[ARVADOS] created: 1.1.4-178-g48e8a64

Mon Apr 30 10:25:20 EDT 2018

at  48e8a64bc42e13db19047c8ba061ece07811eb73 (commit)


commit 48e8a64bc42e13db19047c8ba061ece07811eb73
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Mon Apr 30 10:03:11 2018 -0400

    Fix #ZgotmplZ in dir listing page when filename contains a colon.
    
    refs #8784
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 8b61b54..f69f396 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -615,9 +615,9 @@ the entire directory tree with wget, try:</P>
 <UL>
 {{range .Files}}
 {{if .IsDir }}
-  <LI>{{" " | printf "%15s  " | nbsp}}<A href="{{.Name}}/">{{.Name}}/</A></LI>
+  <LI>{{" " | printf "%15s  " | nbsp}}<A href="{{print "./" .Name}}/">{{.Name}}/</A></LI>
 {{else}}
-  <LI>{{.Size | printf "%15d  " | nbsp}}<A href="{{.Name}}">{{.Name}}</A></LI>
+  <LI>{{.Size | printf "%15d  " | nbsp}}<A href="{{print "./" .Name}}">{{.Name}}</A></LI>
 {{end}}
 {{end}}
 </UL>
diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index 4894ceb..06401f4 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -12,10 +12,12 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 
+	"git.curoverse.com/arvados.git/sdk/go/arvados"
 	"git.curoverse.com/arvados.git/sdk/go/arvadostest"
 	"git.curoverse.com/arvados.git/sdk/go/auth"
 	check "gopkg.in/check.v1"
@@ -430,6 +432,38 @@ func (s *IntegrationSuite) TestAnonymousTokenError(c *check.C) {
 	)
 }
 
+func (s *IntegrationSuite) TestSpecialCharsInPath(c *check.C) {
+	s.testServer.Config.AttachmentOnlyHost = "download.example.com"
+
+	client := s.testServer.Config.Client
+	client.AuthToken = arvadostest.ActiveToken
+	fs, err := (&arvados.Collection{}).FileSystem(&client, nil)
+	c.Assert(err, check.IsNil)
+	f, err := fs.OpenFile("https:\\\"odd' path chars", os.O_CREATE, 0777)
+	c.Assert(err, check.IsNil)
+	f.Close()
+	mtxt, err := fs.MarshalManifest(".")
+	c.Assert(err, check.IsNil)
+	coll := arvados.Collection{ManifestText: mtxt}
+	err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", client.UpdateBody(coll), nil)
+	c.Assert(err, check.IsNil)
+
+	u, _ := url.Parse("http://download.example.com/c=" + coll.UUID + "/")
+	req := &http.Request{
+		Method:     "GET",
+		Host:       u.Host,
+		URL:        u,
+		RequestURI: u.RequestURI(),
+		Header: http.Header{
+			"Authorization": {"Bearer " + client.AuthToken},
+		},
+	}
+	resp := httptest.NewRecorder()
+	s.testServer.Handler.ServeHTTP(resp, req)
+	c.Check(resp.Code, check.Equals, http.StatusOK)
+	c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./https:%5c%22odd%27%20path%20chars"\S+https:\\"odd' path chars.*`)
+}
+
 // XHRs can't follow redirect-with-cookie so they rely on method=POST
 // and disposition=attachment (telling us it's acceptable to respond
 // with content instead of a redirect) and an Origin header that gets
@@ -660,7 +694,7 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) {
 		} else {
 			c.Check(resp.Code, check.Equals, http.StatusOK)
 			for _, e := range trial.expect {
-				c.Check(resp.Body.String(), check.Matches, `(?ms).*href="`+e+`".*`)
+				c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./`+e+`".*`)
 			}
 			c.Check(resp.Body.String(), check.Matches, `(?ms).*--cut-dirs=`+fmt.Sprintf("%d", trial.cutDirs)+` .*`)
 		}

-----------------------------------------------------------------------


hooks/post-receive
-- 


