joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor fixes and adjustments

Browse Source
This commit is contained in:
Ryan
2025-04-16 17:15:59 -04:00
committed by GitHub
parent 4ec4ba832f
commit 75d3bf5a9b
15 changed files with 93 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -18,6 +18,15 @@
This refactor improves maintainability, testability, and documentation clarity across all API endpoints. This refactor improves maintainability, testability, and documentation clarity across all API endpoints.
### Refactor fixes and adjustments
- Added fallback checks for disableFormLogin / disableBasicAuth / disableOIDCLogin when coming in either at the top level or under loginOptions.
- Updated auth.js to read and store the nested loginOptions booleans correctly in localStorage, then show/hide the BasicAuth and OIDC buttons as configured.
- Changed the logout controller to header("Location: /index.html?logout=1") so after /api/auth/logout.php it lands on the root index.html, not under /api/auth/.
- Switched your share modal code to use a leading slash ("/api/file/share.php") so it generates absolute URLs instead of relative /share.php.
- In the sharedfolder gallery, adjusted the clientside image path to point at /uploads/... instead of /api/folder/uploads/...
- Updated both AdminModel defaults and the AuthController to use the exact full path
--- ---
## Changes 4/15/2025 ## Changes 4/15/2025

4
config/config.php
View File

@@ -165,8 +165,8 @@ define('BASE_URL', 'http://yourwebsite/uploads/');
if (strpos(BASE_URL, 'yourwebsite') !== false) { if (strpos(BASE_URL, 'yourwebsite') !== false) {
$defaultShareUrl = isset($_SERVER['HTTP_HOST']) $defaultShareUrl = isset($_SERVER['HTTP_HOST'])
? "http://" . $_SERVER['HTTP_HOST'] . "/share.php" ? "http://" . $_SERVER['HTTP_HOST'] . "/share.php"
: "http://localhost/public/api/file/share.php"; : "http://localhost/api/file/share.php";
} else { } else {
$defaultShareUrl = rtrim(BASE_URL, '/') . "api/file/share.php"; $defaultShareUrl = rtrim(BASE_URL, '/') . "/api/file/share.php";
} }
define('SHARE_URL', getenv('SHARE_URL') ? getenv('SHARE_URL') : $defaultShareUrl); define('SHARE_URL', getenv('SHARE_URL') ? getenv('SHARE_URL') : $defaultShareUrl);

4
public/index.html
View File

@@ -15,7 +15,7 @@
<link rel="icon" type="image/png" href="/assets/logo.png"> <link rel="icon" type="image/png" href="/assets/logo.png">
<link rel="icon" type="image/svg+xml" href="/assets/logo.svg"> <link rel="icon" type="image/svg+xml" href="/assets/logo.svg">
<meta name="csrf-token" content=""> <meta name="csrf-token" content="">
<meta name="share-url" content=""> <meta name="share-url" content="/api/file/share.php">
<!-- Google Fonts and Material Icons --> <!-- Google Fonts and Material Icons -->
<link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500&display=swap" rel="stylesheet" /> <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500&display=swap" rel="stylesheet" />
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" /> <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" />
@@ -200,7 +200,7 @@
</div> </div>
<!-- Basic HTTP Login Option --> <!-- Basic HTTP Login Option -->
<div class="text-center mt-3"> <div class="text-center mt-3">
<a href="/public/api/auth/login_basic.php" class="btn btn-secondary" data-i18n-key="basic_http_login">Use Basic HTTP <a href="/api/auth/login_basic.php" class="btn btn-secondary" data-i18n-key="basic_http_login">Use Basic HTTP
Login</a> Login</a>
</div> </div>
</div> </div>

