mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
Merge pull request #60140 from nextcloud/backport/59889/stable33
[stable33] fix(files): escape html entities in dav search requests
This commit is contained in:
Kent Delante
GitHub
commit
b3b789e7ad
7 changed files with 11 additions and 10 deletions
|
|
@ -9,6 +9,7 @@ import type { ResponseDataDetailed, SearchResult } from 'webdav'
|
|||
import { getCurrentUser } from '@nextcloud/auth'
|
||||
import { defaultRootPath, getDavNameSpaces, getDavProperties, resultToNode } from '@nextcloud/files/dav'
|
||||
import { getBaseUrl } from '@nextcloud/router'
|
||||
import escapeHTML from 'escape-html'
|
||||
import logger from '../logger.ts'
|
||||
import { client } from './WebdavClient.ts'
|
||||
|
||||
|
|
@ -56,7 +57,7 @@ export async function searchNodes(query: string, { dir, signal }: SearchNodesOpt
|
|||
</d:select>
|
||||
<d:from>
|
||||
<d:scope>
|
||||
<d:href>/files/${user.uid}${dir || ''}</d:href>
|
||||
<d:href>/files/${user.uid}${dir ? escapeHTML(dir) : ''}</d:href>
|
||||
<d:depth>infinity</d:depth>
|
||||
</d:scope>
|
||||
</d:from>
|
||||
|
|
|
|||
4
dist/files-init.js
vendored
4
dist/files-init.js
vendored
File diff suppressed because one or more lines are too long
2
dist/files-init.js.map
vendored
2
dist/files-init.js.map
vendored
File diff suppressed because one or more lines are too long
4
dist/files-main.js
vendored
4
dist/files-main.js
vendored
File diff suppressed because one or more lines are too long
2
dist/files-main.js.map
vendored
2
dist/files-main.js.map
vendored
File diff suppressed because one or more lines are too long
4
dist/files_sharing-init-public.js
vendored
4
dist/files_sharing-init-public.js
vendored
File diff suppressed because one or more lines are too long
2
dist/files_sharing-init-public.js.map
vendored
2
dist/files_sharing-init-public.js.map
vendored
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue