github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

2010-10-02 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net> 

Made string literal static std::string in
	util::detectDirTraversal().
	* src/util.cc
pull/1/head
Tatsuhiro Tsujikawa 2010-10-02 08:29:15 +00:00
parent d5e0046f29
commit 29d40a666f
2 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2010-10-02 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
Made string literal static std::string in
util::detectDirTraversal().
* src/util.cc
2010-10-02 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net> 2010-10-02 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
Rewritten util::escapePath(). Now it does not replace bad chars:it Rewritten util::escapePath(). Now it does not replace bad chars:it

25
src/util.cc
View File

@ -1335,16 +1335,25 @@ bool detectDirTraversal(const std::string& s)
return true; return true;
} }
} }
static std::string DS = "./";
static std::string DDS = "../";
static std::string SD = "/.";
static std::string SDD = "/..";
static std::string SDDS = "/../";
static std::string SDS = "/./";
static std::string DD = "..";
return s == A2STR::DOT_C || return s == A2STR::DOT_C ||
s == ".." || s == DD ||
util::startsWith(s, A2STR::SLASH_C) || util::startsWith(s, A2STR::SLASH_C) ||
util::startsWith(s, "./") || util::startsWith(s, DS) ||
util::startsWith(s, "../") || util::startsWith(s, DDS) ||
s.find("/../") != std::string::npos || s.find(SDDS) != std::string::npos ||
s.find("/./") != std::string::npos || s.find(SDS) != std::string::npos ||
util::endsWith(s, "/") || util::endsWith(s, A2STR::SLASH_C) ||
util::endsWith(s, "/.") || util::endsWith(s, SD) ||
util::endsWith(s, "/.."); util::endsWith(s, SDD);
} }
std::string escapePath(const std::string& s) std::string escapePath(const std::string& s)