8
public/js/auth.js
View File

@@ -25,7 +25,7 @@ const currentOIDCConfig = {
providerUrl: "https://your-oidc-provider.com", providerUrl: "https://your-oidc-provider.com",
clientId: "YOUR_CLIENT_ID", clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET", clientSecret: "YOUR_CLIENT_SECRET",
redirectUri: "https://yourdomain.com/auth.php?oidc=callback", redirectUri: "https://yourdomain.com/api/auth/auth.php?oidc=callback",
globalOtpauthUrl: "" globalOtpauthUrl: ""
}; };
window.currentOIDCConfig = currentOIDCConfig; window.currentOIDCConfig = currentOIDCConfig;
@@ -51,7 +51,7 @@ function openTOTPLoginModal() {
const isFormLogin = Boolean(window.__lastLoginData); const isFormLogin = Boolean(window.__lastLoginData);
if (!isFormLogin) { if (!isFormLogin) {
// disable BasicAuth link // disable BasicAuth link
const basicLink = document.querySelector("a[href='api/auth/login_basic.php']"); const basicLink = document.querySelector("a[href='/api/auth/login_basic.php']");
if (basicLink) { if (basicLink) {
basicLink.style.pointerEvents = 'none'; basicLink.style.pointerEvents = 'none';
basicLink.style.opacity = '0.5'; basicLink.style.opacity = '0.5';
@@ -80,7 +80,7 @@ function updateLoginOptionsUI({ disableFormLogin, disableBasicAuth, disableOIDCL
const authForm = document.getElementById("authForm"); const authForm = document.getElementById("authForm");
if (authForm) authForm.style.display = disableFormLogin ? "none" : "block"; if (authForm) authForm.style.display = disableFormLogin ? "none" : "block";
const basicAuthLink = document.querySelector("a[href='api/auth/login_basic.php']"); const basicAuthLink = document.querySelector("a[href='/api/auth/login_basic.php']");
if (basicAuthLink) basicAuthLink.style.display = disableBasicAuth ? "none" : "inline-block"; if (basicAuthLink) basicAuthLink.style.display = disableBasicAuth ? "none" : "inline-block";
const oidcLoginBtn = document.getElementById("oidcLoginBtn"); const oidcLoginBtn = document.getElementById("oidcLoginBtn");
if (oidcLoginBtn) oidcLoginBtn.style.display = disableOIDCLogin ? "none" : "inline-block"; if (oidcLoginBtn) oidcLoginBtn.style.display = disableOIDCLogin ? "none" : "inline-block";
@@ -480,7 +480,7 @@ document.addEventListener("DOMContentLoaded", function () {
const oidcLoginBtn = document.getElementById("oidcLoginBtn"); const oidcLoginBtn = document.getElementById("oidcLoginBtn");
if (oidcLoginBtn) { if (oidcLoginBtn) {
oidcLoginBtn.addEventListener("click", () => { oidcLoginBtn.addEventListener("click", () => {
window.location.href = "api/auth/auth.php?oidc=initiate"; window.location.href = "/api/auth/auth.php?oidc=initiate";
}); });
} }

4
public/js/authModals.js
View File

@@ -97,7 +97,7 @@ export function openTOTPLoginModal() {
.then(json => { .then(json => {
if (json.status === "ok") { if (json.status === "ok") {
// recovery succeeded → finalize login // recovery succeeded → finalize login
window.location.href = "index.html"; window.location.href = "/index.html";
} else { } else {
showToast(json.message || t("recovery_code_verification_failed")); showToast(json.message || t("recovery_code_verification_failed"));
} }
@@ -125,7 +125,7 @@ export function openTOTPLoginModal() {
.then(res => res.json()) .then(res => res.json())
.then(json => { .then(json => {
if (json.status === "ok") { if (json.status === "ok") {
window.location.href = "index.html"; window.location.href = "/index.html";
} else { } else {
showToast(json.message || t("totp_verification_failed")); showToast(json.message || t("totp_verification_failed"));
this.value = ""; this.value = "";

2
public/js/fileActions.js
View File

@@ -111,7 +111,7 @@ export function confirmSingleDownload() {
// Build the URL for download.php using GET parameters. // Build the URL for download.php using GET parameters.
const folder = window.currentFolder || "root"; const folder = window.currentFolder || "root";
const downloadURL = "api/file/download.php?folder=" + encodeURIComponent(folder) + const downloadURL = "/api/file/download.php?folder=" + encodeURIComponent(folder) +
"&file=" + encodeURIComponent(window.singleFileToDownload); "&file=" + encodeURIComponent(window.singleFileToDownload);
fetch(downloadURL, { fetch(downloadURL, {

