summaryrefslogtreecommitdiff
path: root/builtin
diff options
context:
space:
mode:
authorsfan5 <sfan5@live.de>2021-12-01 21:11:32 +0100
committersfan5 <sfan5@live.de>2021-12-13 17:33:35 +0100
commit84efe279bb5fd5cce3f1d042b3aac412376fda1b (patch)
tree638395a6862000463091b310c2e9c5addbd7116f /builtin
parentf71091bf52db9b9b58f2b08a7a99e69b2cf3376e (diff)
downloadminetest-84efe279bb5fd5cce3f1d042b3aac412376fda1b.tar.gz
minetest-84efe279bb5fd5cce3f1d042b3aac412376fda1b.tar.bz2
minetest-84efe279bb5fd5cce3f1d042b3aac412376fda1b.zip
Fix URL escaping in content store
Diffstat (limited to 'builtin')
-rw-r--r--builtin/mainmenu/dlg_contentstore.lua35
1 files changed, 24 insertions, 11 deletions
diff --git a/builtin/mainmenu/dlg_contentstore.lua b/builtin/mainmenu/dlg_contentstore.lua
index 58421ef75..9db67cf57 100644
--- a/builtin/mainmenu/dlg_contentstore.lua
+++ b/builtin/mainmenu/dlg_contentstore.lua
@@ -62,9 +62,19 @@ local REASON_UPDATE = "update"
local REASON_DEPENDENCY = "dependency"
+-- encodes for use as URL parameter or path component
+local function urlencode(str)
+ return str:gsub("[^%a%d()._~-]", function(char)
+ return string.format("%%%02X", string.byte(char))
+ end)
+end
+assert(urlencode("sample text?") == "sample%20text%3F")
+
+
local function get_download_url(package, reason)
local base_url = core.settings:get("contentdb_url")
- local ret = base_url .. ("/packages/%s/%s/releases/%d/download/"):format(package.author, package.name, package.release)
+ local ret = base_url .. ("/packages/%s/releases/%d/download/"):format(
+ package.url_part, package.release)
if reason then
ret = ret .. "?reason=" .. reason
end
@@ -199,7 +209,7 @@ local function get_raw_dependencies(package)
local url_fmt = "/api/packages/%s/dependencies/?only_hard=1&protocol_version=%s&engine_version=%s"
local version = core.get_version()
local base_url = core.settings:get("contentdb_url")
- local url = base_url .. url_fmt:format(package.id, core.get_max_supp_proto(), version.string)
+ local url = base_url .. url_fmt:format(package.url_part, core.get_max_supp_proto(), urlencode(version.string))
local response = http.fetch_sync({ url = url })
if not response.succeeded then
@@ -574,17 +584,16 @@ function store.load()
local base_url = core.settings:get("contentdb_url")
local url = base_url ..
"/api/packages/?type=mod&type=game&type=txp&protocol_version=" ..
- core.get_max_supp_proto() .. "&engine_version=" .. version.string
+ core.get_max_supp_proto() .. "&engine_version=" .. urlencode(version.string)
for _, item in pairs(core.settings:get("contentdb_flag_blacklist"):split(",")) do
item = item:trim()
if item ~= "" then
- url = url .. "&hide=" .. item
+ url = url .. "&hide=" .. urlencode(item)
end
end
- local timeout = tonumber(core.settings:get("curl_file_download_timeout"))
- local response = http.fetch_sync({ url = url, timeout = timeout })
+ local response = http.fetch_sync({ url = url })
if not response.succeeded then
return
end
@@ -594,12 +603,16 @@ function store.load()
for _, package in pairs(store.packages_full) do
local name_len = #package.name
+ -- This must match what store.update_paths() does!
+ package.id = package.author:lower() .. "/"
if package.type == "game" and name_len > 5 and package.name:sub(name_len - 4) == "_game" then
- package.id = package.author:lower() .. "/" .. package.name:sub(1, name_len - 5)
+ package.id = package.id .. package.name:sub(1, name_len - 5)
else
- package.id = package.author:lower() .. "/" .. package.name
+ package.id = package.id .. package.name
end
+ package.url_part = urlencode(package.author) .. "/" .. urlencode(package.name)
+
if package.aliases then
for _, alias in ipairs(package.aliases) do
-- We currently don't support name changing
@@ -1013,9 +1026,9 @@ function store.handle_submit(this, fields)
end
if fields["view_" .. i] then
- local url = ("%s/packages/%s/%s?protocol_version=%d"):format(
- core.settings:get("contentdb_url"),
- package.author, package.name, core.get_max_supp_proto())
+ local url = ("%s/packages/%s?protocol_version=%d"):format(
+ core.settings:get("contentdb_url"), package.url_part,
+ core.get_max_supp_proto())
core.open_url(url)
return true
end