properly encode paths

Author: Maneren

app/src/components/breadcrumbs.rs

@@ -2,7 +2,7 @@ use std::path::PathBuf;
 
 use leptos::prelude::*;
 
-use crate::utils::os_to_string;
+use crate::utils::{display_os_string, encode_path};
 
 #[component]
 pub fn Breadcrumbs(path: Signal<PathBuf>) -> impl IntoView {
@@ -11,11 +11,11 @@ pub fn Breadcrumbs(path: Signal<PathBuf>) -> impl IntoView {
             path.iter()
                 .scan(PathBuf::new(), |path, part| {
                     path.push(part);
-                    let path = format!("/index/{}", path.display());
+                    let path = format!("/index/{}", encode_path(&path));
 
                     Some(view! {
                       <li>
-                        <a href=path>{os_to_string(part)}</a>
+                        <a href=path>{display_os_string(part)}</a>
                       </li>
                     })
                 })

app/src/components/file_entries.rs

@@ -6,7 +6,10 @@ use icon::Icon;
 use leptos::{either::Either, prelude::*};
 use leptos_router::components::A;
 
-use crate::{server::Entries, utils::format_bytes};
+use crate::{
+    server::Entries,
+    utils::{encode_path, format_bytes},
+};
 
 #[derive(Debug, Clone, Copy, PartialEq, PartialOrd, Ord, Eq)]
 pub enum EntryType {
@@ -23,14 +26,15 @@ pub struct Entry {
     relative_time: String,
 }
 
-pub fn EntryComponent(data: Entry) -> impl IntoView {
+#[component]
+pub fn EntryComponent(entry: Entry) -> impl IntoView {
     let Entry {
         type_,
         href,
         name,
         size,
         relative_time,
-    } = data;
+    } = entry;
 
     let inner = view! {
       <div class="grid gap-2 w-full entry grid-cols-(--entry-cols-mobile) md:grid-cols-(--entry-cols)">
@@ -74,7 +78,7 @@ pub fn FileEntries(path: Signal<PathBuf>, entries: Entries) -> impl IntoView {
                 last_modified,
             } => Entry {
                 type_: EntryType::File,
-                href: format!("/files/{}", path.join(&name).display()),
+                href: format!("/files/{}", encode_path(path.join(&name))),
                 name: name.clone(),
                 size: Some(format_bytes(size)),
                 relative_time: last_modified.humanize(),
@@ -84,7 +88,7 @@ pub fn FileEntries(path: Signal<PathBuf>, entries: Entries) -> impl IntoView {
                 last_modified,
             } => Entry {
                 type_: EntryType::Folder,
-                href: format!("/index/{}", path.join(&name).display()),
+                href: format!("/index/{}", encode_path(path.join(&name))),
                 name: name.clone(),
                 size: None,
                 relative_time: last_modified.humanize(),
@@ -94,7 +98,11 @@ pub fn FileEntries(path: Signal<PathBuf>, entries: Entries) -> impl IntoView {
 
     entries.sort_unstable();
 
-    Either::Right(
-        view! { <div class="file-view">{entries.into_iter().map(EntryComponent).collect_view()}</div> },
-    )
+    Either::Right(view! {
+      <div class="file-view">
+        <For each=move || entries.clone() key=|entry| entry.href.clone() let:entry>
+          <EntryComponent entry=entry />
+        </For>
+      </div>
+    })
 }

app/src/components/folder_download.rs

@@ -2,19 +2,21 @@ use std::path::PathBuf;
 
 use leptos::prelude::*;
 
+use crate::utils::display_os_string;
+
 #[component]
 pub fn FolderDownloads(path: Signal<PathBuf>) -> impl IntoView {
     let method_list = move || {
-        let display_path = path.with(|path| path.display().to_string());
+        let path = path.with(|path| display_os_string(path));
         ["zip", "tar", "tar.gz", "tar.zst"].map(|method| {
-      view! {
-        <li>
-          <a href=format!("/archive/{display_path}?method={method}") class="px-3 min-w-20" download>
-            {method}
-          </a>
-        </li>
-      }
-    })
+            view! {
+              <li>
+                <a href=format!("/archive/{path}?method={method}") class="px-3 min-w-20" download>
+                  {method}
+                </a>
+              </li>
+            }
+        })
     };
 
     view! {

app/src/components/new_folder.rs

@@ -2,7 +2,7 @@ use std::path::PathBuf;
 
 use leptos::{html::Input, prelude::*};
 
