commit c07c542c3830bc897a3289eaf143e77e93e21a29
parent f2efc7f5ded979d99b6d6db16d781f215013f2ad
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Fri, 3 Mar 2023 00:19:13 -0800
cleanup
Diffstat:
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/pkg/database/tableUploads.go b/pkg/database/tableUploads.go
@@ -3,6 +3,7 @@ package database
import (
"dkforest/pkg/config"
"dkforest/pkg/utils"
+ html2 "html"
"io"
"io/ioutil"
"os"
@@ -25,10 +26,9 @@ type Upload struct {
User User
}
-// DangerouslyGetHTMLLink makes a html link using the OrigFileName
-// which is not sanitized and can be provided by the user.
-func (u *Upload) DangerouslyGetHTMLLink() string {
- return `<a href="/uploads/` + u.FileName + `" rel="noopener noreferrer" target="_blank">` + u.OrigFileName + `</a>`
+func (u *Upload) GetHTMLLink() string {
+ escapedOrigFileName := html2.EscapeString(u.OrigFileName)
+ return `<a href="/uploads/` + u.FileName + `" rel="noopener noreferrer" target="_blank">` + escapedOrigFileName + `</a>`
}
func (u *Upload) GetContent() (os.FileInfo, []byte, error) {
diff --git a/pkg/web/handlers/api/v1/topBarHandler.go b/pkg/web/handlers/api/v1/topBarHandler.go
@@ -488,8 +488,7 @@ func appendUploadLink(html string, upload *database.Upload) string {
if html != "" {
html += " "
}
- escapedOrigFileName := html2.EscapeString(upload.OrigFileName)
- html += `[<a href="/uploads/` + upload.FileName + `" rel="noopener noreferrer" target="_blank">` + escapedOrigFileName + `</a>]`
+ html += `[` + upload.GetHTMLLink() + `]`
}
return html
}
@@ -1051,7 +1050,7 @@ func convertPGPMessageToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("pgp.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(pgpSuffix):]
- html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
@@ -1068,7 +1067,7 @@ func convertPGPPublicKeyToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("pgp_pkey.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(pgpPKeySuffix):]
- html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
@@ -1082,7 +1081,7 @@ func convertPGPClearsignToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("pgp_clearsign.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(pgpSignedSuffix):]
- html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
@@ -1141,7 +1140,7 @@ func convertAgeMessageToFile(html string, authUserID database.UserID) string {
upload, _ := database.CreateUpload("age.txt", []byte(tmp), authUserID)
msgBefore := html[0:startIdx]
msgAfter := html[endIdx+len(ageSuffix):]
- html = msgBefore + ` [` + upload.DangerouslyGetHTMLLink() + `] ` + msgAfter
+ html = msgBefore + ` [` + upload.GetHTMLLink() + `] ` + msgAfter
html = strings.TrimSpace(html)
}
return html