2
public/js/fileListView.js
View File

@@ -197,7 +197,7 @@ export function loadFileList(folderParam) {
.then(response => { .then(response => {
if (response.status === 401) { if (response.status === 401) {
showToast("Session expired. Please log in again."); showToast("Session expired. Please log in again.");
window.location.href = "logout.php"; window.location.href = "/api/auth/logout.php";
throw new Error("Unauthorized"); throw new Error("Unauthorized");
} }
return response.json(); return response.json();

4
public/js/filePreview.js
View File

@@ -65,9 +65,7 @@ export function openShareModal(file, folder) {
.then(response => response.json()) .then(response => response.json())
.then(data => { .then(data => {
if (data.token) { if (data.token) {
let shareEndpoint = document.querySelector('meta[name="share-url"]') const shareEndpoint = `${window.location.origin}/api/file/share.php`;
? document.querySelector('meta[name="share-url"]').getAttribute('content')
: (window.SHARE_URL || "api/file/share.php");
const shareUrl = `${shareEndpoint}?token=${encodeURIComponent(data.token)}`; const shareUrl = `${shareEndpoint}?token=${encodeURIComponent(data.token)}`;
const displayDiv = document.getElementById("shareLinkDisplay"); const displayDiv = document.getElementById("shareLinkDisplay");
const inputField = document.getElementById("shareLinkInput"); const inputField = document.getElementById("shareLinkInput");

2
public/js/folderManager.js
View File

@@ -364,7 +364,7 @@ export async function loadFolderTree(selectedFolder) {
if (response.status === 401) { if (response.status === 401) {
console.error("Unauthorized: Please log in to view folders."); console.error("Unauthorized: Please log in to view folders.");
showToast("Session expired. Please log in again."); showToast("Session expired. Please log in again.");
window.location.href = "logout.php"; window.location.href = "/api/auth/logout.php";
return; return;
} }
let folderData = await response.json(); let folderData = await response.json();

2
public/js/upload.js
View File

@@ -405,7 +405,7 @@ const useResumable = true; // Enable resumable for file picker uploads
let resumableInstance; let resumableInstance;
function initResumableUpload() { function initResumableUpload() {
resumableInstance = new Resumable({ resumableInstance = new Resumable({
target: "api/upload/upload.php", target: "/api/upload/upload.php",
query: { folder: window.currentFolder || "root", upload_token: window.csrfToken }, query: { folder: window.currentFolder || "root", upload_token: window.csrfToken },
chunkSize: 1.5 * 1024 * 1024, // 1.5 MB chunks chunkSize: 1.5 * 1024 * 1024, // 1.5 MB chunks
simultaneousUploads: 3, simultaneousUploads: 3,

