Fix URL escaping in content store

This commit is contained in:
sfan5 2021-12-01 21:11:32 +01:00
parent f71091bf52
commit 84efe279bb

@ -62,9 +62,19 @@ local REASON_UPDATE = "update"
local REASON_DEPENDENCY = "dependency" local REASON_DEPENDENCY = "dependency"
-- encodes for use as URL parameter or path component
local function urlencode(str)
return str:gsub("[^%a%d()._~-]", function(char)
return string.format("%%%02X", string.byte(char))
end)
end
assert(urlencode("sample text?") == "sample%20text%3F")
local function get_download_url(package, reason) local function get_download_url(package, reason)
local base_url = core.settings:get("contentdb_url") local base_url = core.settings:get("contentdb_url")
local ret = base_url .. ("/packages/%s/%s/releases/%d/download/"):format(package.author, package.name, package.release) local ret = base_url .. ("/packages/%s/releases/%d/download/"):format(
package.url_part, package.release)
if reason then if reason then
ret = ret .. "?reason=" .. reason ret = ret .. "?reason=" .. reason
end end
@ -199,7 +209,7 @@ local function get_raw_dependencies(package)
local url_fmt = "/api/packages/%s/dependencies/?only_hard=1&protocol_version=%s&engine_version=%s" local url_fmt = "/api/packages/%s/dependencies/?only_hard=1&protocol_version=%s&engine_version=%s"
local version = core.get_version() local version = core.get_version()
local base_url = core.settings:get("contentdb_url") local base_url = core.settings:get("contentdb_url")
local url = base_url .. url_fmt:format(package.id, core.get_max_supp_proto(), version.string) local url = base_url .. url_fmt:format(package.url_part, core.get_max_supp_proto(), urlencode(version.string))
local response = http.fetch_sync({ url = url }) local response = http.fetch_sync({ url = url })
if not response.succeeded then if not response.succeeded then
@ -574,17 +584,16 @@ function store.load()
local base_url = core.settings:get("contentdb_url") local base_url = core.settings:get("contentdb_url")
local url = base_url .. local url = base_url ..
"/api/packages/?type=mod&type=game&type=txp&protocol_version=" .. "/api/packages/?type=mod&type=game&type=txp&protocol_version=" ..
core.get_max_supp_proto() .. "&engine_version=" .. version.string core.get_max_supp_proto() .. "&engine_version=" .. urlencode(version.string)
for _, item in pairs(core.settings:get("contentdb_flag_blacklist"):split(",")) do for _, item in pairs(core.settings:get("contentdb_flag_blacklist"):split(",")) do
item = item:trim() item = item:trim()
if item ~= "" then if item ~= "" then
url = url .. "&hide=" .. item url = url .. "&hide=" .. urlencode(item)
end end
end end
local timeout = tonumber(core.settings:get("curl_file_download_timeout")) local response = http.fetch_sync({ url = url })
local response = http.fetch_sync({ url = url, timeout = timeout })
if not response.succeeded then if not response.succeeded then
return return
end end
@ -594,12 +603,16 @@ function store.load()
for _, package in pairs(store.packages_full) do for _, package in pairs(store.packages_full) do
local name_len = #package.name local name_len = #package.name
-- This must match what store.update_paths() does!
package.id = package.author:lower() .. "/"
if package.type == "game" and name_len > 5 and package.name:sub(name_len - 4) == "_game" then if package.type == "game" and name_len > 5 and package.name:sub(name_len - 4) == "_game" then
package.id = package.author:lower() .. "/" .. package.name:sub(1, name_len - 5) package.id = package.id .. package.name:sub(1, name_len - 5)
else else
package.id = package.author:lower() .. "/" .. package.name package.id = package.id .. package.name
end end
package.url_part = urlencode(package.author) .. "/" .. urlencode(package.name)
if package.aliases then if package.aliases then
for _, alias in ipairs(package.aliases) do for _, alias in ipairs(package.aliases) do
-- We currently don't support name changing -- We currently don't support name changing
@ -1013,9 +1026,9 @@ function store.handle_submit(this, fields)
end end
if fields["view_" .. i] then if fields["view_" .. i] then
local url = ("%s/packages/%s/%s?protocol_version=%d"):format( local url = ("%s/packages/%s?protocol_version=%d"):format(
core.settings:get("contentdb_url"), core.settings:get("contentdb_url"), package.url_part,
package.author, package.name, core.get_max_supp_proto()) core.get_max_supp_proto())
core.open_url(url) core.open_url(url)
return true return true
end end