summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2013-05-15 19:07:52 +0200
committerYorhel <git@yorhel.nl>2013-05-15 19:07:52 +0200
commit82e131182ca7275c8e3244112ec5d214c320c788 (patch)
tree6ae0f9a00e8e058bc29b0488d9c6114e3e435c01 /src
parentd49f513c9c813ae1ee64976e4eae6722bb6693b6 (diff)
fl_load.c: Don't allow "." and ".." as file/dir names in files.xml.bz2
As the ADC spec requires.
Diffstat (limited to 'src')
-rw-r--r--src/fl_load.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/fl_load.c b/src/fl_load.c
index 8f56edb..054d781 100644
--- a/src/fl_load.c
+++ b/src/fl_load.c
@@ -109,6 +109,10 @@ static int entitycb(void *context, int type, const char *arg1, const char *arg2,
case S_DIROPEN:
if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "Name") == 0 && !x->name) {
x->name = g_utf8_validate(arg2, -1, NULL) ? g_strdup(arg2) : str_convert("UTF-8", "UTF-8", arg2);
+ if(x->name[0] == '.' && (!x->name[1] || (x->name[1] == '.' && !x->name[2]))) {
+ g_set_error(err, 1, 0, "'.' or '..' not allowed in directory name");
+ return -1;
+ }
return 0;
}
if(type == XMLT_ATTDONE) {
@@ -168,6 +172,10 @@ static int entitycb(void *context, int type, const char *arg1, const char *arg2,
case S_FILEOPEN:
if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "Name") == 0 && !x->name) {
x->name = g_utf8_validate(arg2, -1, NULL) ? g_strdup(arg2) : str_convert("UTF-8", "UTF-8", arg2);
+ if(x->name[0] == '.' && (!x->name[1] || (x->name[1] == '.' && !x->name[2]))) {
+ g_set_error(err, 1, 0, "'.' or '..' not allowed in file name");
+ return -1;
+ }
return 0;
}
if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "TTH") == 0 && !x->filehastth) {