61
src/controllers/authController.php
View File

@@ -4,12 +4,14 @@
require_once __DIR__ . '/../../config/config.php'; require_once __DIR__ . '/../../config/config.php';
require_once PROJECT_ROOT . '/src/models/AuthModel.php'; require_once PROJECT_ROOT . '/src/models/AuthModel.php';
require_once PROJECT_ROOT . '/vendor/autoload.php'; require_once PROJECT_ROOT . '/vendor/autoload.php';
require_once PROJECT_ROOT . '/src/models/AdminModel.php';
use RobThree\Auth\Algorithm; use RobThree\Auth\Algorithm;
use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider; use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
use Jumbojett\OpenIDConnectClient; use Jumbojett\OpenIDConnectClient;
class AuthController { class AuthController
{
/** /**
* @OA\Post( * @OA\Post(
@@ -56,7 +58,8 @@ class AuthController {
* *
* @return void Redirects on success or outputs JSON error. * @return void Redirects on success or outputs JSON error.
*/ */
public function auth(): void { public function auth(): void
{
// Global exception handler. // Global exception handler.
set_exception_handler(function ($e) { set_exception_handler(function ($e) {
error_log("Unhandled exception: " . $e->getMessage()); error_log("Unhandled exception: " . $e->getMessage());
@@ -73,20 +76,15 @@ class AuthController {
$oidcAction = 'callback'; $oidcAction = 'callback';
} }
if ($oidcAction) { if ($oidcAction) {
// Load admin configuration for OIDC. // new: delegate to AdminModel
$adminConfigFile = USERS_DIR . 'adminConfig.json'; $cfg = AdminModel::getConfig();
if (file_exists($adminConfigFile)) { // Optional: log to confirm you loaded the right values
$enc = file_get_contents($adminConfigFile); error_log("Loaded OIDC config: " . print_r($cfg['oidc'], true));
$dec = decryptData($enc, $encryptionKey);
$cfg = ($dec !== false) ? json_decode($dec, true) : [];
} else {
$cfg = [];
}
$oidc_provider_url = $cfg['oidc']['providerUrl'] ?? 'https://your-oidc-provider.com';
$oidc_client_id = $cfg['oidc']['clientId'] ?? 'YOUR_CLIENT_ID';
$oidc_client_secret = $cfg['oidc']['clientSecret'] ?? 'YOUR_CLIENT_SECRET';
$oidc_redirect_uri = $cfg['oidc']['redirectUri'] ?? 'https://yourdomain.com/api/auth/auth.php?oidc=callback';
$oidc_provider_url = $cfg['oidc']['providerUrl'];
$oidc_client_id = $cfg['oidc']['clientId'];
$oidc_client_secret = $cfg['oidc']['clientSecret'];
$oidc_redirect_uri = $cfg['oidc']['redirectUri'];
$oidc = new OpenIDConnectClient($oidc_provider_url, $oidc_client_id, $oidc_client_secret); $oidc = new OpenIDConnectClient($oidc_provider_url, $oidc_client_id, $oidc_client_secret);
$oidc->setRedirectURL($oidc_redirect_uri); $oidc->setRedirectURL($oidc_redirect_uri);
@@ -110,7 +108,7 @@ class AuthController {
if ($totp_secret) { if ($totp_secret) {
$_SESSION['pending_login_user'] = $username; $_SESSION['pending_login_user'] = $username;
$_SESSION['pending_login_secret'] = $totp_secret; $_SESSION['pending_login_secret'] = $totp_secret;
header("Location: index.html?totp_required=1"); header("Location: /index.html?totp_required=1");
exit(); exit();
} }
@@ -120,7 +118,7 @@ class AuthController {
$_SESSION["username"] = $username; $_SESSION["username"] = $username;
$_SESSION["isAdmin"] = (AuthModel::getUserRole($username) === "1"); $_SESSION["isAdmin"] = (AuthModel::getUserRole($username) === "1");
$_SESSION["folderOnly"] = loadUserPermissions($username); $_SESSION["folderOnly"] = loadUserPermissions($username);
header("Location: index.html"); header("Location: /index.html");
exit(); exit();
} catch (Exception $e) { } catch (Exception $e) {
error_log("OIDC authentication error: " . $e->getMessage()); error_log("OIDC authentication error: " . $e->getMessage());
