Error 401 When Accessing Parent Folder with "+" in Name (#138)

artgris · web-flow · commit e0ab8ec7900a · 2024-02-13T10:14:43.000+01:00
* test

* fix parent

* fix parent

* fix parent
diff --git a/Controller/ManagerController.php b/Controller/ManagerController.php
@@ -327,7 +327,7 @@ public function deleteAction(Request $request): RedirectResponse {
                 }
 
                 $this->dispatch(FileManagerEvents::POST_DELETE_FOLDER);
-                $queryParameters['route'] = \dirname($fileManager->getCurrentRoute());
+                $queryParameters['route'] = \dirname($fileManager->getRoute());
                 if ($queryParameters['route'] == '/') {
                     unset($queryParameters['route']);
                 }
@@ -409,7 +409,7 @@ private function retrieveSubDirectories(FileManager $fileManager, string $path,
                     'href' => $fileName ? $this->generateUrl('file_manager', $queryParameters) : $this->generateUrl('file_manager', $queryParametersRoute),
                 ],
                 'state' => [
-                    'selected' => $fileManager->getCurrentRoute() === $fileName,
+                    'selected' => $fileManager->getRoute() === $fileName,
                     'opened' => true,
                 ],
             ];
diff --git a/Helpers/FileManager.php b/Helpers/FileManager.php
@@ -13,29 +13,34 @@
 /**
  * @author Arthur Gribet <a.gribet@gmail.com>
  */
-class FileManager {
+class FileManager
+{
     const VIEW_THUMBNAIL = 'thumbnail';
     const VIEW_LIST = 'list';
 
     /**
      * FileManager constructor.
      */
-    public function __construct(private array $queryParameters, private array $configuration, private RouterInterface $router, private EventDispatcherInterface $dispatcher, private string $webDir) {
+    public function __construct(private array $queryParameters, private array $configuration, private RouterInterface $router, private EventDispatcherInterface $dispatcher, private string $webDir)
+    {
         // Check Security
         $this->checkSecurity();
     }
 
-    public function getDirName(): string {
+    public function getDirName(): string
+    {
         return \dirname($this->getBasePath());
     }
 
-    public function getBaseName(): string {
+    public function getBaseName(): string
+    {
         return basename($this->getBasePath());
     }
 
-    public function getRegex(): string {
+    public function getRegex(): string
+    {
         if (isset($this->configuration['regex'])) {
-            return '/'.$this->configuration['regex'].'/i';
+            return '/' . $this->configuration['regex'] . '/i';
         }
 
         return match ($this->getType()) {
@@ -45,28 +50,29 @@ public function getRegex(): string {
         };
     }
 
-    public function getCurrentRoute(): ?string {
-        if ($this->getRoute()) {
-            return urldecode($this->getRoute());
-        }
-
-        return null;
-    }
+//    public function getCurrentRoute(): ?string {
+//        if ($this->getRoute()) {
+//            return urldecode($this->getRoute());
+//        }
+//
+//        return null;
+//    }
 
-    public function getCurrentPath(): bool|string {
-        return realpath($this->getBasePath().$this->getCurrentRoute());
+    public function getCurrentPath(): bool|string
+    {
+        return realpath($this->getBasePath() . $this->getRoute());
     }
 
     // parent url
-    public function getParent(): ?string {
+    public function getParent(): ?string
+    {
         $queryParentParameters = $this->queryParameters;
 
-        if ($this->getCurrentRoute()) {
-
-            $parentRoute = \dirname($this->getCurrentRoute());
+        if ($this->getRoute()) {
 
+            $parentRoute = \dirname($this->getRoute());
             if (\DIRECTORY_SEPARATOR !== $parentRoute) {
-                $queryParentParameters['route'] = \dirname($this->getCurrentRoute());
+                $queryParentParameters['route'] = \dirname($this->getRoute());
             } else {
                 unset($queryParentParameters['route']);
             }
@@ -79,28 +85,33 @@ public function getParent(): ?string {
         return null;
     }
 
-    public function getImagePath(): bool|string {
+    public function getImagePath(): bool|string
+    {
         $baseUrl = $this->getBaseUrl();
+
         if ($baseUrl) {
-            return $baseUrl.$this->getCurrentRoute().'/';
+            $routePath = $this->getRoutePath();
+            return $baseUrl . $routePath . '/';
         }
 
         return false;
     }
 
-    private function getBaseUrl(): bool|string {
+    private function getBaseUrl(): bool|string
+    {
         $webPath = $this->webDir;
         $dirl = new \SplFileInfo($this->getConfiguration()['dir']);
         $base = $dirl->getPathname();
 
-        if (0 === mb_strpos($base, $webPath)) {
+        if (str_starts_with($base, $webPath)) {
             return mb_substr($base, mb_strlen($webPath));
         }
 
         return false;
     }
 
-    private function checkSecurity(): void {
+    private function checkSecurity(): void
+    {
         if (!isset($this->configuration['dir'])) {
             throw new HttpException(Response::HTTP_INTERNAL_SERVER_ERROR, 'Please define a "dir" parameter in your config.yml');
         }
@@ -115,67 +126,86 @@ private function checkSecurity(): void {
         $currentPath = $this->getCurrentPath();
 
