Add some missing escaping

2026-02-03 06:03:28 +00:00 · 2017-05-31 14:43:10 -07:00
parent 0d1f01d511
commit 06752583db
17 changed files with 26 additions and 25 deletions
--- a/filemin/bookmark.cgi
+++ b/filemin/bookmark.cgi
@@ -15,4 +15,4 @@ $bookmarks = &read_file_lines($confdir.'/.bookmarks');
 push @$bookmarks, $path;
 &flush_file_lines("$confdir/.bookmarks");

-&redirect("index.cgi?path=$path");
+&redirect("index.cgi?path=".&urlize($path));
--- a/filemin/chattr.cgi
+++ b/filemin/chattr.cgi
@@ -43,6 +43,6 @@ else {
        print_errors(@errors);
    }
    else {
-        &redirect("index.cgi?path=$path");
+	&redirect("index.cgi?path=".&urlize($path));
    }
 }
--- a/filemin/chcon.cgi
+++ b/filemin/chcon.cgi
@@ -42,6 +42,6 @@ else {
        print_errors(@errors);
    }
    else {
-        &redirect("index.cgi?path=$path");
+	&redirect("index.cgi?path=".&urlize($path));
    }
 }
--- a/filemin/chmod.cgi
+++ b/filemin/chmod.cgi
@@ -74,5 +74,5 @@ if($in{'applyto'} eq '5') {
 if (scalar(@errors) > 0) {
    print_errors(@errors);
 } else {
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }
--- a/filemin/chown.cgi
+++ b/filemin/chown.cgi
@@ -7,7 +7,7 @@ require './filemin-lib.pl';
 get_paths();

 if(!$in{'owner'} or !$in{'group'}) {
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }

 (my $login, my $pass, my $uid, my $gid) = getpwnam($in{'owner'});
@@ -37,6 +37,6 @@ if (scalar(@errors) > 0) {
    if (scalar(@errors) > 0) {
        print_errors(@errors);
    } else {
-        &redirect("index.cgi?path=$path");
+        &redirect("index.cgi?path=".&urlize($path));
    }
 }
--- a/filemin/compress.cgi
+++ b/filemin/compress.cgi
@@ -5,7 +5,7 @@ require './filemin-lib.pl';
 get_paths();

 if(!$in{'arch'}) {
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }

 my $command;
@@ -26,4 +26,4 @@ foreach my $name(split(/\0/, $in{'name'}))

 system_logged($command);

-&redirect("index.cgi?path=$path");
+&redirect("index.cgi?path=".&urlize($path));
--- a/filemin/config.cgi
+++ b/filemin/config.cgi
@@ -46,4 +46,4 @@ print &ui_hidden('path', $path);

 print &ui_form_end([ [ save, $text{'save'} ] ]);

-&ui_print_footer("index.cgi?path=$path", $text{'previous_page'});
+&ui_print_footer("index.cgi?path=".&urlize($path), $text{'previous_page'});
--- a/filemin/copy.cgi
+++ b/filemin/copy.cgi
@@ -16,4 +16,4 @@ foreach $name (split(/\0/, $in{'name'})) {

 close($fh);

-&redirect("index.cgi?path=$path");
+&redirect("index.cgi?path=".&urlize($path));
--- a/filemin/cut.cgi
+++ b/filemin/cut.cgi
@@ -16,4 +16,4 @@ foreach $name (split(/\0/, $in{'name'})) {

 close($fh);

-&redirect("index.cgi?path=$path");
+&redirect("index.cgi?path=".&urlize($path));
--- a/filemin/delete.cgi
+++ b/filemin/delete.cgi
@@ -16,5 +16,5 @@ foreach $name (split(/\0/, $in{'name'})) {
 if (scalar(@errors) > 0) {
    print_errors(@errors);
 } else {
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }
--- a/filemin/edit_file.cgi
+++ b/filemin/edit_file.cgi
@@ -55,4 +55,4 @@ print "<script type='text/javascript'>\$(document).ready( function() { change('"
  . $in{'file'}
  . "'); });</script>";