@@ -298,7 +296,8 @@ class AuthController {
* *
* @return void Outputs a JSON response with authentication details. * @return void Outputs a JSON response with authentication details.
*/ */
public function checkAuth(): void { public function checkAuth(): void
{
header('Content-Type: application/json'); header('Content-Type: application/json');
$usersFile = USERS_DIR . USERS_FILE; $usersFile = USERS_DIR . USERS_FILE;
@@ -366,7 +365,8 @@ class AuthController {
* *
* @return void Outputs the JSON response. * @return void Outputs the JSON response.
*/ */
public function getToken(): void { public function getToken(): void
{
header('Content-Type: application/json'); header('Content-Type: application/json');
echo json_encode([ echo json_encode([
"csrf_token" => $_SESSION['csrf_token'], "csrf_token" => $_SESSION['csrf_token'],
@@ -400,7 +400,8 @@ class AuthController {
* *
* @return void Redirects on success or sends a 401 header. * @return void Redirects on success or sends a 401 header.
*/ */
public function loginBasic(): void { public function loginBasic(): void
{
// Set header for plain-text or JSON as needed. // Set header for plain-text or JSON as needed.
header('Content-Type: application/json'); header('Content-Type: application/json');
@@ -432,7 +433,7 @@ class AuthController {
// If TOTP is required, store pending values and redirect to prompt for TOTP. // If TOTP is required, store pending values and redirect to prompt for TOTP.
$_SESSION['pending_login_user'] = $username; $_SESSION['pending_login_user'] = $username;
$_SESSION['pending_login_secret'] = $secret; $_SESSION['pending_login_secret'] = $secret;
header("Location: index.html?totp_required=1"); header("Location: /index.html?totp_required=1");
exit; exit;
} }
// Finalize login. // Finalize login.
@@ -442,7 +443,7 @@ class AuthController {
$_SESSION["isAdmin"] = (AuthModel::getUserRole($username) === "1"); $_SESSION["isAdmin"] = (AuthModel::getUserRole($username) === "1");
$_SESSION["folderOnly"] = AuthModel::loadFolderPermission($username); $_SESSION["folderOnly"] = AuthModel::loadFolderPermission($username);
header("Location: index.html"); header("Location: /index.html");
exit; exit;
} }
// Invalid credentials; prompt again. // Invalid credentials; prompt again.
@@ -473,7 +474,8 @@ class AuthController {
* *
* @return void Redirects to index.html with a logout flag. * @return void Redirects to index.html with a logout flag.
*/ */
public function logout(): void { public function logout(): void
{
// Retrieve headers and check CSRF token. // Retrieve headers and check CSRF token.
$headersArr = array_change_key_case(getallheaders(), CASE_LOWER); $headersArr = array_change_key_case(getallheaders(), CASE_LOWER);
$receivedToken = isset($headersArr['x-csrf-token']) ? trim($headersArr['x-csrf-token']) : ''; $receivedToken = isset($headersArr['x-csrf-token']) ? trim($headersArr['x-csrf-token']) : '';
@@ -508,9 +510,14 @@ class AuthController {
// Clear the session cookie. // Clear the session cookie.
if (ini_get("session.use_cookies")) { if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params(); $params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, setcookie(
$params["path"], $params["domain"], session_name(),
$params["secure"], $params["httponly"] '',
time() - 42000,
$params["path"],
$params["domain"],
$params["secure"],
$params["httponly"]
); );
} }
@@ -518,7 +525,7 @@ class AuthController {
session_destroy(); session_destroy();
// Redirect the user to the login page (or index) with a logout flag. // Redirect the user to the login page (or index) with a logout flag.
header("Location: index.html?logout=1"); header("Location: /index.html?logout=1");
exit; exit;
} }
} }

