uri encode password so special characters will work 100%

ComputerElite · ComputerElite · commit f170cccc32bc · 2023-04-01T23:39:15.000+02:00
diff --git a/QuestAppVersionSwitcher/Assets/html/script.js b/QuestAppVersionSwitcher/Assets/html/script.js
@@ -902,9 +902,12 @@ document.getElementById("abortPassword").onclick = () => {
     CloseGetPasswordPopup()
 }
 document.getElementById("confirmPassword").onclick = () => {
-    options.password = document.getElementById("passwordConfirm").value
+    options.password = encodeURIComponent(document.getElementById("passwordConfirm").value)
     options.app = options.parentName
-    fetch("/download?body=" + JSON.stringify(options).replace(/&/g, "and")).then(res => {
+    fetch("/download", {
+        method: "POST",
+        body: JSON.stringify(options)
+    }).then(res => {
         res.text().then(text => {
             if (res.status == 403) {
                 TextBoxError("step7box", text)
@@ -923,7 +926,10 @@ function StopDownload(name) {
 
 document.getElementById("logs").onclick = () => {
     TextBoxText("logsText", "Collecting information.. please allow us up to 30 seconds to collect everything")
-    fetch("/questappversionswitcher/uploadlogs?password=" + document.getElementById("logspwd").value).then(res => {
+    fetch("/questappversionswitcher/uploadlogs", {
+        method: "POST",
+        body: encodeURIComponent(document.getElementById("logspwd").value)
+    }).then(res => {
         res.text().then(text => {
             if (res.status == 403) {
                 TextBoxError("logsText", text)
@@ -947,12 +953,15 @@ document.getElementById("confirmLogin").onclick = () => {
 }
 
 document.getElementById("tokenPassword").onclick = () => {
-    options.password = document.getElementById("passwordConfirm").value
+    options.password = encodeURIComponent(document.getElementById("passwordConfirm").value)
     options.app = options.parentName
-    fetch("/token?body=" + JSON.stringify({
-        token: params.get("token"),
-        password: document.getElementById("passwordToken").value
-    })).then(res => {
+    fetch("/token", {
+        method: "POST",
+        body: JSON.stringify({
+            token: params.get("token"),
+            password: encodeURIComponent(document.getElementById("passwordToken").value)
+        })
+    }).then(res => {
         res.text().then(text => {
             if (res.status == 200) {
                 TextBoxGood("step8box", text)
diff --git a/QuestAppVersionSwitcher/Properties/AndroidManifest.xml b/QuestAppVersionSwitcher/Properties/AndroidManifest.xml
@@ -1,5 +1,5 @@
 ﻿<?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionName="1.10.3" package="com.ComputerElite.questappversionswitcher" android:installLocation="preferExternal" android:versionCode="51">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionName="1.10.4" package="com.ComputerElite.questappversionswitcher" android:installLocation="preferExternal" android:versionCode="52">
 	<uses-sdk android:minSdkVersion="28" android:targetSdkVersion="32" />
 	<uses-permission android:name="oculus.permission.handtracking" />
 	<uses-permission android:name="com.oculus.permission.HAND_TRACKING" />
diff --git a/QuestAppVersionSwitcher/Properties/AssemblyInfo.cs b/QuestAppVersionSwitcher/Properties/AssemblyInfo.cs
@@ -22,5 +22,5 @@
 //      Minor Version 
 //      Build Number
 //      Revision
-[assembly: AssemblyVersion("1.10.3.0")]
-[assembly: AssemblyFileVersion("1.10.3.0")]
+[assembly: AssemblyVersion("1.10.4.0")]
+[assembly: AssemblyFileVersion("1.10.4.0")]
diff --git a/QuestAppVersionSwitcher/WebServer.cs b/QuestAppVersionSwitcher/WebServer.cs
@@ -453,7 +453,7 @@ public void Start()
                 serverRequest.SendString("Uninstall request sent");
                 return true;
             }));
-            server.AddRoute("GET", "/questappversionswitcher/uploadlogs", new Func<ServerRequest, bool>(request =>
+            server.AddRoute("POST", "/questappversionswitcher/uploadlogs", new Func<ServerRequest, bool>(request =>
             {
                 Logger.Log("\n\n------Log upload requested------");
 				QAVSReport report = new QAVSReport();
@@ -466,13 +466,13 @@ public void Start()
                 {
                     try
                     {
-						if (GetSHA256OfString(request.queryString.Get("password")) != CoreService.coreVars.password)
+						if (GetSHA256OfString(request.bodyString) != CoreService.coreVars.password)
 						{
 							request.SendString("Password is wrong. Please try a different password or set a new one", "text/plain", 403);
 							return true;
 						}
                         GraphQLClient.log = false;
-						GraphQLClient.oculusStoreToken = PasswordEncryption.Decrypt(CoreService.coreVars.token, request.queryString.Get("password"));
+						GraphQLClient.oculusStoreToken = PasswordEncryption.Decrypt(CoreService.coreVars.token, request.bodyString);
 						ViewerData<OculusUserWrapper> entitlements = GraphQLClient.GetActiveEntitelments();
 						foreach (Entitlement e in entitlements.data.viewer.user.active_entitlements.nodes)
 						{
@@ -927,9 +927,9 @@ public void Start()
                 serverRequest.SendString(SizeConverter.ByteSizeToString(FileManager.GetDirSize(CoreService.coreVars.QAVSBackupDir)));
                 return true;
             }));
-            server.AddRoute("GET", "/token", new Func<ServerRequest, bool>(serverRequest =>
+            server.AddRoute("POST", "/token", new Func<ServerRequest, bool>(serverRequest =>
             {
-                TokenRequest r = JsonSerializer.Deserialize<TokenRequest>(serverRequest.queryString.Get("body"));
+                TokenRequest r = JsonSerializer.Deserialize<TokenRequest>(serverRequest.bodyString);
                 if (r.token.Contains("%"))
                 {
                     serverRequest.SendString("You got your token from the wrong place. Go to the payload tab. Don't get it from the url.", "text/plain", 400);
@@ -952,9 +952,9 @@ public void Start()
                 serverRequest.SendString("Set token");
                 return true;
             }));
-            server.AddRoute("GET", "/download", new Func<ServerRequest, bool>(serverRequest =>
+            server.AddRoute("POST", "/download", new Func<ServerRequest, bool>(serverRequest =>
             {
-                DownloadRequest r = JsonSerializer.Deserialize<DownloadRequest>(serverRequest.queryString.Get("body"));
+                DownloadRequest r = JsonSerializer.Deserialize<DownloadRequest>(serverRequest.bodyString);
                 if (GetSHA256OfString(r.password) != CoreService.coreVars.password)
                 {
                     serverRequest.SendString("Password is wrong. Please try a different password or set a new one", "text/plain", 403);

