tagliatelle

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit d30b161cc120dcd0aab229c528d56067cf66918f
parent e95dd94f8b0553bb3e9b87137239086280c7c26f
Author: breadcat <breadcat@users.noreply.github.com>
Date:   Mon, 23 Mar 2026 17:33:20 +0000

Escape quote marks

Fixes deleting tags with apostrophes

Diffstat:

Minclude-files.go | 2+-


Minclude-viewer.go | 40++++++++++++++++++++--------------------


2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/include-files.go b/include-files.go
@@ -23,7 +23,7 @@ func fileRouter(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if len(parts) >= 7 && parts[3] == "tag" {
+	if len(parts) >= 5 && parts[3] == "tag" && parts[4] == "delete" {
 		tagActionHandler(w, r, parts)
 		return
 	}
diff --git a/include-viewer.go b/include-viewer.go
@@ -3,6 +3,7 @@ package main
 import (
 	"database/sql"
 	"fmt"
+	"html"
 	"net"
 	"net/http"
 	"net/url"
@@ -167,29 +168,28 @@ func getLocalIP() (string, error) {
 }
 
 func tagActionHandler(w http.ResponseWriter, r *http.Request, parts []string) {
-    fileID := parts[2]
+	fileID := parts[2]
 
-    if r.Method != http.MethodPost {
-        http.Redirect(w, r, "/file/"+fileID, http.StatusSeeOther)
-        return
-    }
-
-    cat := strings.TrimSpace(r.FormValue("category"))
-    val := strings.TrimSpace(r.FormValue("value"))
+	if r.Method != http.MethodPost {
+		http.Redirect(w, r, "/file/"+fileID, http.StatusSeeOther)
+		return
+	}
 
-    if cat != "" && val != "" {
-        var tagID int
-        db.QueryRow(`
-            SELECT t.id
-            FROM tags t
-            JOIN categories c ON c.id=t.category_id
-            WHERE c.name=? AND t.value=?`, cat, val).Scan(&tagID)
-        if tagID != 0 {
-            db.Exec("DELETE FROM file_tags WHERE file_id=? AND tag_id=?", fileID, tagID)
-        }
-    }
+	cat := strings.TrimSpace(html.UnescapeString(r.FormValue("category")))
+	val := strings.TrimSpace(html.UnescapeString(r.FormValue("value")))
 
-    http.Redirect(w, r, "/file/"+fileID, http.StatusSeeOther)
+	if cat != "" && val != "" {
+		var tagID int
+		db.QueryRow(`
+			SELECT t.id
+			FROM tags t
+			JOIN categories c ON c.id=t.category_id
+			WHERE c.name=? AND t.value=?`, cat, val).Scan(&tagID)
+		if tagID != 0 {
+			db.Exec("DELETE FROM file_tags WHERE file_id=? AND tag_id=?", fileID, tagID)
+		}
+	}
+	http.Redirect(w, r, "/file/"+fileID, http.StatusSeeOther)
 }
 
 func getOrCreateCategoryAndTag(category, value string) (int, int, error) {