname();

if (0 === mb_strpos($base, $webPath)) {
if (str_starts_with($base, $webPath)) {
return mb_substr($base, mb_strlen($webPath));
}

return false;
}

private function checkSecurity(): void {
private function checkSecurity(): void
{
if (!isset($this->configuration['dir'])) {
throw new HttpException(Response::HTTP_INTERNAL_SERVER_ERROR, 'Please define a "dir" parameter in your config.yml');
}
Expand All @@ -115,67 +126,86 @@ private function checkSecurity(): void {
$currentPath = $this->getCurrentPath();

// check Path security
if (false === $currentPath || 0 !== mb_strpos($currentPath, $this->getBasePath())) {
if (false === $currentPath || !str_starts_with($currentPath, $this->getBasePath())) {
throw new HttpException(Response::HTTP_UNAUTHORIZED, 'You are not allowed to access this folder.');
}
$event = new GenericEvent($this, ['path' => $currentPath]);
$this->dispatcher->dispatch($event, FileManagerEvents::POST_CHECK_SECURITY);

}

public function getModule(): ?string {
public function getModule(): ?string
{
return $this->getQueryParameters()['module'] ?? null;
}

public function getType(): ?string {
public function getType(): ?string
{
return $this->mergeConfAndQuery('type');
}

public function getRoute(): ?string {
public function getRoute(): ?string
{
return isset($this->getQueryParameters()['route']) && '/' !== $this->getQueryParameters()['route'] ? $this->getQueryParameters()['route'] : null;
}

public function getBasePath(): bool|string {
public function getRoutePath(): ?string
{
return implode('/', array_map('rawurlencode', explode('/', $this->getRoute())));
}

public function getBasePath(): bool|string
{
return realpath($this->getConfiguration()['dir']);
}

public function getQueryParameters(): array {
public function getQueryParameters(): array
{
return $this->queryParameters;
}

public function getRouter(): RouterInterface {
public function getRouter(): RouterInterface
{
return $this->router;
}

public function setRouter(RouterInterface $router): void {
public function setRouter(RouterInterface $router): void
{
$this->router = $router;
}

public function getConfiguration(): array {
public function getConfiguration(): array
{
return $this->configuration;
}

public function setConfiguration(array $configuration): void {
public function setConfiguration(array $configuration): void
{
$this->configuration = $configuration;
}

public function getTree(): bool {
public function getTree(): bool
{
return $this->mergeQueryAndConf('tree', true);
}

public function getView(): string {
public function getView(): string
{
return $this->mergeQueryAndConf('view', 'list');
}

public function getQueryParameter(string $parameter) {
public function getQueryParameter(string $parameter)
{
return $this->getQueryParameters()[$parameter] ?? null;
}

public function getConfigurationParameter(string $parameter) {
public function getConfigurationParameter(string $parameter)
{
return $this->getConfiguration()[$parameter] ?? null;
}

private function mergeQueryAndConf(string $parameter, $default = null) {
private function mergeQueryAndConf(string $parameter, $default = null)
{
if (null !== $this->getQueryParameter($parameter)) {
return $this->getQueryParameter($parameter);
}
Expand All @@ -186,7 +216,8 @@ private function mergeQueryAndConf(string $parameter, $default = null) {
return $default;
}

private function mergeConfAndQuery(string $parameter, $default = null) {
private function mergeConfAndQuery(string $parameter, $default = null)
{
if (null !== $this->getConfigurationParameter($parameter)) {
return $this->getConfigurationParameter($parameter);
}
Expand Down
9 changes: 6 additions & 3 deletions Service/FileTypeService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,13 @@ public function __construct(private RouterInterface $router, private Environment
}

public function preview(FileManager $fileManager, SplFileInfo $file) {

if ($fileManager->getImagePath()) {
$filePath = $fileManager->getImagePath().$file->getFilename();
$filePath = $fileManager->getImagePath().rawurlencode($file->getFilename());
} else {
$filePath = $this->router->generate(
'file_manager_file',
array_merge($fileManager->getQueryParameters(), ['fileName' => rawurlencode($file->getFilename())])
array_merge($fileManager->getQueryParameters(), ['fileName' => $file->getFilename()])
);
}
$extension = $file->getExtension();
Expand All @@ -36,10 +37,11 @@ public function preview(FileManager $fileManager, SplFileInfo $file) {
return $this->fileIcon($filePath, $extension, $size, true, $fileManager->getConfigurationParameter('twig_extension'), $fileManager->getConfigurationParameter('cachebreaker'));
}
if ('dir' === $type) {

$href = $this->router->generate(
'file_manager', array_merge(
$fileManager->getQueryParameters(),
['route' => $fileManager->getRoute().'/'.rawurlencode($file->getFilename())]
['route' => $fileManager->getRoute().'/'.$file->getFilename()]
)
);

Expand Down Expand Up @@ -67,6 +69,7 @@ public function accept($type): bool|string {
}

public function fileIcon(string $filePath,?string $extension = null, ?int $size = 75, ?bool $lazy = false, ?string $twigExtension = null, ?bool $cachebreaker = null): array {

$imageTemplate = null;

if (null === $extension) {
Expand Down

0 comments on commit e0ab8ec

Please sign in to comment.