-&ui_print_footer( "index.cgi?path=$path", $text{'previous_page'} );
+&ui_print_footer( "index.cgi?path=".&urlize($path), $text{'previous_page'} );
--- a/filemin/extract.cgi
+++ b/filemin/extract.cgi
@@ -13,7 +13,7 @@ $archive_type = mimetype($cwd.'/'.$in{'file'});

 if ( index( $archive_type, "x-bzip" ) != -1 ) {
    &backquote_logged( "tar xvjfp " . quotemeta("$cwd/$in{'file'}") . " -C " . quotemeta($cwd) );
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }
 elsif (index( $archive_type, "x-tar" ) != -1
    || index( $archive_type, "/gzip" ) != -1
@@ -21,19 +21,19 @@ elsif (index( $archive_type, "x-tar" ) != -1
    || index( $archive_type, "x-compressed-tar" ) != -1 )
 {
    &backquote_logged( "tar xfp " . quotemeta("$cwd/$in{'file'}") . " -C " . quotemeta($cwd) );
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }
 elsif ( index( $archive_type, "x-7z" ) != -1 ) {
    &backquote_logged( "7z x " . quotemeta("$cwd/$in{'file'}") . " -o" . quotemeta($cwd) );
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }
 elsif ( index( $archive_type, "/zip" ) != -1 ) {
    &backquote_logged( "unzip " . quotemeta("$cwd/$in{'file'}") . " -d " . quotemeta($cwd) );
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }
 elsif ( index( $archive_type, "/x-rar" ) != -1 ) {
    &backquote_logged( "unrar x -r -y " . quotemeta("$cwd/$in{'file'}") . " " . quotemeta($cwd) );
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 }
 elsif ( index( $archive_type, "/x-rpm" ) != -1 || index( $archive_type, "/x-deb" ) != -1 ) {
    my $dir = fileparse( "$cwd/$name", qr/\.[^.]*/ );
--- a/filemin/paste.cgi
+++ b/filemin/paste.cgi
@@ -40,6 +40,6 @@ if ($cwd eq $from) {
    if (scalar(@errors) > 0) {
        print_errors(@errors);
    } else {
-        &redirect("index.cgi?path=$path");
+        &redirect("index.cgi?path=".&urlize($path));
    }
 }
--- a/filemin/rename.cgi
+++ b/filemin/rename.cgi
@@ -4,7 +4,7 @@ require './filemin-lib.pl';
 &ReadParse();

 if(!$in{'name'}) {
-    &redirect("index.cgi?path=$path");
+	&redirect("index.cgi?path=".&urlize($path));
 }

 get_paths();
@@ -12,7 +12,7 @@ if (-e "$cwd/$in{'name'}") {
    print_errors("$in{'name'} $text{'error_exists'}");
 } else {
    if(&rename_file($cwd.'/'.$in{'file'}, $cwd.'/'.$in{'name'})) {
-        &redirect("index.cgi?path=$path");
+	&redirect("index.cgi?path=".&urlize($path));
    } else {
        print_errors("$text{'error_rename'} $in{'file'}: $!");
    }
--- a/filemin/save_config.cgi
+++ b/filemin/save_config.cgi
@@ -23,4 +23,4 @@ open(BOOK, ">", "$confdir/.bookmarks") or $info = $!;
 print BOOK $bookmarks;
 close BOOK;

-&redirect("index.cgi?path=$path");
+&redirect("index.cgi?path=".&urlize($path));
--- a/filemin/save_file.cgi
+++ b/filemin/save_file.cgi
@@ -21,7 +21,8 @@ if ( $in{'encoding'} && lc( $in{'encoding'} ) ne "utf-8" ) {
 &close_tempfile(SAVE);

 if ($in{'save_close'}) {
-    &redirect("index.cgi?path=$path");
+    &redirect("index.cgi?path=".&urlize($path));
 } else {
-    &redirect("edit_file.cgi?path=$path&file=$in{'file'}");
+    &redirect("edit_file.cgi?path=".&urlize($path).
+	      "&file=".&urlize($in{'file'}));
 }
--- a/filemin/search.cgi
+++ b/filemin/search.cgi
@@ -25,4 +25,4 @@ if($in{'caseins'}) {

 print_interface();

-&ui_print_footer("index.cgi?path=$path", $text{'previous_page'});
+&ui_print_footer("index.cgi?path=".&urize($path), $text{'previous_page'});