oysteikt/mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity

uri: added function uri_safe_local()

Browse Source
This commit is contained in:
Max Kellermann 2009-12-26 02:07:44 +01:00
parent 554b2b0ed9
commit af964e8929
2 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/uri.c
View File

@ -22,6 +22,7 @@
#include <glib.h> #include <glib.h>
#include <assert.h>
#include <string.h> #include <string.h>
bool uri_has_scheme(const char *uri) bool uri_has_scheme(const char *uri)
@ -45,6 +46,35 @@ uri_get_suffix(const char *uri)
return suffix; return suffix;
} }
static const char *
verify_uri_segment(const char *p)
{
const char *q;
if (*p == 0 || *p == '/' || *p == '.')
return NULL;
q = strchr(p + 1, '/');
return q != NULL ? q : "";
}
bool
uri_safe_local(const char *uri)
{
while (true) {
uri = verify_uri_segment(uri);
if (uri == NULL)
return false;
if (*uri == 0)
return true;
assert(*uri == '/');
++uri;
}
}
char * char *
uri_remove_auth(const char *uri) uri_remove_auth(const char *uri)
{ {

12
src/uri.h
View File

@ -35,6 +35,18 @@ G_GNUC_PURE
const char * const char *
uri_get_suffix(const char *uri); uri_get_suffix(const char *uri);
/**
* Returns true if this is a safe "local" URI:
*
* - non-empty
* - does not begin or end with a slash
* - no double slashes
* - no path component begins with a dot
*/
G_GNUC_PURE
bool
uri_safe_local(const char *uri);
/** /**
* Removes HTTP username and password from the URI. This may be * Removes HTTP username and password from the URI. This may be
* useful for displaying an URI without disclosing secrets. Returns * useful for displaying an URI without disclosing secrets. Returns