From 5bcfa4ac832a9457ed32ff377febf6e284c5e1d5 Mon Sep 17 00:00:00 2001 From: Sheepy Date: Sat, 25 Jun 2022 19:02:02 -0500 Subject: Create directory (#781) * Add ability to make directory Frontend for making directories Fix potential security vulnerability (CWE-23) Add tests Update README.md Disallow using parent directories altogether Fix formatting Fix clippy warnings Address review comments Update README.md Change `making` to `creation` Co-authored-by: Sven-Hendrik Haase Have make directory flag require file upload flag Address review comments * Disallow uploading files and making directories through symlinks when disabled * Add test * Clippy formatting changes * Add test doc comment --- src/renderer.rs | 55 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 13 deletions(-) (limited to 'src/renderer.rs') diff --git a/src/renderer.rs b/src/renderer.rs index 9c8b5bf..75d2c71 100644 --- a/src/renderer.rs +++ b/src/renderer.rs @@ -29,6 +29,7 @@ pub fn page( let (sort_method, sort_order) = (query_params.sort, query_params.order); let upload_action = build_upload_action(&upload_route, encoded_dir, sort_method, sort_order); + let mkdir_action = build_mkdir_action(&upload_route, encoded_dir); let title_path = breadcrumbs .iter() @@ -69,10 +70,20 @@ pub fn page( "#)) - @if conf.file_upload { - div.drag-form { - div.drag-title { - h1 { "Drop your file here to upload it" } + div.toolbar_box_group { + @if conf.file_upload { + div.form { + div.form_title { + h1 { "Drop your file here to upload it" } + } + } + } + + @if conf.mkdir_enabled { + div.form { + div.form_title { + h1 { "Create a new directory" } + } } } } @@ -102,16 +113,29 @@ pub fn page( } } } - @if conf.file_upload { - div.upload { - form id="file_submit" action=(upload_action) method="POST" enctype="multipart/form-data" { - p { "Select a file to upload or drag it anywhere into the window" } - div { - @match &conf.uploadable_media_type { - Some(accept) => {input #file-input accept=(accept) type="file" name="file_to_upload" required="" multiple {}}, - None => {input #file-input type="file" name="file_to_upload" required="" multiple {}} + div.toolbar_box_group { + @if conf.file_upload { + div.toolbar_box { + form id="file_submit" action=(upload_action) method="POST" enctype="multipart/form-data" { + p { "Select a file to upload or drag it anywhere into the window" } + div { + @match &conf.uploadable_media_type { + Some(accept) => {input #file-input accept=(accept) type="file" name="file_to_upload" required="" multiple {}}, + None => {input #file-input type="file" name="file_to_upload" required="" multiple {}} + } + button type="submit" { "Upload file" } + } + } + } + } + @if conf.mkdir_enabled { + div.toolbar_box { + form id="mkdir" action=(mkdir_action) method="POST" enctype="multipart/form-data" { + p { "Specify a directory name to create" } + div.toolbar_box { + input type="text" name="mkdir" required="" placeholder="Directory name" {} + button type="submit" { "Create directory" } } - button type="submit" { "Upload file" } } } } @@ -243,6 +267,11 @@ fn build_upload_action( upload_action } +/// Build the action of the mkdir form +fn build_mkdir_action(mkdir_route: &str, encoded_dir: &str) -> String { + format!("{}?path={}", mkdir_route, encoded_dir) +} + const THEME_PICKER_CHOICES: &[(&str, &str)] = &[ ("Default (light/dark)", "default"), ("Squirrel (light)", "squirrel"), -- cgit v1.2.3