From 10b175a73feb704d625a6cd108a8d29d23f91e2e Mon Sep 17 00:00:00 2001
From: "Ignacio R. Morelle" <shadowm@wesnoth.org>
Date: Mon, 4 Sep 2017 16:03:29 -0300
Subject: [PATCH] wam: Percent-encode add-on tarball names

This is *not* really necessary right now because of the limited
character set we allow for add-on names (currently [A-Za-z0-9_-]), but
it doesn't hurt to future-proof this since odds that someone will change
the limitations in the C++ code at some point without remembering to
update this script are staggeringly high these days.

[ci skip]
---
 data/tools/addon_manager/html.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/data/tools/addon_manager/html.py b/data/tools/addon_manager/html.py
index d58e009d719..3042f243c55 100755
--- a/data/tools/addon_manager/html.py
+++ b/data/tools/addon_manager/html.py
@@ -5,6 +5,7 @@ import glob
 import os
 import sys
 import time
+import urllib.parse
 from subprocess import Popen
 
 #
@@ -173,6 +174,15 @@ def htmlescape(text, quote=True):
         return text
     return html.escape(text, quote)
 
+def urlencode(text):
+    """
+    Encode the given string to ensure it only contains valid URL characters
+    (also known as percent-encoding).
+    """
+    if text is None:
+        return text
+    return urllib.parse.quote(text, encoding='utf-8')
+
 def output(path, url, data):
     """Write the HTML index of add-ons into the specified directory."""
     try:
@@ -291,7 +301,7 @@ def output(path, url, data):
 
         w('<td class="addon"><span hidden>%s</span>' % title)
         if url:
-            link = htmlescape(url.rstrip("/") + "/" + addon_id + ".tar.bz2")
+            link = htmlescape(url.rstrip("/") + "/" + urlencode(addon_id) + ".tar.bz2")
             w(('<a class="addon-download" href="%s" title="Download">'
                '<i class="fa fa-fw fa-2x fa-download" aria-hidden="true"></i>'
                '<span class="sr-only">Download</span></a>') % link)