From 4d79c462db915199d35b598e4081f0b722b221f3 Mon Sep 17 00:00:00 2001
From: Julien Fontanet <julien.fontanet@isonoe.net>
Date: Tue, 10 Sep 2019 14:39:53 +0200
Subject: [PATCH] fix(xo-server): use encodeURIComponent for filenames

This makes sure special characters like `?` or `#` are correctly handled.
---
 packages/xo-server/src/api/backup-ng.js | 2 +-
 packages/xo-server/src/api/backup.js    | 2 +-
 packages/xo-server/src/api/vm.js        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/xo-server/src/api/backup-ng.js b/packages/xo-server/src/api/backup-ng.js
index 402a750e0..6382a87a0 100644
--- a/packages/xo-server/src/api/backup-ng.js
+++ b/packages/xo-server/src/api/backup-ng.js
@@ -302,7 +302,7 @@ export async function fetchFiles(params) {
   filename += '.zip'
 
   return this.registerHttpRequest(handleFetchFiles, params, {
-    suffix: encodeURI(`/${filename}`),
+    suffix: '/' + encodeURIComponent(filename),
   }).then(url => ({ $getFrom: url }))
 }
 
diff --git a/packages/xo-server/src/api/backup.js b/packages/xo-server/src/api/backup.js
index 896674636..e326b4da8 100644
--- a/packages/xo-server/src/api/backup.js
+++ b/packages/xo-server/src/api/backup.js
@@ -93,7 +93,7 @@ export async function fetchFiles({ format = 'zip', ...params }) {
     handleFetchFiles,
     { ...params, format },
     {
-      suffix: encodeURI(`/${fileName}`),
+      suffix: '/' + encodeURIComponent(fileName),
     }
   ).then(url => ({ $getFrom: url }))
 }
diff --git a/packages/xo-server/src/api/vm.js b/packages/xo-server/src/api/vm.js
index 4c79fc90d..865b9b978 100644
--- a/packages/xo-server/src/api/vm.js
+++ b/packages/xo-server/src/api/vm.js
@@ -1189,7 +1189,7 @@ async function export_({ vm, compress }) {
 
   return {
     $getFrom: await this.registerHttpRequest(handleExport, data, {
-      suffix: encodeURI(`/${vm.name_label}.xva`),
+      suffix: '/' + encodeURIComponent(`${vm.name_label}.xva`),
     }),
   }
 }