mirror of
https://github.com/unraid/webgui.git
synced 2026-01-22 01:19:56 -06:00
Fixed "$dir" encoding
This commit is contained in:
bergware
@@ -17,6 +17,7 @@ Markdown="false"
|
||||
<?
|
||||
[$root,$main,$rest] = my_explode('/',mb_substr($dir,1),3);
|
||||
$user = ($root=='mnt' && ($main=='user'|| $main=='user0')) ? 1 : 0;
|
||||
$dir = htmlspecialchars(str_replace('\\','\\\\',$dir),ENT_QUOTES);
|
||||
?>
|
||||
<style>
|
||||
.loc{text-align:left!important;padding-left:0!important}
|
||||
@@ -25,7 +26,7 @@ $user = ($root=='mnt' && ($main=='user'|| $main=='user0')) ? 1 : 0;
|
||||
<script>
|
||||
$(function(){
|
||||
timers.browse = setTimeout(function(){$('div.spinner.fixed').show('slow');},500);
|
||||
$.get('/webGui/include/Browse.php',{dir:encodeURIComponent("<?=str_replace('\\','\\\\',$dir)?>"),path:"<?=$path?>",user:<?=$user?>},function(data){
|
||||
$.get('/webGui/include/Browse.php',{dir:encodeURIComponent("<?=$dir?>"),path:"<?=$path?>",user:<?=$user?>},function(data){
|
||||
clearTimeout(timers.browse);
|
||||
var table = $('table.indexer');
|
||||
var col = $.cookie('col')||1;
|
||||
|
||||
@@ -42,9 +42,9 @@ function my_devs(&$devs) {
|
||||
}
|
||||
extract(parse_plugin_cfg('dynamix',true));
|
||||
$disks = parse_ini_file('state/disks.ini',true);
|
||||
$dir = preg_replace('://+:','/',htmlspecialchars_decode(rawurldecode($_GET['dir']??''),ENT_QUOTES));
|
||||
$path = unscript($_GET['path']??'');
|
||||
$user = unscript($_GET['user']??'');
|
||||
$dir = preg_replace('://+:','/',htmlspecialchars_decode(rawurldecode($_GET['dir']),ENT_QUOTES));
|
||||
$path = unscript($_GET['path']);
|
||||
$user = unscript($_GET['user']);
|
||||
$all = $docroot.preg_replace('/([\\\\\'" @^&=;:<>(){}[\]])/','\\\\$1',$dir).'/*';
|
||||
$fix = substr($dir,0,4)=='/mnt' ? (explode('/',trim_slash($dir))[2] ?: '---') : _('flash');
|
||||
$fmt = "%F {$display['time']}";
|
||||
@@ -74,7 +74,7 @@ foreach ($dirs as $row) {
|
||||
$devs = explode(',',$set);
|
||||
echo "<tr>";
|
||||
echo "<td data=''><div class='icon-dir'></div></td>";
|
||||
echo "<td><a href=\"/$path?dir=".rawurlencode(htmlspecialchars($full,ENT_COMPAT))."\">".htmlspecialchars($name,ENT_COMPAT)."</a></td>";
|
||||
echo "<td><a href=\"/$path?dir=".rawurlencode(htmlspecialchars($full,ENT_QUOTES))."\">".htmlspecialchars($name)."</a></td>";
|
||||
echo "<td data='0'><FOLDER></td>";
|
||||
echo "<td data='$time'>".my_time($time,$fmt)."</td>";
|
||||
echo "<td class='loc'>".my_devs($devs)."</td>";
|
||||
@@ -91,7 +91,7 @@ foreach ($files as $row) {
|
||||
$tag = strpos($set,',')===false ? '' : 'warning';
|
||||
echo "<tr>";
|
||||
echo "<td data='$ext'><div class='icon-file icon-$ext'></div></td>";
|
||||
echo "<td><a href=\"".htmlspecialchars($full,ENT_COMPAT)."\" download target=\"_blank\" class=\"".($tag?:'none')."\">".htmlspecialchars($name,ENT_COMPAT)."</a></td>";
|
||||
echo "<td><a href=\"".htmlspecialchars($full,ENT_QUOTES)."\" download target=\"_blank\" class=\"".($tag?:'none')."\">".htmlspecialchars($name)."</a></td>";
|
||||
echo "<td data='$size' class='$tag'>".my_scale($size,$unit)." $unit</td>";
|
||||
echo "<td data='$time' class='$tag'>".my_time($time,$fmt)."</td>";
|
||||
echo "<td class='loc $tag'>".my_devs($devs)."</td>";
|
||||
|
||||
Reference in New Issue
Block a user