From 5a3fce12a4496ec6d2903902e035af017e07f2f8 Mon Sep 17 00:00:00 2001
From: Victor Dubiniuk <victor.dubiniuk@gmail.com>
Date: Thu, 4 Jul 2013 19:21:49 +0300
Subject: [PATCH 1/4] Implement encodePath

---
 lib/public/util.php | 14 ++++++++++++++
 lib/util.php        | 17 ++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/lib/public/util.php b/lib/public/util.php
index 6744c2d37b..d69602f450 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -355,6 +355,20 @@ class Util {
 	public static function sanitizeHTML( $value ) {
 		return(\OC_Util::sanitizeHTML($value));
 	}
+		
+	/**
+	 * @brief Public function to encode url parameters
+	 *
+	 * This function is used to encode path to file before output.
+	 * Encoding is done according to RFC 3986 with one exception:
+	 * Character '/' is preserved as is. 
+	 *
+	 * @param string $component part of URI to encode
+	 * @return string 
+	 */
+	public static function encodePath($component) {
+		return(\OC_Util::encodePath($component));
+	}
 
 	/**
 	* @brief Returns an array with all keys from input lowercased or uppercased. Numbered indices are left as is.
diff --git a/lib/util.php b/lib/util.php
index 8f5f79b6b0..981b05b2b4 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -539,7 +539,22 @@ class OC_Util {
 		}
 		return $value;
 	}
-
+	
+	/**
+	 * @brief Public function to encode url parameters
+	 *
+	 * This function is used to encode path to file before output.
+	 * Encoding is done according to RFC 3986 with one exception:
+	 * Character '/' is preserved as is. 
+	 *
+	 * @param string $component part of URI to encode
+	 * @return string 
+	 */
+	public static function encodePath($component) {
+		$encoded = rawurlencode($component);
+		$encoded = str_replace('%2F', '/', $encoded);
+		return $encoded;
+	}
 
 	/**
 	 * Check if the htaccess file is working by creating a test file in the data directory and trying to access via http

From 582631323acb52b8348975d29a871d950c2e6451 Mon Sep 17 00:00:00 2001
From: Victor Dubiniuk <victor.dubiniuk@gmail.com>
Date: Thu, 4 Jul 2013 19:23:31 +0300
Subject: [PATCH 2/4] Migrate to encodePath

---
 apps/files/templates/part.breadcrumb.php          | 3 +--
 apps/files/templates/part.list.php                | 6 ++----
 apps/files_trashbin/templates/part.breadcrumb.php | 3 +--
 apps/files_trashbin/templates/part.list.php       | 6 ++----
 4 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php
index 9886b42e42..9db27eb9b2 100644
--- a/apps/files/templates/part.breadcrumb.php
+++ b/apps/files/templates/part.breadcrumb.php
@@ -7,8 +7,7 @@
 <?php endif;?>
 <?php for($i=0; $i<count($_["breadcrumb"]); $i++):
 	$crumb = $_["breadcrumb"][$i];
-	$dir = str_replace('+', '%20', urlencode($crumb["dir"]));
-	$dir = str_replace('%2F', '/', $dir); ?>
+	$dir = \OCP\Util::encodePath($crumb["dir"]); ?>
 	<div class="crumb <?php if($i == count($_["breadcrumb"])-1) p('last');?> svg"
 		 data-dir='<?php p($dir);?>'>
 	<a href="<?php p($_['baseURL'].$dir); ?>"><?php p($crumb["name"]); ?></a>
diff --git a/apps/files/templates/part.list.php b/apps/files/templates/part.list.php
index 502ddd329b..97a9026860 100644
--- a/apps/files/templates/part.list.php
+++ b/apps/files/templates/part.list.php
@@ -17,10 +17,8 @@ $totalsize = 0; ?>
 	// the older the file, the brighter the shade of grey; days*14
 	$relative_date_color = round((time()-$file['mtime'])/60/60/24*14);
 	if($relative_date_color>160) $relative_date_color = 160;
-	$name = rawurlencode($file['name']);
-	$name = str_replace('%2F', '/', $name);
-	$directory = rawurlencode($file['directory']);
-	$directory = str_replace('%2F', '/', $directory); ?>
+	$name = \OCP\Util::encodePath($file['name']);
+	$directory = \OCP\Util::encodePath($file['directory']); ?>
 	<tr data-id="<?php p($file['fileid']); ?>"
 		data-file="<?php p($name);?>"
 		data-type="<?php ($file['type'] == 'dir')?p('dir'):p('file')?>"
diff --git a/apps/files_trashbin/templates/part.breadcrumb.php b/apps/files_trashbin/templates/part.breadcrumb.php
index 2801e04e9a..85bb16ffa2 100644
--- a/apps/files_trashbin/templates/part.breadcrumb.php
+++ b/apps/files_trashbin/templates/part.breadcrumb.php
@@ -11,8 +11,7 @@
 <?php endif;?>
 <?php for($i=0; $i<count($_["breadcrumb"]); $i++):
 	$crumb = $_["breadcrumb"][$i];
-	$dir = str_replace('+', '%20', urlencode($crumb["dir"]));
-	$dir = str_replace('%2F', '/', $dir); ?>
+	$dir = \OCP\Util::encodePath($crumb["dir"]); ?>
 	<div class="crumb <?php if($i == count($_["breadcrumb"])-1) p('last');?> svg"
 		 data-dir='<?php p($dir);?>'>
 	<a href="<?php p($_['baseURL'].$dir); ?>"><?php p($crumb["name"]); ?></a>
diff --git a/apps/files_trashbin/templates/part.list.php b/apps/files_trashbin/templates/part.list.php
index 92a38bd263..94a8eec951 100644
--- a/apps/files_trashbin/templates/part.list.php
+++ b/apps/files_trashbin/templates/part.list.php
@@ -4,10 +4,8 @@
 	// the older the file, the brighter the shade of grey; days*14
 	$relative_date_color = round((time()-$file['date'])/60/60/24*14);
 	if($relative_date_color>200) $relative_date_color = 200;
-	$name = str_replace('+', '%20', urlencode($file['name']));
-	$name = str_replace('%2F', '/', $name);
-	$directory = str_replace('+', '%20', urlencode($file['directory']));
-	$directory = str_replace('%2F', '/', $directory); ?>
+	$name = \OCP\Util::encodePath($file['name']);
+	$directory = \OCP\Util::encodePath($file['directory']); ?>
 	<tr data-filename="<?php p($file['name']);?>"
 		data-type="<?php ($file['type'] == 'dir')?p('dir'):p('file')?>"
 		data-mime="<?php p($file['mimetype'])?>"