2
src/controllers/fileController.php
View File

@@ -935,7 +935,7 @@ class FileController {
</head> </head>
<body> <body>
<h2>This file is protected by a password.</h2> <h2>This file is protected by a password.</h2>
<form method="get" action="api/file/share.php"> <form method="get" action="/api/file/share.php">
<input type="hidden" name="token" value="<?php echo htmlspecialchars($token, ENT_QUOTES, 'UTF-8'); ?>"> <input type="hidden" name="token" value="<?php echo htmlspecialchars($token, ENT_QUOTES, 'UTF-8'); ?>">
<label for="pass">Password:</label> <label for="pass">Password:</label>
<input type="password" name="pass" id="pass" required> <input type="password" name="pass" id="pass" required>

18
src/controllers/folderController.php
View File

@@ -437,7 +437,7 @@ class FolderController {
<div class="container"> <div class="container">
<h2>Folder Protected</h2> <h2>Folder Protected</h2>
<p>This folder is protected by a password. Please enter the password to view its contents.</p> <p>This folder is protected by a password. Please enter the password to view its contents.</p>
<form method="get" action="api/folder/shareFolder.php"> <form method="get" action="/api/folder/shareFolder.php">
<input type="hidden" name="token" value="<?php echo htmlspecialchars($token, ENT_QUOTES, 'UTF-8'); ?>"> <input type="hidden" name="token" value="<?php echo htmlspecialchars($token, ENT_QUOTES, 'UTF-8'); ?>">
<label for="pass">Password:</label> <label for="pass">Password:</label>
<input type="password" name="pass" id="pass" required> <input type="password" name="pass" id="pass" required>
@@ -534,7 +534,7 @@ class FolderController {
foreach ($files as $file): foreach ($files as $file):
$filePath = $data['realFolderPath'] . DIRECTORY_SEPARATOR . $file; $filePath = $data['realFolderPath'] . DIRECTORY_SEPARATOR . $file;
$fileSize = file_exists($filePath) ? formatBytes(filesize($filePath)) : "Unknown"; $fileSize = file_exists($filePath) ? formatBytes(filesize($filePath)) : "Unknown";
$downloadLink = "api/folder/downloadSharedFile.php?token=" . urlencode($token) . "&file=" . urlencode($file); $downloadLink = "/api/folder/downloadSharedFile.php?token=" . urlencode($token) . "&file=" . urlencode($file);
?> ?>
<tr> <tr>
<td> <td>
@@ -557,7 +557,7 @@ class FolderController {
<!-- Pagination Controls --> <!-- Pagination Controls -->
<div class="pagination"> <div class="pagination">
<?php if ($currentPage > 1): ?> <?php if ($currentPage > 1): ?>
<a href="api/folder/shareFolder.php?token=<?php echo urlencode($token); ?>&page=<?php echo $currentPage - 1; ?><?php echo !empty($providedPass) ? "&pass=" . urlencode($providedPass) : ""; ?>">Prev</a> <a href="/api/folder/shareFolder.php?token=<?php echo urlencode($token); ?>&page=<?php echo $currentPage - 1; ?><?php echo !empty($providedPass) ? "&pass=" . urlencode($providedPass) : ""; ?>">Prev</a>
<?php else: ?> <?php else: ?>
<span>Prev</span> <span>Prev</span>
<?php endif; ?> <?php endif; ?>
@@ -569,12 +569,12 @@ class FolderController {
<?php if ($i == $currentPage): ?> <?php if ($i == $currentPage): ?>
<span class="current"><?php echo $i; ?></span> <span class="current"><?php echo $i; ?></span>
<?php else: ?> <?php else: ?>
<a href="api/folder/shareFolder.php?token=<?php echo urlencode($token); ?>&page=<?php echo $i; ?><?php echo !empty($providedPass) ? "&pass=" . urlencode($providedPass) : ""; ?>"><?php echo $i; ?></a> <a href="/api/folder/shareFolder.php?token=<?php echo urlencode($token); ?>&page=<?php echo $i; ?><?php echo !empty($providedPass) ? "&pass=" . urlencode($providedPass) : ""; ?>"><?php echo $i; ?></a>
<?php endif; ?> <?php endif; ?>
<?php endfor; ?> <?php endfor; ?>
<?php if ($currentPage < $totalPages): ?> <?php if ($currentPage < $totalPages): ?>
<a href="api/folder/shareFolder.php?token=<?php echo urlencode($token); ?>&page=<?php echo $currentPage + 1; ?><?php echo !empty($providedPass) ? "&pass=" . urlencode($providedPass) : ""; ?>">Next</a> <a href="/api/folder/shareFolder.php?token=<?php echo urlencode($token); ?>&page=<?php echo $currentPage + 1; ?><?php echo !empty($providedPass) ? "&pass=" . urlencode($providedPass) : ""; ?>">Next</a>
<?php else: ?> <?php else: ?>
<span>Next</span> <span>Next</span>
<?php endif; ?> <?php endif; ?>
@@ -584,7 +584,7 @@ class FolderController {
<?php if (isset($data['record']['allowUpload']) && $data['record']['allowUpload'] == 1): ?> <?php if (isset($data['record']['allowUpload']) && $data['record']['allowUpload'] == 1): ?>
<div class="upload-container"> <div class="upload-container">
<h3>Upload File (50mb max size)</h3> <h3>Upload File (50mb max size)</h3>
<form action="api/folder/uploadToSharedFolder.php" method="post" enctype="multipart/form-data"> <form action="/api/folder/uploadToSharedFolder.php" method="post" enctype="multipart/form-data">
<!-- Pass the share token so the upload endpoint can verify --> <!-- Pass the share token so the upload endpoint can verify -->
<input type="hidden" name="token" value="<?php echo htmlspecialchars($token, ENT_QUOTES, 'UTF-8'); ?>"> <input type="hidden" name="token" value="<?php echo htmlspecialchars($token, ENT_QUOTES, 'UTF-8'); ?>">
<input type="file" name="fileToUpload" required> <input type="file" name="fileToUpload" required>
@@ -613,7 +613,9 @@ class FolderController {
var galleryContainer = document.getElementById("galleryViewContainer"); var galleryContainer = document.getElementById("galleryViewContainer");
var html = '<div class="shared-gallery-container">'; var html = '<div class="shared-gallery-container">';
filesData.forEach(function(file) { filesData.forEach(function(file) {
var fileUrl = "uploads/<?php echo htmlspecialchars($folderName, ENT_QUOTES, 'UTF-8'); ?>/" + encodeURIComponent(file); var fileUrl = window.location.origin
+ "/uploads/<?php echo rawurlencode($folderName); ?>/"
+ encodeURIComponent(file);
var ext = file.split('.').pop().toLowerCase(); var ext = file.split('.').pop().toLowerCase();
var thumbnail = ""; var thumbnail = "";
if (['jpg','jpeg','png','gif','bmp','webp','svg','ico'].indexOf(ext) >= 0) { if (['jpg','jpeg','png','gif','bmp','webp','svg','ico'].indexOf(ext) >= 0) {
@@ -900,7 +902,7 @@ class FolderController {
$_SESSION['upload_message'] = "File uploaded successfully."; $_SESSION['upload_message'] = "File uploaded successfully.";
// Redirect back to the shared folder view. // Redirect back to the shared folder view.
$redirectUrl = "api/folder/shareFolder.php?token=" . urlencode($token); $redirectUrl = "/api/folder/shareFolder.php?token=" . urlencode($token);
header("Location: " . $redirectUrl); header("Location: " . $redirectUrl);
exit; exit;
} }

