From 9f570345a50bdd4606ca8bbe8fae162135cc0f51 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 24 Oct 2012 18:12:50 +0200
Subject: [PATCH] urlencode

---
 apps/files_sharing/public.php | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 47e8ab7fb8..454282df5f 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -23,15 +23,15 @@ if (isset($_GET['token'])) {
 
 function getID($path) {
 	// use the share table from the db to find the item source if the file was reshared because shared files are not stored in the file cache.
-	if (substr(OC_Filesystem::getMountPoint($path), -7, 6) == "Shared") {
+	if (substr(OC_Filesystem::getMountPoint($path), -7, 6) == "Shared") {
 		$path_parts = explode('/', $path, 5);
 		$user = $path_parts[1];
 		$intPath = '/'.$path_parts[4];
 		$query = \OC_DB::prepare('SELECT item_source FROM *PREFIX*share WHERE uid_owner = ? AND file_target = ? ');
 		$result = $query->execute(array($user, $intPath));
 		$row = $result->fetchRow();
-		$fileSource = $row['item_source'];
-	} else {
+		$fileSource = $row['item_source'];
+	} else {
 		$fileSource = OC_Filecache::getId($path, '');
 	}
 	
@@ -42,16 +42,16 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
 	if (isset($_GET['dir'])) {
 		$type = 'folder';
 		$path = $_GET['dir'];
-		if(strlen($path)>1 and substr($path,-1,1)==='/') {
-			$path=substr($path,0,-1);
+		if(strlen($path)>1 and substr($path,-1,1)==='/') {
+			$path=substr($path,0,-1);
 		}
 		$baseDir = $path;
 		$dir = $baseDir;
 	} else {
 		$type = 'file';
 		$path = $_GET['file'];
-		if(strlen($path)>1 and substr($path,-1,1)==='/') {
-			$path=substr($path,0,-1);
+		if(strlen($path)>1 and substr($path,-1,1)==='/') {
+			$path=substr($path,0,-1);
 		}
 	}
 	$uidOwner = substr($path, 1, strpos($path, '/', 1) - 1);
@@ -68,10 +68,10 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
 			}
 			if (isset($linkItem['share_with'])) {
 				// Check password
-				if (isset($_GET['file'])) {
-					$url = OCP\Util::linkToPublic('files').'&file='.$_GET['file'];
-				} else {
-					$url = OCP\Util::linkToPublic('files').'&dir='.$_GET['dir'];
+				if (isset($_GET['file'])) {
+					$url = OCP\Util::linkToPublic('files').'&file='.$_GET['file'];
+				} else {
+					$url = OCP\Util::linkToPublic('files').'&dir='.$_GET['dir'];
 				}
 				if (isset($_POST['password'])) {
 					$password = $_POST['password'];
@@ -167,11 +167,11 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
 					$list = new OCP\Template('files', 'part.list', '');
 					$list->assign('files', $files, false);
 					$list->assign('publicListView', true);
-					$list->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.$_GET['dir'].'&path=', false);
-					$list->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.$_GET['dir'].'&path=', false);
+					$list->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']).'&path=', false);
+					$list->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path=', false);
 					$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '' );
 					$breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
-					$breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.$_GET['dir'].'&path=', false);
+					$breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']).'&path=', false);
 					$folder = new OCP\Template('files', 'index', '');
 					$folder->assign('fileList', $list->fetchPage(), false);
 					$folder->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
@@ -193,7 +193,7 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
 					} else {
 						$getPath = '';
 					}
-					$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.$_GET['dir'].'&path='.$getPath);
+					$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path='.urlencode($getPath));
 				} else {
 					// Show file preview if viewer is available
 					$tmpl->assign('uidOwner', $uidOwner);
@@ -201,14 +201,14 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
 					$tmpl->assign('filename', basename($path));
 					$tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
 					if ($type == 'file') {
-						$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&file='.$_GET['file'].'&download');
+						$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&file='.urlencode($_GET['file']).'&download');
 					} else {
 						if (isset($_GET['path'])) {
 							$getPath = $_GET['path'];
 						} else {
 							$getPath = '';
 						}
-						$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.$_GET['dir'].'&path='.$getPath);
+						$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path='.urlencode($getPath));
 					}
 				}
 				$tmpl->printPage();