From 257096f1d4f94bba08988aeca41f81865bdb8e23 Mon Sep 17 00:00:00 2001
From: Victor Dubiniuk <victor.dubiniuk@gmail.com>
Date: Thu, 4 Jul 2013 19:41:42 +0300
Subject: [PATCH 3/4] Encode current trashbin directory

---
 apps/files_trashbin/index.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/apps/files_trashbin/index.php b/apps/files_trashbin/index.php
index a32b7414ac..6f1c364737 100644
--- a/apps/files_trashbin/index.php
+++ b/apps/files_trashbin/index.php
@@ -101,12 +101,15 @@ $breadcrumbNav->assign('home', OCP\Util::linkTo('files', 'index.php'));
 
 $list = new OCP\Template('files_trashbin', 'part.list', '');
 $list->assign('files', $files);
-$list->assign('baseURL', OCP\Util::linkTo('files_trashbin', 'index.php'). '?dir='.$dir);
-$list->assign('downloadURL', OCP\Util::linkTo('files_trashbin', 'download.php') . '?file='.$dir);
+
+$encodedDir = \OCP\Util::encodePath($dir);
+$list->assign('baseURL', OCP\Util::linkTo('files_trashbin', 'index.php'). '?dir='.$encodedDir);
+$list->assign('downloadURL', OCP\Util::linkTo('files_trashbin', 'download.php') . '?file='.$encodedDir);
 $list->assign('disableSharing', true);
 $list->assign('dirlisting', $dirlisting);
-$tmpl->assign('dirlisting', $dirlisting);
 $list->assign('disableDownloadActions', true);
+
+$tmpl->assign('dirlisting', $dirlisting);
 $tmpl->assign('breadcrumb', $breadcrumbNav->fetchPage());
 $tmpl->assign('fileList', $list->fetchPage());
 $tmpl->assign('files', $files);

From c0b210f0d5b4953fc9a437d82ac6af1a4b482909 Mon Sep 17 00:00:00 2001
From: Victor Dubiniuk <victor.dubiniuk@gmail.com>
Date: Fri, 5 Jul 2013 15:02:41 +0300
Subject: [PATCH 4/4] Add unit test

---
 tests/lib/util.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/lib/util.php b/tests/lib/util.php
index 1f25382592..9742d57ac7 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -37,6 +37,12 @@ class Test_Util extends PHPUnit_Framework_TestCase {
 		$result = OC_Util::sanitizeHTML($goodString);
 		$this->assertEquals("This is an harmless string.", $result);
 	}
+	
+	function testEncodePath(){
+		$component = '/§#@test%&^ä/-child';
+		$result = OC_Util::encodePath($component);
+		$this->assertEquals("/%C2%A7%23%40test%25%26%5E%C3%A4/-child", $result);
+	}
 
 	function testGenerate_random_bytes() {
 		$result = strlen(OC_Util::generate_random_bytes(59));