         // check Path security
-        if (false === $currentPath || 0 !== mb_strpos($currentPath, $this->getBasePath())) {
+        if (false === $currentPath || !str_starts_with($currentPath, $this->getBasePath())) {
             throw new HttpException(Response::HTTP_UNAUTHORIZED, 'You are not allowed to access this folder.');
         }
         $event = new GenericEvent($this, ['path' => $currentPath]);
         $this->dispatcher->dispatch($event, FileManagerEvents::POST_CHECK_SECURITY);
 
     }
 
-    public function getModule(): ?string {
+    public function getModule(): ?string
+    {
         return $this->getQueryParameters()['module'] ?? null;
     }
 
-    public function getType(): ?string {
+    public function getType(): ?string
+    {
         return $this->mergeConfAndQuery('type');
     }
 
-    public function getRoute(): ?string {
+    public function getRoute(): ?string
+    {
         return isset($this->getQueryParameters()['route']) && '/' !== $this->getQueryParameters()['route'] ? $this->getQueryParameters()['route'] : null;
     }
 
-    public function getBasePath(): bool|string {
+    public function getRoutePath(): ?string
+    {
+        return implode('/', array_map('rawurlencode', explode('/', $this->getRoute())));
+    }
+
+    public function getBasePath(): bool|string
+    {
         return realpath($this->getConfiguration()['dir']);
     }
 
-    public function getQueryParameters(): array {
+    public function getQueryParameters(): array
+    {
         return $this->queryParameters;
     }
 
-    public function getRouter(): RouterInterface {
+    public function getRouter(): RouterInterface
+    {
         return $this->router;
     }
 
-    public function setRouter(RouterInterface $router): void {
+    public function setRouter(RouterInterface $router): void
+    {
         $this->router = $router;
     }
 
-    public function getConfiguration(): array {
+    public function getConfiguration(): array
+    {
         return $this->configuration;
     }
 
-    public function setConfiguration(array $configuration): void {
+    public function setConfiguration(array $configuration): void
+    {
         $this->configuration = $configuration;
     }
 
-    public function getTree(): bool {
+    public function getTree(): bool
+    {
         return $this->mergeQueryAndConf('tree', true);
     }
 
-    public function getView(): string {
+    public function getView(): string
+    {
         return $this->mergeQueryAndConf('view', 'list');
     }
 
-    public function getQueryParameter(string $parameter) {
+    public function getQueryParameter(string $parameter)
+    {
         return $this->getQueryParameters()[$parameter] ?? null;
     }
 
-    public function getConfigurationParameter(string $parameter) {
+    public function getConfigurationParameter(string $parameter)
+    {
         return $this->getConfiguration()[$parameter] ?? null;
     }
 
-    private function mergeQueryAndConf(string $parameter, $default = null) {
+    private function mergeQueryAndConf(string $parameter, $default = null)
+    {
         if (null !== $this->getQueryParameter($parameter)) {
             return $this->getQueryParameter($parameter);
         }
@@ -186,7 +216,8 @@ private function mergeQueryAndConf(string $parameter, $default = null) {
         return $default;
     }
 
-    private function mergeConfAndQuery(string $parameter, $default = null) {
+    private function mergeConfAndQuery(string $parameter, $default = null)
+    {
         if (null !== $this->getConfigurationParameter($parameter)) {
             return $this->getConfigurationParameter($parameter);
         }
diff --git a/Service/FileTypeService.php b/Service/FileTypeService.php
@@ -20,12 +20,13 @@ public function __construct(private RouterInterface $router, private Environment
     }
 
     public function preview(FileManager $fileManager, SplFileInfo $file) {
+
         if ($fileManager->getImagePath()) {
-            $filePath = $fileManager->getImagePath().$file->getFilename();
+            $filePath = $fileManager->getImagePath().rawurlencode($file->getFilename());
         } else {
             $filePath = $this->router->generate(
                 'file_manager_file',
-                array_merge($fileManager->getQueryParameters(), ['fileName' => rawurlencode($file->getFilename())])
+                array_merge($fileManager->getQueryParameters(), ['fileName' => $file->getFilename()])
             );
         }
         $extension = $file->getExtension();
@@ -36,10 +37,11 @@ public function preview(FileManager $fileManager, SplFileInfo $file) {
             return $this->fileIcon($filePath, $extension, $size, true, $fileManager->getConfigurationParameter('twig_extension'), $fileManager->getConfigurationParameter('cachebreaker'));
         }
         if ('dir' === $type) {
+
             $href = $this->router->generate(
                 'file_manager', array_merge(
                 $fileManager->getQueryParameters(),
-                ['route' => $fileManager->getRoute().'/'.rawurlencode($file->getFilename())]
+                ['route' => $fileManager->getRoute().'/'.$file->getFilename()]
             )
             );
 
@@ -67,6 +69,7 @@ public function accept($type): bool|string {
     }
 
     public function fileIcon(string $filePath,?string $extension = null, ?int $size = 75, ?bool $lazy = false, ?string $twigExtension = null, ?bool $cachebreaker = null): array {
+
         $imageTemplate = null;
 
         if (null === $extension) {
