commit 7df839c3c615fc3488e2ff1c95ac454b1ff646bf
parent ac32bdc7f13bc333b86d14d2844034d58c56c800
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Fri, 3 Mar 2023 00:11:41 -0800
refactor + doc
Diffstat:
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/pkg/database/tableUploads.go b/pkg/database/tableUploads.go
@@ -25,7 +25,9 @@ type Upload struct {
User User
}
-func (u *Upload) GetHTMLLink() string {
+// DangerouslyGetHTMLLink makes a html link using the OrigFileName
+// which is not sanitized and can be provided by the user.
+func (u *Upload) DangerouslyGetHTMLLink() string {
return `<a href="/uploads/` + u.FileName + `" rel="noopener noreferrer" target="_blank">` + u.OrigFileName + `</a>`
}
diff --git a/pkg/web/handlers/api/v1/topBarHandler.go b/pkg/web/handlers/api/v1/topBarHandler.go
@@ -1051,7 +1051,7 @@ func convertPGPMessageToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("pgp.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(pgpSuffix):]
- html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
@@ -1068,7 +1068,7 @@ func convertPGPPublicKeyToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("pgp_pkey.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(pgpPKeySuffix):]
- html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
@@ -1082,7 +1082,7 @@ func convertPGPClearsignToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("pgp_clearsign.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(pgpSignedSuffix):]
- html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
@@ -1141,7 +1141,7 @@ func convertAgeMessageToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("age.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(ageSuffix):]
- html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
