TonBERRY/tonberry-pico
3
0
Fork 0
Code Issues 9 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

fix: frontend: Correctly escape filenames in URL parameters
All checks were successful
Build RPi Pico firmware image / Build-Firmware (push) Successful in 4m56s
Details
Check code formatting / Check-C-Format (push) Successful in 8s
Details
Check code formatting / Check-Python-Flake8 (push) Successful in 10s
Details
Check code formatting / Check-Bash-Shellcheck (push) Successful in 5s
Details
Run unit tests on host / Run-Unit-Tests (push) Successful in 9s
Details
Run pytests / Check-Pytest (push) Successful in 11s
Details

Browse Source 
Signed-off-by: Matthias Blankertz <matthias@blankertz.org>
This commit is contained in:
Matthias Blankertz
2026-01-27 18:15:15 +01:00
parent 3537a2f1bb
commit 0a20b70478
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
software/frontend/index.html
View File

@@ -938,7 +938,7 @@
} }
} }
}; };
xhr.open("POST", `/api/v1/audiofiles?type=file&location=${location}`); xhr.open("POST", `/api/v1/audiofiles?type=file&location=${encodeURIComponent(location)}`);
xhr.overrideMimeType("audio/mpeg"); xhr.overrideMimeType("audio/mpeg");
xhr.send(files[0]); xhr.send(files[0]);
} }
@@ -956,7 +956,7 @@
const location = selectedNodes.length === 1 const location = selectedNodes.length === 1
? selectedNodes[0].getAttribute('data-path') + '/' + name.value ? selectedNodes[0].getAttribute('data-path') + '/' + name.value
: '/' + name.value; : '/' + name.value;
const saveRes = await fetch(`/api/v1/audiofiles?type=directory&location=${location}`, const saveRes = await fetch(`/api/v1/audiofiles?type=directory&location=${encodeURIComponent(location)}`,
{method: 'POST'}); {method: 'POST'});
// Reload file list from device // Reload file list from device
onShow('refresh'); onShow('refresh');
@@ -973,7 +973,7 @@
items.sort(); items.sort();
items.reverse(); items.reverse();
for (const item of items) { for (const item of items) {
const saveRes = await fetch(`/api/v1/audiofiles?location=${item}`, const saveRes = await fetch(`/api/v1/audiofiles?location=${encodeURIComponent(item)}`,
{method: 'DELETE'}); {method: 'DELETE'});
if (!saveRes.ok) { if (!saveRes.ok) {
alert(`Failed to delete item ${item}: ${await saveRes.text()}`); alert(`Failed to delete item ${item}: ${await saveRes.text()}`);