-use crate::{server::NewFolder, utils::os_to_string};
+use crate::{server::NewFolder, utils::display_os_string};
 
 #[component]
 pub fn NewFolderButton(path: Signal<PathBuf>, action: ServerAction<NewFolder>) -> impl IntoView {
@@ -33,11 +33,7 @@ pub fn NewFolderButton(path: Signal<PathBuf>, action: ServerAction<NewFolder>) -
                 name="name"
                 autofocus
               />
-              <input
-                type="hidden"
-                name="path"
-                value=move || os_to_string(path.read().as_os_str())
-              />
+              <input type="hidden" name="path" value=move || path.with(|path| display_os_string(path)) />
               <div class="modal-action">
                 <button class="btn" type="reset" onclick="new_folder_modal.close()">
                   Cancel

app/src/server.rs

@@ -54,7 +54,10 @@ pub async fn list_dir(path: PathBuf) -> Result<Entries, ServerFnError> {
     let mut directory = fs::read_dir(path).await?;
 
     while let Some(entry) = directory.next_entry().await? {
-        let name = entry.file_name().to_string_lossy().into_owned();
+        let name = entry
+            .file_name()
+            .into_string()
+            .expect("Filename is valid UTF-8");
         let metadata = entry.metadata().await?;
         let last_modified = metadata.modified()?.into();
 

app/src/utils.rs

@@ -1,4 +1,7 @@
-use std::time::{self, UNIX_EPOCH};
+use std::{
+    borrow::Cow,
+    time::{self, UNIX_EPOCH},
+};
 
 use chrono::{DateTime, TimeZone, Utc};
 use chrono_humanize::Humanize;
@@ -49,10 +52,18 @@ impl SystemTime {
 
 use std::ffi::OsStr;
 
-pub fn os_to_string(str: impl AsRef<OsStr>) -> String {
+pub fn display_os_string(str: impl AsRef<OsStr>) -> String {
     str.as_ref().to_string_lossy().to_string()
 }
 
+pub fn encode_path(path: impl AsRef<OsStr>) -> String {
+    urlencoding::encode(path.as_ref().to_string_lossy().as_ref()).into_owned()
+}
+
+pub fn try_decode_path(path: &str) -> Cow<'_, str> {
+    urlencoding::decode(path).unwrap_or(Cow::Borrowed(path))
+}
+
 #[allow(clippy::cast_possible_truncation)]
 #[allow(clippy::cast_possible_wrap)]
 #[allow(clippy::cast_sign_loss)]

server/src/fileserv.rs

@@ -9,7 +9,10 @@ use axum::{
     http::{HeaderValue, Request, StatusCode, Uri, header},
     response::IntoResponse,
 };
-use file_share_app::{AppConfig, AppState, shell, utils::format_bytes};
+use file_share_app::{
+    AppConfig, AppState, shell,
+    utils::{format_bytes, try_decode_path},
+};
 use leptos::{logging, prelude::provide_context};
 use rust_embed::RustEmbed;
 use tokio::io::AsyncWriteExt;
@@ -56,7 +59,12 @@ pub async fn handle_archive_with_path<'a>(
     Query(params): Query<HashMap<String, String>>,
 ) -> impl IntoResponse + use<'a> {
     logging::log!("Handling archive with path '{path:?}' and params '{params:?}'");
-    handle_archive(target_dir, params.get("method"), path).await
+    handle_archive(
+        target_dir,
+        params.get("method"),
+        try_decode_path(&path).as_ref(),
+    )
+    .await
 }
 
 /// Handles archive requests.
@@ -66,14 +74,14 @@ pub async fn handle_archive_without_path(
     Query(params): Query<HashMap<String, String>>,
 ) -> impl IntoResponse + use<> {
     logging::log!("Handling archive without path and with params '{params:?}'");
-    handle_archive(target_dir, params.get("method"), String::new()).await
+    handle_archive(target_dir, params.get("method"), "").await
 }
 
 #[allow(clippy::unused_async)] // has to be in an async context, but doesn't await directly
 async fn handle_archive(
     base_dir: PathBuf,
     method: Option<&String>,
-    path: String,
+    path: &str,
 ) -> impl IntoResponse + use<> {
     let method = method.map_or_else(Default::default, String::as_str);