From 64b189ab238253d042d31f4032a9494d7f405015 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Thu, 18 May 2023 20:20:45 +0200 Subject: [PATCH] fix: Improved path escaping --- lib/bdfr_browser/http/plug.ex | 7 ++++++- priv/templates/http/post.eex | 4 ++-- priv/templates/http/subreddit_posts.eex | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/bdfr_browser/http/plug.ex b/lib/bdfr_browser/http/plug.ex index dcba710..6fcb559 100644 --- a/lib/bdfr_browser/http/plug.ex +++ b/lib/bdfr_browser/http/plug.ex @@ -138,7 +138,12 @@ defmodule BdfrBrowser.HTTP.Plug do defp media_path(full_path) do base_directory = Application.fetch_env!(:bdfr_browser, :base_directory) - String.replace(full_path, "#{base_directory}/", "/media/") + + full_path + |> String.replace("#{base_directory}/", "/media/") + |> String.split("/") + |> Enum.map(fn p -> URI.encode(p, &URI.char_unreserved?/1) end) + |> Enum.join("/") end defp mime_from_ext(path) do diff --git a/priv/templates/http/post.eex b/priv/templates/http/post.eex index 88f47d5..f32f4db 100644 --- a/priv/templates/http/post.eex +++ b/priv/templates/http/post.eex @@ -27,7 +27,7 @@
<%= for {img, i} <- Enum.with_index(media.images) do %>
"> - +
<% end %>
@@ -48,7 +48,7 @@
<%= for video <- media.videos do %> <% end %>
diff --git a/priv/templates/http/subreddit_posts.eex b/priv/templates/http/subreddit_posts.eex index 77a1d33..4c65c39 100644 --- a/priv/templates/http/subreddit_posts.eex +++ b/priv/templates/http/subreddit_posts.eex @@ -19,7 +19,7 @@ <%= for post <- posts do %>
-
<%= post.title %>
+
<%= post.title %>
<%= post.num_comments %> comment(s) - <%= trunc(post.created_utc) |> DateTime.from_unix!() |> DateTime.to_iso8601() %>