actix/actix-web
1
0
Fork 0
mirror of https://github.com/fafhrd91/actix-web synced 2025-01-18 13:51:50 +01:00
Code Issues Releases Wiki Activity

Properly escape special characters in fs/directory_listing. (#355)

Browse Source
This commit is contained in:
Gowee 2018-06-30 20:01:48 +08:00 committed by Douman
parent 0f27389e72
commit 0be5448597
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@ -57,6 +57,7 @@ base64 = "0.9"
bitflags = "1.0" bitflags = "1.0"
failure = "0.1.1" failure = "0.1.1"
h2 = "0.1" h2 = "0.1"
htmlescape = "0.3"
http = "^0.1.5" http = "^0.1.5"
httparse = "1.2" httparse = "1.2"
log = "0.4" log = "0.4"

11
src/fs.rs
View File

@ -15,6 +15,8 @@ use futures::{Async, Future, Poll, Stream};
use futures_cpupool::{CpuFuture, CpuPool}; use futures_cpupool::{CpuFuture, CpuPool};
use mime; use mime;
use mime_guess::{get_mime_type, guess_mime_type}; use mime_guess::{get_mime_type, guess_mime_type};
use percent_encoding::{utf8_percent_encode, DEFAULT_ENCODE_SET};
use htmlescape::encode_minimal as escape_html_entity;
use error::Error; use error::Error;
use handler::{AsyncResult, Handler, Responder, RouteHandler, WrapHandler}; use handler::{AsyncResult, Handler, Responder, RouteHandler, WrapHandler};
@ -505,7 +507,10 @@ fn directory_listing<S>(
Err(_) => continue, Err(_) => continue,
}; };
// show file url as relative to static path // show file url as relative to static path
let file_url = format!("{}", p.to_string_lossy()); let file_url = utf8_percent_encode(&p.to_string_lossy(), DEFAULT_ENCODE_SET)
.to_string();
// " -- &quot; & -- &amp; ' -- &#x27; < -- &lt; > -- &gt;
let file_name = escape_html_entity(&entry.file_name().to_string_lossy());
// if file is a directory, add '/' to the end of the name // if file is a directory, add '/' to the end of the name
if let Ok(metadata) = entry.metadata() { if let Ok(metadata) = entry.metadata() {
@ -514,14 +519,14 @@ fn directory_listing<S>(
body, body,
"<li><a href=\"{}\">{}/</a></li>", "<li><a href=\"{}\">{}/</a></li>",
file_url, file_url,
entry.file_name().to_string_lossy() file_name
); );
} else { } else {
let _ = write!( let _ = write!(
body, body,
"<li><a href=\"{}\">{}</a></li>", "<li><a href=\"{}\">{}</a></li>",
file_url, file_url,
entry.file_name().to_string_lossy() file_name
); );
} }
} else { } else {

1
src/lib.rs
View File

@ -103,6 +103,7 @@ extern crate lazy_static;
extern crate futures; extern crate futures;
extern crate cookie; extern crate cookie;
extern crate futures_cpupool; extern crate futures_cpupool;
extern crate htmlescape;
extern crate http as modhttp; extern crate http as modhttp;
extern crate httparse; extern crate httparse;
extern crate language_tags; extern crate language_tags;