about summary refs log tree commit diff stats
path: root/src/loader/ftp.nim
diff options
context:
space:
mode:
Diffstat (limited to 'src/loader/ftp.nim')
-rw-r--r--src/loader/ftp.nim19
1 files changed, 11 insertions, 8 deletions
diff --git a/src/loader/ftp.nim b/src/loader/ftp.nim
index c9ddcf13..84693cb3 100644
--- a/src/loader/ftp.nim
+++ b/src/loader/ftp.nim
@@ -56,7 +56,7 @@ proc curlWriteHeader(p: cstring, size: csize_t, nitems: csize_t,
 <TITLE>""" & op.path & """</TITLE>
 </HEAD>
 <BODY>
-<H1>Index of """ & op.path & """</H1>
+<H1>Index of """ & htmlEscape(op.path) & """</H1>
 <PRE>
 <A HREF="..">
 [Upper Directory]</A>"""):
@@ -76,7 +76,7 @@ proc curlWriteHeader(p: cstring, size: csize_t, nitems: csize_t,
 <HEAD>
 <TITLE>Unauthorized</TITLE>
 </HEAD>
-<BODY><PRE>""" & line)
+<BODY><PRE>""" & htmlEscape(line))
       return 0
   return nitems
 
@@ -136,17 +136,20 @@ proc finish(op: CurlHandle) =
       let linki = name.find(x)
       let linkfrom = name.substr(0, linki - 1)
       let linkto = name.substr(linki + 4) # you?
+      let path = percentEncode(linkfrom, PathPercentEncodeSet)
       discard op.handle.sendData("""
-<A HREF="""" & linkfrom & """"">
-""" & name & """@ (-> """ & linkto & """)</A>""")
+<A HREF="""" & path & """"">
+""" & htmlEscape(linkfrom) & """@ (-> """ & htmlEscape(linkto) & """)</A>""")
     of 'd': # directory
+      let path = percentEncode(name, PathPercentEncodeSet)
       discard op.handle.sendData("""
-<A HREF="""" & name & """/">
-""" & name & """/</A>""")
+<A HREF="""" & path & """/">
+""" & htmlEscape(name) & """/</A>""")
     else: # file
+      let path = percentEncode(name, PathPercentEncodeSet)
       discard op.handle.sendData("""
-<A HREF="""" & name & """">
-""" & name & """ (""" & $nsize & """)</A>""")
+<A HREF="""" & path & """">
+""" & htmlEscape(name) & """ (""" & $nsize & """)</A>""")
   discard op.handle.sendData("""
 </PRE>
 </BODY>
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-01-24 02:38:22 +0000