2
src/models/AdminModel.php
View File

@@ -104,7 +104,7 @@ class AdminModel
'providerUrl' => 'https://your-oidc-provider.com', 'providerUrl' => 'https://your-oidc-provider.com',
'clientId' => 'YOUR_CLIENT_ID', 'clientId' => 'YOUR_CLIENT_ID',
'clientSecret' => 'YOUR_CLIENT_SECRET', 'clientSecret' => 'YOUR_CLIENT_SECRET',
'redirectUri' => 'https://yourdomain.com/auth.php?oidc=callback' 'redirectUri' => 'https://yourdomain.com/api/auth/auth.php?oidc=callback'
], ],
'loginOptions' => [ 'loginOptions' => [
'disableFormLogin' => false, 'disableFormLogin' => false,

2
src/models/FolderModel.php
View File

@@ -403,7 +403,7 @@ class FolderModel {
$baseUrl = $protocol . "://" . $host; $baseUrl = $protocol . "://" . $host;
} }
// The share URL points to the shared folder page. // The share URL points to the shared folder page.
$link = $baseUrl . "api/folder/shareFolder.php?token=" . urlencode($token); $link = $baseUrl . "/api/folder/shareFolder.php?token=" . urlencode($token);
return ["token" => $token, "expires" => $expires, "link" => $link]; return ["token" => $token, "expires" => $expires, "link" => $link];
} }