mirrors
/
Tasmota
mirror of https://github.com/arendst/Tasmota.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15883 from s-hadinger/filesystem_escape 

Filesystem escape special chars
This commit is contained in:
Theo Arends 2022-06-28 08:38:34 +02:00 committed by GitHub
parent 68b912a4ba dc6aeb94c2
commit e311bb045a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 86 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
tasmota/tasmota_support/support.ino
View File

@ -2733,6 +2733,54 @@ void AddLogSpi(bool hardware, uint32_t clk, uint32_t mosi, uint32_t miso) {
}
}
/*********************************************************************************************\
* HTML and URL encode
\*********************************************************************************************/
const char kUnescapeCode[] = "&><\"\'\\";
const char kEscapeCode[] PROGMEM = "&amp;|&gt;|&lt;|&quot;|&apos;|&#92;";
String HtmlEscape(const String unescaped) {
char escaped[10];
size_t ulen = unescaped.length();
String result;
result.reserve(ulen); // pre-reserve the required space to avoid mutiple reallocations
for (size_t i = 0; i < ulen; i++) {
char c = unescaped[i];
char *p = strchr(kUnescapeCode, c);
if (p != nullptr) {
result += GetTextIndexed(escaped, sizeof(escaped), p - kUnescapeCode, kEscapeCode);
} else {
result += c;
}
}
return result;
}
String UrlEscape(const char *unescaped) {
static const char *hex = "0123456789ABCDEF";
String result;
result.reserve(strlen(unescaped));
while (*unescaped != '\0') {
if (('a' <= *unescaped && *unescaped <= 'z') ||
('A' <= *unescaped && *unescaped <= 'Z') ||
('0' <= *unescaped && *unescaped <= '9') ||
*unescaped == '-' || *unescaped == '_' || *unescaped == '.' || *unescaped == '~')
{
result += *unescaped;
}
else
{
result += '%';
result += hex[*unescaped >> 4];
result += hex[*unescaped & 0xf];
}
unescaped++;
}
return result;
}
/*********************************************************************************************\
* Uncompress static PROGMEM strings
\*********************************************************************************************/

19
tasmota/tasmota_xdrv_driver/xdrv_01_9_webserver.ino
View File

@ -2325,25 +2325,6 @@ void HandleRestoreConfiguration(void)
#ifndef FIRMWARE_MINIMAL_ONLY
const char kUnescapeCode[] = "&><\"\'\\";
const char kEscapeCode[] PROGMEM = "&amp;|&gt;|&lt;|&quot;|&apos;|&#92;";
String HtmlEscape(const String unescaped) {
char escaped[10];
size_t ulen = unescaped.length();
String result = "";
for (size_t i = 0; i < ulen; i++) {
char c = unescaped[i];
char *p = strchr(kUnescapeCode, c);
if (p != nullptr) {
result += GetTextIndexed(escaped, sizeof(escaped), p - kUnescapeCode, kEscapeCode);
} else {
result += c;
}
}
return result;
}
void HandleInformation(void)
{
if (!HttpCheckPriviledgedAccess()) { return; }

73
tasmota/tasmota_xdrv_driver/xdrv_50_filesystem.ino
View File

@ -790,44 +790,47 @@ void UfsListDir(char *path, uint8_t depth) {
if (!hiddable || !isSDC() ) {
for (uint8_t cnt = 0; cnt<depth; cnt++) {
*cp++ = '-';
}
sprintf(cp, format, ep);
if (entry.isDirectory()) {
ext_snprintf_P(npath, sizeof(npath), UFS_FORM_SDC_HREF, pp, ep);
WSContentSend_P(UFS_FORM_SDC_DIRd, npath, ep, name);
uint8_t plen = strlen(path);
if (plen > 1) {
strcat(path, "/");
for (uint8_t cnt = 0; cnt<depth; cnt++) {
*cp++ = '-';
}
strcat(path, ep);
UfsListDir(path, depth + 4);
path[plen] = 0;
} else {
#ifdef GUI_TRASH_FILE
char delpath[128];
ext_snprintf_P(delpath, sizeof(delpath), UFS_FORM_SDC_HREFdel, pp, ep);
#else
char delpath[2];
delpath[0]=0;
#endif // GUI_TRASH_FILE
#ifdef GUI_EDIT_FILE
char editpath[128];
ext_snprintf_P(editpath, sizeof(editpath), UFS_FORM_SDC_HREFedit, pp, ep);
#else
char editpath[2];
editpath[0]=0;
#endif // GUI_TRASH_FILE
ext_snprintf_P(npath, sizeof(npath), UFS_FORM_SDC_HREF, pp, ep);
WSContentSend_P(UFS_FORM_SDC_DIRb, hiddable ? UFS_FORM_SDC_DIR_HIDDABLE : UFS_FORM_SDC_DIR_NORMAL, npath, ep, name, tstr.c_str(), entry.size(), delpath, editpath);
String pp_escaped_string = UrlEscape(pp);
String ep_escaped_string = UrlEscape(ep);
const char* ppe = pp_escaped_string.c_str(); // this can't be merged on a single line otherwise the String object can be freed
const char* epe = ep_escaped_string.c_str();
sprintf(cp, format, ep);
if (entry.isDirectory()) {
ext_snprintf_P(npath, sizeof(npath), UFS_FORM_SDC_HREF, ppe, epe);
WSContentSend_P(UFS_FORM_SDC_DIRd, npath, ep, name);
uint8_t plen = strlen(path);
if (plen > 1) {
strcat(path, "/");
}
strcat(path, ep);
UfsListDir(path, depth + 4);
path[plen] = 0;
} else {
#ifdef GUI_TRASH_FILE
char delpath[128];
ext_snprintf_P(delpath, sizeof(delpath), UFS_FORM_SDC_HREFdel, ppe, epe);
#else
char delpath[2];
delpath[0]=0;
#endif // GUI_TRASH_FILE
#ifdef GUI_EDIT_FILE
char editpath[128];
ext_snprintf_P(editpath, sizeof(editpath), UFS_FORM_SDC_HREFedit, ppe, epe);
#else
char editpath[2];
editpath[0]=0;
#endif // GUI_TRASH_FILE
ext_snprintf_P(npath, sizeof(npath), UFS_FORM_SDC_HREF, ppe, epe);
WSContentSend_P(UFS_FORM_SDC_DIRb, hiddable ? UFS_FORM_SDC_DIR_HIDDABLE : UFS_FORM_SDC_DIR_NORMAL, npath, epe,
HtmlEscape(name).c_str(), tstr.c_str(), entry.size(), delpath, editpath);
}
entry.close();
}
entry.close();
}
}
dir.close();
}
}