From a3476238d40dc2f53e5156d8e68abcc37d0fa162 Mon Sep 17 00:00:00 2001
From: Andrew Pamment <apamment@yandex.com>
Date: Thu, 22 Feb 2018 21:27:50 +1000
Subject: [PATCH] Fix tinys crashes.

---
 src/www.c       |  32 +++++++--------
 src/www_files.c | 107 +++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 118 insertions(+), 21 deletions(-)

diff --git a/src/www.c b/src/www.c
index dfcc3b5..11b3763 100644
--- a/src/www.c
+++ b/src/www.c
@@ -897,24 +897,24 @@ int www_handler(void * cls, struct MHD_Connection * connection, const char * url
 					if (conf.file_directories[file_dir]->display_on_web) {
 						// send file
 						filename = www_files_get_from_area(file_dir, file_sub, filen);
-						mime = NULL;
-						// get mimetype
-						for (i=strlen(filename);i>0;--i) {
-							if (filename[i] == '.') {
-								mime = www_get_mime_type(&filename[i+1]);
-								break;
-							}
-							if (filename[i] == '/') {
-								mime = www_get_mime_type(NULL);
-								break;
-							}
-						}
-
-						if (mime = NULL) {
-							mime = www_get_mime_type(NULL);
-						}					
 						free(filen);
 						if (filename != NULL) {
+							mime = NULL;
+							// get mimetype
+							for (i=strlen(filename);i>0;--i) {
+								if (filename[i] == '.') {
+									mime = www_get_mime_type(&filename[i+1]);
+									break;
+								}
+								if (filename[i] == '/') {
+									mime = www_get_mime_type(NULL);
+									break;
+								}
+							}
+
+							if (mime = NULL) {
+								mime = www_get_mime_type(NULL);
+							}												
 							if (stat(filename, &s) == 0 && S_ISREG(s.st_mode)) {
 								fno = open(filename, O_RDONLY);
 								if (fno != -1) {
diff --git a/src/www_files.c b/src/www_files.c
index f5fa0a3..a32e331 100644
--- a/src/www_files.c
+++ b/src/www_files.c
@@ -11,6 +11,57 @@ extern struct bbs_config conf;
 extern struct user_record *gUser;
 extern char * aha(char *input);
 
+static char *www_decode(char *clean_url) {
+    char *url = (char *)malloc(strlen(clean_url) + 1);
+    int i;
+    int j = 0;
+    unsigned char c;
+    if (clean_url == NULL) {
+        free(url);
+        return NULL;
+    }
+
+    for (i=0;i<strlen(clean_url);i++) {
+        if (clean_url[i] == '%') {
+            c = clean_url[i+1] * 16 + clean_url[i+2];
+            url[j++] = (char)c;
+            url[j] = '\0';
+            i+=2;
+        } else {
+            url[j++] = clean_url[i];
+            url[j] = '\0';
+        }
+    }
+
+    return url;
+}
+
+static char *www_encode(char *url) {
+    char *clean_url = (char *)malloc(strlen(url) * 3 + 1);
+    int i;
+    int j;
+
+    if (url == NULL) {
+        free(clean_url);
+        return NULL;
+    }
+
+    j = 0;
+    memset(clean_url, 0, strlen(url) * 3);
+
+    for (i=0;i<strlen(url);i++) {
+        if (isalnum(url[i]) || url[i] == '~' || url[i] == '.' || url[i] == '_') {
+            sprintf(&clean_url[j], "%c", url[i]);
+            j++;
+        } else {
+            sprintf(&clean_url[j], "%%%02X", url[i]);
+            j+=3;
+        }
+    }
+
+    return clean_url;
+}
+
 void www_expire_old_links() {
     char buffer[PATH_MAX];
 	sqlite3 *db;
@@ -243,6 +294,7 @@ char *www_files_display_listing(int dir, int sub) {
     sqlite3_stmt *res;
     int rc;
     int i;
+    char *clean_url;
 
   	page = (char *)malloc(4096);
 	max_len = 4096;
@@ -281,7 +333,9 @@ char *www_files_display_listing(int dir, int sub) {
     
 	while (sqlite3_step(res) == SQLITE_ROW) {
         filename = strdup(sqlite3_column_text(res, 1));
-        snprintf(buffer, 4096, "<tr><td class=\"filename\"><a href=\"%sfiles/areas/%d/%d/%s\">%s</a></td>", conf.www_url, dir, sub, basename(filename), basename(filename));
+        clean_url = www_encode(basename(filename));
+        snprintf(buffer, 4096, "<tr><td class=\"filename\"><a href=\"%sfiles/areas/%d/%d/%s\">%s</a></td>", conf.www_url, dir, sub, basename(clean_url), basename(filename));
+        free(clean_url);
         free(filename);
         if (len + strlen(buffer) > max_len - 1) {
 		    max_len += 4096;
@@ -410,17 +464,60 @@ char *www_files_areas() {
     return page;
 }
 
-char *www_files_get_from_area(int dir, int sub, char *file) {
-    char *sql = "SELECT filename FROM files WHERE approved=1 AND filename LIKE ?";
+char *www_files_get_from_area(int dir, int sub, char *clean_file) {
+    char *sql = "SELECT filename FROM files WHERE approved=1 AND filename LIKE ? ESCAPE \"^\"";
     char *filenamelike;
 	sqlite3 *db;
     sqlite3_stmt *res;
     int rc;
     char buffer[PATH_MAX];
     char *ret = NULL;
+    int i;
+    int extra = 0;
+    int j;
+    char *file;
 
-    filenamelike = (char *)malloc(strlen(file) + 3);
-    sprintf(filenamelike, "%%/%s", file);
+    file = www_decode(clean_file);
+
+    for (i=0;i<strlen(file);i++) {
+        if (file[i] == '^' || file[i] == '%' || file[i] == '_') {
+            extra++;
+        }
+    }
+
+    filenamelike = (char *)malloc(strlen(file) + 3 + extra);
+
+    i = 0;
+    filenamelike[i++] = '%';
+    filenamelike[i] = '\0';
+
+    for (j = 0; j < strlen(file); j++) {
+        switch(file[j]) {
+            case '^':
+                filenamelike[i++] = '^';
+                filenamelike[i++] = '^';
+                filenamelike[i] = '\0';
+                break;
+            case '_':
+                filenamelike[i++] = '^';
+                filenamelike[i++] = '_';
+                filenamelike[i] = '\0';
+                break;
+            case '%':
+                filenamelike[i++] = '^';
+                filenamelike[i++] = '%';
+                filenamelike[i] = '\0';
+                break;
+            default:
+                filenamelike[i++] = file[j];
+                filenamelike[i] = '\0';
+                break;                
+        }
+    }
+
+ //   sprintf(filenamelike, "%%/%s", file);
+
+    free(file);
 
 	snprintf(buffer, PATH_MAX, "%s/%s.sq3", conf.bbs_path, conf.file_directories[dir]->file_subs[sub]->database);