[Libreoffice-commits] online.git: 2 commits - loleaflet/main.js loleaflet/src loolwsd/DocumentBroker.cpp loolwsd/LOOLWSD.cpp

[Pranav Kant]

 loleaflet/main.js            |    2 +-
 loleaflet/src/core/Socket.js |    2 +-
 loolwsd/DocumentBroker.cpp   |   15 +++++++++++++++
 loolwsd/LOOLWSD.cpp          |    4 +---
 4 files changed, 18 insertions(+), 5 deletions(-)

New commits:
commit 1618f6be4d14412627eb8195dcd8f3cdfe766958
Author: Pranav Kant <pranavk at collabora.co.uk>
Date:   Thu Nov 17 12:36:48 2016 +0530

    loolwsd: Decode the encoded access_token before CheckFileInfo
    
    Change-Id: Ia4511803ca5570ad5675e00c99108fd32360734d

diff --git a/loolwsd/DocumentBroker.cpp b/loolwsd/DocumentBroker.cpp
index a71d405..6cc4847 100644
--- a/loolwsd/DocumentBroker.cpp
+++ b/loolwsd/DocumentBroker.cpp
@@ -111,6 +111,21 @@ Poco::URI DocumentBroker::sanitizeURI(const std::string& uri)
         throw std::runtime_error("Invalid URI.");
     }
 
+    // We decoded access token before embedding it in loleaflet.html
+    // So, we need to decode it now to get its actual value
+    Poco::URI::QueryParameters queryParams = uriPublic.getQueryParameters();
+    for (auto& param: queryParams)
+    {
+        // look for encoded query params (access token as of now)
+        if (param.first == "access_token")
+        {
+            std::string decodedToken;
+            Poco::URI::decode(param.second, decodedToken);
+            param.second = decodedToken;
+        }
+    }
+    uriPublic.setQueryParameters(queryParams);
+
     return uriPublic;
 }
 
commit 8a1ac91fa66efe4ec647e4202bea1cb2ac9f0b57
Author: Pranav Kant <pranavk at collabora.co.uk>
Date:   Thu Nov 17 12:31:25 2016 +0530

    loolwsd: Prevent double decoding
    
    Change-Id: I5927e0113505ffcc167e16700db7c2f6408ed3b7

diff --git a/loleaflet/main.js b/loleaflet/main.js
index 73fbd5c..93e8511 100644
--- a/loleaflet/main.js
+++ b/loleaflet/main.js
@@ -81,7 +81,7 @@ global.errorMessages = errorMessages;
 var docURL, docParams;
 var isWopi = false;
 if (wopiSrc != '') {
-    docURL = wopiSrc;
+	docURL = decodeURIComponent(wopiSrc);
 	docParams = wopiParams;
 	isWopi = true;
 } else {
diff --git a/loleaflet/src/core/Socket.js b/loleaflet/src/core/Socket.js
index e8b342b..e9efbee 100644
--- a/loleaflet/src/core/Socket.js
+++ b/loleaflet/src/core/Socket.js
@@ -81,7 +81,7 @@ L.Socket = L.Class.extend({
 		// TODO: Move the version number somewhere sensible.
 		this._doSend('loolclient ' + this.ProtocolVersionNumber);
 
-		var msg = 'load url=' + this._map.options.doc;
+		var msg = 'load url=' + encodeURIComponent(this._map.options.doc);
 		if (this._map._docLayer) {
 			// we are reconnecting after a lost connection
 			msg += ' part=' + this._map.getCurrentPartNumber();
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index bbbf24c..8a3fd40 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -1126,9 +1126,7 @@ public:
                     // sending incomplete frames.
                     ws->setBlocking(true);
                     ws->setSendTimeout(WS_SEND_TIMEOUT_MS * 1000);
-                    std::string decodedUri;
-                    URI::decode(reqPathTokens[1], decodedUri);
-                    handleGetRequest(decodedUri, ws, id);
+                    handleGetRequest(reqPathTokens[1], ws, id);
                 }
                 catch (const WebSocketErrorMessageException& exc)
                 {