MCorange/wings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix handling of files with special characters and spaces

Browse Source 
closes pterodactyl/panel#2040
closes pterodactyl/panel#2038
This commit is contained in:
Dane Everitt 2020-05-17 15:07:11 -07:00
parent 804f3d5ca9
commit 3fe884670d
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
2 changed files with 35 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
router/router_server_files.go
View File

@ -4,14 +4,24 @@ import (
"bufio" "bufio"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"net/http" "net/http"
"net/url"
"os" "os"
"strconv" "strconv"
"strings"
) )
// Returns the contents of a file on the server. // Returns the contents of a file on the server.
func getServerFileContents(c *gin.Context) { func getServerFileContents(c *gin.Context) {
s := GetServer(c.Param("server")) s := GetServer(c.Param("server"))
cleaned, err := s.Filesystem.SafePath(c.Query("file"))
p, err := url.QueryUnescape(c.Query("file"))
if err != nil {
TrackedServerError(err, s).AbortWithServerError(c)
return
}
p = "/" + strings.TrimLeft(p, "/")
cleaned, err := s.Filesystem.SafePath(p)
if err != nil { if err != nil {
c.AbortWithStatusJSON(http.StatusNotFound, gin.H{ c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
"error": "The file requested could not be found.", "error": "The file requested could not be found.",
@ -56,7 +66,13 @@ func getServerFileContents(c *gin.Context) {
func getServerListDirectory(c *gin.Context) { func getServerListDirectory(c *gin.Context) {
s := GetServer(c.Param("server")) s := GetServer(c.Param("server"))
stats, err := s.Filesystem.ListDirectory(c.Query("directory")) d, err := url.QueryUnescape(c.Query("directory"))
if err != nil {
TrackedServerError(err, s).AbortWithServerError(c)
return
}
stats, err := s.Filesystem.ListDirectory(d)
if err != nil { if err != nil {
TrackedServerError(err, s).AbortWithServerError(c) TrackedServerError(err, s).AbortWithServerError(c)
return return
@ -69,9 +85,9 @@ func getServerListDirectory(c *gin.Context) {
func putServerRenameFile(c *gin.Context) { func putServerRenameFile(c *gin.Context) {
s := GetServer(c.Param("server")) s := GetServer(c.Param("server"))
var data struct{ var data struct {
RenameFrom string `json:"rename_from"` RenameFrom string `json:"rename_from"`
RenameTo string `json:"rename_to"` RenameTo string `json:"rename_to"`
} }
c.BindJSON(&data) c.BindJSON(&data)
@ -128,7 +144,14 @@ func postServerDeleteFile(c *gin.Context) {
func postServerWriteFile(c *gin.Context) { func postServerWriteFile(c *gin.Context) {
s := GetServer(c.Param("server")) s := GetServer(c.Param("server"))
if err := s.Filesystem.Writefile(c.Query("file"), c.Request.Body); err != nil { f, err := url.QueryUnescape(c.Query("file"))
if err != nil {
TrackedServerError(err, s).AbortWithServerError(c)
return
}
f = "/" + strings.TrimLeft(f, "/")
if err := s.Filesystem.Writefile(f, c.Request.Body); err != nil {
TrackedServerError(err, s).AbortWithServerError(c) TrackedServerError(err, s).AbortWithServerError(c)
return return
} }

13
server/filesystem.go
View File

@ -401,13 +401,12 @@ func (fs *Filesystem) Copy(p string) error {
return errors.WithStack(err) return errors.WithStack(err)
} }
if s, err := os.Stat(cleaned); (err != nil && os.IsNotExist(err)) || s.IsDir() || !s.Mode().IsRegular() { if s, err := os.Stat(cleaned); err != nil {
// For now I think I am okay just returning a nil response if the thing return err
// we're trying to copy doesn't exist. Probably will want to come back and } else if s.IsDir() || !s.Mode().IsRegular() {
// re-evaluate if this is a smart decision (I'm guessing not). // If this is a directory or not a regular file, just throw a not-exist error
return nil // since anything calling this function should understand what that means.
} else if err != nil { return os.ErrNotExist
return errors.WithStack(err)
} }
base := filepath.Base(cleaned) base := filepath.Base(cleaned)