Original file line number	Diff line number	Diff line change
`@@ -453,7 +453,7 @@ public void Start()`
`453`	`453`	`serverRequest.SendString("Uninstall request sent");`
`454`	`454`	`return true;`
`455`	`455`	`}));`
`456`		`- server.AddRoute("GET", "/questappversionswitcher/uploadlogs", new Func<ServerRequest, bool>(request =>`
	`456`	`+ server.AddRoute("POST", "/questappversionswitcher/uploadlogs", new Func<ServerRequest, bool>(request =>`
`457`	`457`	`{`
`458`	`458`	`Logger.Log("\n\n------Log upload requested------");`
`459`	`459`	`QAVSReport report = new QAVSReport();`
`@@ -466,13 +466,13 @@ public void Start()`
`466`	`466`	`{`
`467`	`467`	`try`
`468`	`468`	`{`
`469`		`- if (GetSHA256OfString(request.queryString.Get("password")) != CoreService.coreVars.password)`
	`469`	`+ if (GetSHA256OfString(request.bodyString) != CoreService.coreVars.password)`
`470`	`470`	`{`
`471`	`471`	`request.SendString("Password is wrong. Please try a different password or set a new one", "text/plain", 403);`
`472`	`472`	`return true;`
`473`	`473`	`}`
`474`	`474`	`GraphQLClient.log = false;`
`475`		`- GraphQLClient.oculusStoreToken = PasswordEncryption.Decrypt(CoreService.coreVars.token, request.queryString.Get("password"));`
	`475`	`+ GraphQLClient.oculusStoreToken = PasswordEncryption.Decrypt(CoreService.coreVars.token, request.bodyString);`
`476`	`476`	`ViewerData<OculusUserWrapper> entitlements = GraphQLClient.GetActiveEntitelments();`
`477`	`477`	`foreach (Entitlement e in entitlements.data.viewer.user.active_entitlements.nodes)`
`478`	`478`	`{`
`@@ -927,9 +927,9 @@ public void Start()`
`927`	`927`	`serverRequest.SendString(SizeConverter.ByteSizeToString(FileManager.GetDirSize(CoreService.coreVars.QAVSBackupDir)));`
`928`	`928`	`return true;`
`929`	`929`	`}));`
`930`		`- server.AddRoute("GET", "/token", new Func<ServerRequest, bool>(serverRequest =>`
	`930`	`+ server.AddRoute("POST", "/token", new Func<ServerRequest, bool>(serverRequest =>`
`931`	`931`	`{`
`932`		`- TokenRequest r = JsonSerializer.Deserialize<TokenRequest>(serverRequest.queryString.Get("body"));`
	`932`	`+ TokenRequest r = JsonSerializer.Deserialize<TokenRequest>(serverRequest.bodyString);`
`933`	`933`	`if (r.token.Contains("%"))`
`934`	`934`	`{`
`935`	`935`	`serverRequest.SendString("You got your token from the wrong place. Go to the payload tab. Don't get it from the url.", "text/plain", 400);`
`@@ -952,9 +952,9 @@ public void Start()`
`952`	`952`	`serverRequest.SendString("Set token");`
`953`	`953`	`return true;`
`954`	`954`	`}));`
`955`		`- server.AddRoute("GET", "/download", new Func<ServerRequest, bool>(serverRequest =>`
	`955`	`+ server.AddRoute("POST", "/download", new Func<ServerRequest, bool>(serverRequest =>`
`956`	`956`	`{`
`957`		`- DownloadRequest r = JsonSerializer.Deserialize<DownloadRequest>(serverRequest.queryString.Get("body"));`
	`957`	`+ DownloadRequest r = JsonSerializer.Deserialize<DownloadRequest>(serverRequest.bodyString);`
`958`	`958`	`if (GetSHA256OfString(r.password) != CoreService.coreVars.password)`
`959`	`959`	`{`
`960`	`960`	`serverRequest.SendString("Password is wrong. Please try a different password or set a new one", "text/plain", 403);`