Cleaned up sharing of files

Co-authored-by: LarsVomMars <lars@kroenner.eu>
author: Marvin Borner 2019-05-01 22:32:25 +0200
committer: Marvin Borner 2019-05-01 22:32:25 +0200
commit: 22797dde022a398b34a91ba24e2bdd89be3f36f8 (patch)
tree: 7bc99091aa76ca0ee6a06efd73c495f38fc7710f /src/main/resources/js
parent: 82afdcd8609342bd7080460e152b6a0e3db5aaff (diff)
1 files changed, 18 insertions, 13 deletions
diff --git a/src/main/resources/js/files.js b/src/main/resources/js/files.js
index 35a25b4..16b59cb 100644
--- a/src/main/resources/js/files.js
+++ b/src/main/resources/js/files.js
@@ -108,19 +108,24 @@ function setListeners() {
         const accessId = location.pathname === '/shared' ? location.search.split('=')[1] : undefined;
         document.querySelectorAll('[data-path], [data-href]').forEach(element => {
             element.addEventListener('click', () => {
-                const request = new XMLHttpRequest();
-                const formData = new FormData();
-                formData.append('accessId', accessId);
-                formData.append('filename', element.getAttribute('data-path') || element.getAttribute('data-href'));
-                request.open('POST', '/share', true);
-                request.onload = () => {
-                    if (request.status === 200 && request.readyState === 4) {
-                        if (request.responseText)
-                            window.location = `/shared?id=${request.responseText}`;
-                        else alert('File not found!');
-                    }
-                };
-                request.send(formData)
+                const filename = '/' + (element.getAttribute('data-path') || element.getAttribute('data-href'));
+                if (filename !== '/../') {
+                    const request = new XMLHttpRequest();
+                    const formData = new FormData();
+                    formData.append('accessId', accessId);
+                    formData.append('filename', filename);
+                    request.open('POST', '/share', true);
+                    request.onload = () => {
+                        if (request.status === 200 && request.readyState === 4) {
+                            if (request.responseText)
+                                window.location = `/shared?id=${request.responseText}`;
+                            else alert('File not found!');
+                        }
+                    };
+                    request.send(formData)
+                } else {
+                    window.location = '../'
+                }
             });
         });
     } else {
author	Marvin Borner	2019-05-01 22:32:25 +0200
committer	Marvin Borner	2019-05-01 22:32:25 +0200
commit	22797dde022a398b34a91ba24e2bdd89be3f36f8 (patch)
tree	7bc99091aa76ca0ee6a06efd73c495f38fc7710f /src/main/resources/js
parent	82afdcd8609342bd7080460e152b6a0e3db5aaff (diff)