fix: Improved path escaping
This commit is contained in:
parent
8c623afd31
commit
64b189ab23
3 changed files with 9 additions and 4 deletions
|
@ -138,7 +138,12 @@ defmodule BdfrBrowser.HTTP.Plug do
|
|||
|
||||
defp media_path(full_path) do
|
||||
base_directory = Application.fetch_env!(:bdfr_browser, :base_directory)
|
||||
String.replace(full_path, "#{base_directory}/", "/media/")
|
||||
|
||||
full_path
|
||||
|> String.replace("#{base_directory}/", "/media/")
|
||||
|> String.split("/")
|
||||
|> Enum.map(fn p -> URI.encode(p, &URI.char_unreserved?/1) end)
|
||||
|> Enum.join("/")
|
||||
end
|
||||
|
||||
defp mime_from_ext(path) do
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
<div class="carousel-inner">
|
||||
<%= for {img, i} <- Enum.with_index(media.images) do %>
|
||||
<div class="carousel-item <%= if i == 0, do: "active" %>">
|
||||
<img src="<%= URI.encode(img) %>" class="d-block w-100">
|
||||
<img src="<%= img %>" class="d-block w-100">
|
||||
</div>
|
||||
<% end %>
|
||||
</div>
|
||||
|
@ -48,7 +48,7 @@
|
|||
<div class="row">
|
||||
<%= for video <- media.videos do %>
|
||||
<video controls loop>
|
||||
<source src="<%= URI.encode(video) %>" type="video/mp4">
|
||||
<source src="<%= video %>" type="video/mp4">
|
||||
</video>
|
||||
<% end %>
|
||||
</div>
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<%= for post <- posts do %>
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
<h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= URI.encode(post.filename) %>"><%= post.title %></a></h5>
|
||||
<h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= URI.encode(post.filename, &URI.char_unreserved?/1) %>"><%= post.title %></a></h5>
|
||||
<h6 class="card-subtitle mb-2 text-body-secondary">
|
||||
<%= post.num_comments %> comment(s) - <%= trunc(post.created_utc) |> DateTime.from_unix!() |> DateTime.to_iso8601() %>
|
||||
</h6>
|
||||
|
|
Reference in a new issue