src/hg/hgHubConnect/hooks/pre-finish.c cd0b41f1116bd93328ab34e9eceaa5f9afa8b825

cd0b41f1116bd93328ab34e9eceaa5f9afa8b825
chmalee
  Thu Feb 6 13:36:29 2025 -0800
Lots of changes to hub space UI after code review and QA feedback. 1) Make the table interface more like a file explorer where you view the 'root' directory by default and then can click into 'folders'. Also adds a breadcrumb nav so you can go backwards. 2) Fix bug in delete command to remove directories correctly. 3) cgiEncode the parentDir of incoming requests to prevent moving files to weird locations

diff --git src/hg/hgHubConnect/hooks/pre-finish.c src/hg/hgHubConnect/hooks/pre-finish.c
index 26e947c762a..76880b13893 100644
--- src/hg/hgHubConnect/hooks/pre-finish.c
+++ src/hg/hgHubConnect/hooks/pre-finish.c
@@ -90,31 +90,31 @@
             userName = userNameForApiKey(apiKey);
             if (!userName)
                 errAbort("You are not logged in. Please navigate to My Data -> My Sessions and log in or create an account.");
             }
         fprintf(stderr, "userName='%s'\n'", userName);
         // NOTE: All Upload.MetaData values are strings
         fileName = cgiEncodeFull(jsonQueryString(req, "", "Event.Upload.MetaData.fileName", NULL));
         fileSize = jsonQueryInt(req, "",  "Event.Upload.Size", 0, NULL);
         fileType = jsonQueryString(req, "", "Event.Upload.MetaData.fileType", NULL);
         db = jsonQueryString(req, "", "Event.Upload.MetaData.genome", NULL);
         reqLm = jsonQueryString(req, "", "Event.Upload.MetaData.lastModified", NULL);
         lastModified = sqlLongLong(reqLm) / 1000; // yes Javascript dates are in millis
         char *hubtoolsStr = jsonQueryString(req, "", "Event.Upload.MetaData.hubtools", NULL);
         if (hubtoolsStr)
             isHubToolsUpload = sameString(hubtoolsStr, "TRUE") || sameString(hubtoolsStr, "true");
-        parentDir = jsonQueryString(req, "", "Event.Upload.MetaData.parentDir", NULL);
+        parentDir = cgiEncodeFull(jsonQueryString(req, "", "Event.Upload.MetaData.parentDir", NULL));
         fprintf(stderr, "parentDir = '%s'\n", parentDir);
         fflush(stderr);
         // strip out plain leading '.' and '/' components
         // middle '.' components are dealt with later
         if (startsWith("./", parentDir) || startsWith("/", parentDir))
             parentDir = skipBeyondDelimit(parentDir, '/');
         fprintf(stderr, "parentDir = '%s'\n", parentDir);
         fflush(stderr);
         char *tusFile = jsonQueryString(req, "", "Event.Upload.Storage.Path", NULL);
         if (fileName == NULL)
             {
             errAbort("No Event.Upload.fileName setting");
             }
         else if (tusFile == NULL)
             {