Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 23:28:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

web: fix content type for folders form

Browse Source 
Fixes #367
This commit is contained in:
Nicola Murino
2021-04-01 19:42:18 +02:00
parent 2f56375121
commit 6eb43baf3d
3 changed files with 51 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
httpd/httpd_test.go
View File

@@ -6189,26 +6189,32 @@ func TestAddWebFoldersMock(t *testing.T) {
form.Set("mapped_path", mappedPath) form.Set("mapped_path", mappedPath)
form.Set("name", folderName) form.Set("name", folderName)
form.Set("description", folderDesc) form.Set("description", folderDesc)
req, err := http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode())) b, contentType, err := getMultipartFormData(form, "", "")
assert.NoError(t, err) assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err)
req.Header.Set("Content-Type", contentType)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr := executeRequest(req) rr := executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr) checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "unable to verify form token") assert.Contains(t, rr.Body.String(), "unable to verify form token")
form.Set(csrfFormToken, csrfToken) form.Set(csrfFormToken, csrfToken)
req, err = http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err) assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err)
req.Header.Set("Content-Type", contentType)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr) checkResponseCode(t, http.StatusSeeOther, rr)
// adding the same folder will fail since the name must be unique // adding the same folder will fail since the name must be unique
req, err = http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr) checkResponseCode(t, http.StatusOK, rr)
// invalid form // invalid form
@@ -6277,18 +6283,22 @@ func TestS3WebFolderMock(t *testing.T) {
form.Set("s3_upload_part_size", strconv.Itoa(S3UploadPartSize)) form.Set("s3_upload_part_size", strconv.Itoa(S3UploadPartSize))
form.Set("s3_upload_concurrency", "a") form.Set("s3_upload_concurrency", "a")
form.Set(csrfFormToken, csrfToken) form.Set(csrfFormToken, csrfToken)
req, err := http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode())) b, contentType, err := getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr := executeRequest(req) rr := executeRequest(req)
checkResponseCode(t, http.StatusOK, rr) checkResponseCode(t, http.StatusOK, rr)
form.Set("s3_upload_concurrency", strconv.Itoa(S3UploadConcurrency)) form.Set("s3_upload_concurrency", strconv.Itoa(S3UploadConcurrency))
req, err = http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr) checkResponseCode(t, http.StatusSeeOther, rr)
@@ -6315,18 +6325,22 @@ func TestS3WebFolderMock(t *testing.T) {
// update // update
S3UploadConcurrency = 10 S3UploadConcurrency = 10
form.Set("s3_upload_concurrency", "b") form.Set("s3_upload_concurrency", "b")
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr) checkResponseCode(t, http.StatusOK, rr)
form.Set("s3_upload_concurrency", strconv.Itoa(S3UploadConcurrency)) form.Set("s3_upload_concurrency", strconv.Itoa(S3UploadConcurrency))
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr) checkResponseCode(t, http.StatusSeeOther, rr)
@@ -6380,19 +6394,23 @@ func TestUpdateWebFolderMock(t *testing.T) {
form.Set("name", folderName) form.Set("name", folderName)
form.Set("description", folderDesc) form.Set("description", folderDesc)
form.Set(csrfFormToken, "") form.Set(csrfFormToken, "")
req, err := http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode())) b, contentType, err := getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr := executeRequest(req) rr := executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr) checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "unable to verify form token") assert.Contains(t, rr.Body.String(), "unable to verify form token")
form.Set(csrfFormToken, csrfToken) form.Set(csrfFormToken, csrfToken)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr) checkResponseCode(t, http.StatusSeeOther, rr)
@@ -6407,26 +6425,32 @@ func TestUpdateWebFolderMock(t *testing.T) {
assert.Equal(t, folderDesc, folder.Description) assert.Equal(t, folderDesc, folder.Description)
// parse form error // parse form error
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName)+"??a=a%B3%A2%G3", strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName)+"??a=a%B3%A2%G3", &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr) checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), "invalid URL escape") assert.Contains(t, rr.Body.String(), "invalid URL escape")
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName+"1"), strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName+"1"), &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusNotFound, rr) checkResponseCode(t, http.StatusNotFound, rr)
form.Set("mapped_path", "arelative/path") form.Set("mapped_path", "arelative/path")
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode())) b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", contentType)
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr) checkResponseCode(t, http.StatusOK, rr)

4
httpd/web.go
View File

@@ -1478,7 +1478,7 @@ func handleWebAddFolderGet(w http.ResponseWriter, r *http.Request) {
func handleWebAddFolderPost(w http.ResponseWriter, r *http.Request) { func handleWebAddFolderPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize) r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
folder := vfs.BaseVirtualFolder{} folder := vfs.BaseVirtualFolder{}
err := r.ParseForm() err := r.ParseMultipartForm(maxRequestSize)
if err != nil { if err != nil {
renderFolderPage(w, r, folder, folderPageModeAdd, err.Error()) renderFolderPage(w, r, folder, folderPageModeAdd, err.Error())
return return
@@ -1529,7 +1529,7 @@ func handleWebUpdateFolderPost(w http.ResponseWriter, r *http.Request) {
return return
} }
err = r.ParseForm() err = r.ParseMultipartForm(maxRequestSize)
if err != nil { if err != nil {
renderFolderPage(w, r, folder, folderPageModeUpdate, err.Error()) renderFolderPage(w, r, folder, folderPageModeUpdate, err.Error())
return return

2
templates/folder.html
View File

@@ -27,7 +27,7 @@
</div> </div>
</div> </div>
{{end}} {{end}}
<form id="folder_form" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank"{{end}}> <form id="folder_form" enctype="multipart/form-data" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank"{{end}}>
{{if eq .Mode 3}} {{if eq .Mode 3}}
<div class="form-group row"> <div class="form-group row">
<label for="idFolders" class="col-sm-2 col-form-label">Folders</label> <label for="idFolders" class="col-sm-2 col-form-label">Folders</label>