check root dir name if present

2020-12-16 11:57:58 +08:00 · 2020-12-16 11:57:58 +08:00 · e669f3b3f4
commit e669f3b3f4
parent 341a465479
2 changed files with 17 additions and 7 deletions
--- a/frontend/src/views/Share.vue
+++ b/frontend/src/views/Share.vue
@ -1,7 +1,7 @@
 <template>
  <div v-if="loaded">
    <div id="breadcrumbs">
-      <router-link :to="'/share/' + hash + '/' + this.path.split('/')[0]" :aria-label="$t('files.home')" :title="$t('files.home')">
+      <router-link :to="'/share/' + hash" :aria-label="$t('files.home')" :title="$t('files.home')">
        <i class="material-icons">home</i>
      </router-link>
--- a/http/public.go
+++ b/http/public.go
@ -2,19 +2,25 @@ package http
 import (
 	"net/http"
 	"path/filepath"
 	"strings"
 	"github.com/filebrowser/filebrowser/v2/files"
 	libErrors "github.com/filebrowser/filebrowser/v2/errors"
 )
 var withHashFile = func(fn handleFunc) handleFunc {
 	return func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
-		id, path := ifPathWithName(r)
+		id, rootName, path := ifPathWithName(r)
 		link, err := d.store.Share.GetByHash(id)
 		if err != nil {
 			return errToStatus(err), err
 		}
 		if rootName != "" && filepath.Base(rootName) != filepath.Base(link.Path) {
 			return errToStatus(libErrors.ErrNotExist), libErrors.ErrNotExist
 		}
 		user, err := d.store.Users.Get(d.server.Root, link.UserID)
 		if err != nil {
 			return errToStatus(err), err
@ -24,7 +30,7 @@ var withHashFile = func(fn handleFunc) handleFunc {
 		file, err := files.NewFileInfo(files.FileOptions{
 			Fs:      d.user.Fs,
-			Path:    link.Path + path,
+			Path:    filepath.Join(link.Path, path),
 			Modify:  d.user.Perm.Modify,
 			Expand:  true,
 			Checker: d,
@ -40,14 +46,18 @@ var withHashFile = func(fn handleFunc) handleFunc {
 // ref to https://github.com/filebrowser/filebrowser/pull/727
 // `/api/public/dl/MEEuZK-v/file-name.txt` for old browsers to save file with correct name
-func ifPathWithName(r *http.Request) (id, path string) {
+func ifPathWithName(r *http.Request) (id, rootName, path string) {
 	pathElements := strings.Split(r.URL.Path, "/")
 	// prevent maliciously constructed parameters like `/api/public/dl/XZzCDnK2_not_exists_hash_name`
 	// len(pathElements) will be 1, and golang will panic `runtime error: index out of range`
-	if len(pathElements) <= 2 { //nolint: mnd
+	switch len(pathElements) {
-		return pathElements[0], ""
+	case 1:
 		return r.URL.Path, "", ""
 	case 2:
 		return pathElements[0], pathElements[1], ""
 	default:
 		return pathElements[0], pathElements[1], strings.Join(pathElements[2:], "/")
 	}
 	return pathElements[0], strings.Join(pathElements[2:], "/")
 }
 var publicShareHandler = withHashFile(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {