From 82e131182ca7275c8e3244112ec5d214c320c788 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Wed, 15 May 2013 19:07:52 +0200
Subject: fl_load.c: Don't allow "." and ".." as file/dir names in
 files.xml.bz2

As the ADC spec requires.
---
 src/fl_load.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/fl_load.c')

diff --git a/src/fl_load.c b/src/fl_load.c
index 8f56edb..054d781 100644
--- a/src/fl_load.c
+++ b/src/fl_load.c
@@ -109,6 +109,10 @@ static int entitycb(void *context, int type, const char *arg1, const char *arg2,
   case S_DIROPEN:
     if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "Name") == 0 && !x->name) {
       x->name = g_utf8_validate(arg2, -1, NULL) ? g_strdup(arg2) : str_convert("UTF-8", "UTF-8", arg2);
+      if(x->name[0] == '.' && (!x->name[1] || (x->name[1] == '.' && !x->name[2]))) {
+        g_set_error(err, 1, 0, "'.' or '..' not allowed in directory name");
+        return -1;
+      }
       return 0;
     }
     if(type == XMLT_ATTDONE) {
@@ -168,6 +172,10 @@ static int entitycb(void *context, int type, const char *arg1, const char *arg2,
   case S_FILEOPEN:
     if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "Name") == 0 && !x->name) {
       x->name = g_utf8_validate(arg2, -1, NULL) ? g_strdup(arg2) : str_convert("UTF-8", "UTF-8", arg2);
+      if(x->name[0] == '.' && (!x->name[1] || (x->name[1] == '.' && !x->name[2]))) {
+        g_set_error(err, 1, 0, "'.' or '..' not allowed in file name");
+        return -1;
+      }
       return 0;
     }
     if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "TTH") == 0 && !x->filehastth) {
-- 
cgit v1.2.3