commit c08111a743d5e995729a25771c656a71a46f6d24
parent ac8385c64c56db286bb7fd4525f3c4169dbe6919
Author: breadcat <breadcat@users.noreply.github.com>
Date: Mon, 22 Sep 2025 18:49:43 +0100
Use escaped filenames in templates
Diffstat:
4 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/main.go b/main.go
@@ -27,6 +27,7 @@ var (
type File struct {
ID int
Filename string
+ EscapedFilename string
Path string
Tags map[string]string
}
@@ -275,6 +276,7 @@ func listFilesHandler(w http.ResponseWriter, r *http.Request) {
for rows.Next() {
var f File
rows.Scan(&f.ID, &f.Filename, &f.Path)
+ f.EscapedFilename = url.PathEscape(f.Filename)
tagged = append(tagged, f)
}
@@ -291,6 +293,7 @@ func listFilesHandler(w http.ResponseWriter, r *http.Request) {
for untaggedRows.Next() {
var f File
untaggedRows.Scan(&f.ID, &f.Filename, &f.Path)
+ f.EscapedFilename = url.PathEscape(f.Filename)
untagged = append(untagged, f)
}
@@ -323,6 +326,7 @@ func untaggedFilesHandler(w http.ResponseWriter, r *http.Request) {
for rows.Next() {
var f File
rows.Scan(&f.ID, &f.Filename, &f.Path)
+ f.EscapedFilename = url.PathEscape(f.Filename)
files = append(files, f)
}
diff --git a/templates/file.html b/templates/file.html
@@ -2,13 +2,13 @@
<h2>File: {{.Data.File.Filename}}</h2>
{{if hasAnySuffix .Data.File.Filename ".jpg" ".jpeg" ".png" ".gif" ".webp"}}
- <img src="/uploads/{{.Data.File.Filename}}" style="max-width:400px"><br>
+ <img src="/uploads/{{.Data.EscapedFilename}}" style="max-width:400px"><br>
{{else if hasAnySuffix .Data.File.Filename ".mp4" ".webm" ".mov"}}
<video controls width="400">
- <source src="/uploads/{{.Data.File.Filename}}">
+ <source src="/uploads/{{.Data.EscapedFilename}}">
</video><br>
{{else}}
- <a href="/uploads/{{.Data.File.Filename}}">Download file</a><br>
+ <a href="/uploads/{{.Data.EscapedFilename}}">Download file</a><br>
{{end}}
<h3>Raw URL</h3>
diff --git a/templates/list.html b/templates/list.html
@@ -8,10 +8,10 @@
<li>
<a href="/file/{{.ID}}">{{.Filename}}</a><br>
{{if hasAnySuffix .Filename ".jpg" ".jpeg" ".png" ".gif" ".webp"}}
- <img src="/uploads/{{.Filename}}" style="max-width:150px">
+ <img src="/uploads/{{.EscapedFilename}}" style="max-width:150px">
{{else if hasAnySuffix .Filename ".mp4" ".webm" ".mov"}}
<video width="150" controls>
- <source src="/uploads/{{.Filename}}">
+ <source src="/uploads/{{.EscapedFilename}}">
</video>
{{end}}
</li>
@@ -28,10 +28,10 @@
<li>
<a href="/file/{{.ID}}">{{.Filename}}</a><br>
{{if hasAnySuffix .Filename ".jpg" ".jpeg" ".png" ".gif" ".webp"}}
- <img src="/uploads/{{.Filename}}" style="max-width:150px">
+ <img src="/uploads/{{.EscapedFilename}}" style="max-width:150px">
{{else if hasAnySuffix .Filename ".mp4" ".webm" ".mov"}}
<video width="150" controls>
- <source src="/uploads/{{.Filename}}">
+ <source src="/uploads/{{.EscapedFilename}}">
</video>
{{end}}
</li>
diff --git a/templates/untagged.html b/templates/untagged.html
@@ -6,10 +6,10 @@
<li>
<a href="/file/{{.ID}}">{{.Filename}}</a><br>
{{if hasAnySuffix .Filename ".jpg" ".jpeg" ".png" ".gif" ".webp"}}
- <img src="/uploads/{{.Filename}}" style="max-width:150px">
+ <img src="/uploads/{{.EscapedFilename}}" style="max-width:150px">
{{else if hasAnySuffix .Filename ".mp4" ".webm" ".mov"}}
- <video width="150" controls>
- <source src="/uploads/{{.Filename}}">
+ <video width="150" controls muted>
+ <source src="/uploads/{{.EscapedFilename}}">
</video>
{{end}}
</li>
