mirror of https://github.com/aria2/aria2
2010-05-06 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
Fixed the bug that name attribute of file element in Metalink file is not properly sanitized. * src/Metalink2RequestGroup.cc * src/MetalinkParserController.cc * test/Makefile.am * test/Metalink2RequestGroupTest.cc * test/metalink4-dosdirtraversal.xmlpull/1/head
Tatsuhiro Tsujikawa
parent
2bcf648102
commit
460ee92644
10
ChangeLog
10
ChangeLog
|
|
@ -1,3 +1,13 @@
|
||||||
|
2010-05-06 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||||
|
|
||||||
|
Fixed the bug that name attribute of file element in Metalink file
|
||||||
|
is not properly sanitized.
|
||||||
|
* src/Metalink2RequestGroup.cc
|
||||||
|
* src/MetalinkParserController.cc
|
||||||
|
* test/Makefile.am
|
||||||
|
* test/Metalink2RequestGroupTest.cc
|
||||||
|
* test/metalink4-dosdirtraversal.xml
|
||||||
|
|
||||||
2010-05-06 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
2010-05-06 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||||
|
|
||||||
Fixed the bug that if filename in Content-Disposition header
|
Fixed the bug that if filename in Content-Disposition header
|
||||||
|
|
|
||||||
|
|
@ -290,8 +290,7 @@ Metalink2RequestGroup::createRequestGroup
|
||||||
AccumulateNonP2PUri(uris));
|
AccumulateNonP2PUri(uris));
|
||||||
SharedHandle<FileEntry> fe
|
SharedHandle<FileEntry> fe
|
||||||
(new FileEntry
|
(new FileEntry
|
||||||
(util::applyDir(option->get(PREF_DIR),
|
(util::applyDir(option->get(PREF_DIR), (*i)->file->getPath()),
|
||||||
util::escapePath((*i)->file->getPath())),
|
|
||||||
(*i)->file->getLength(), offset, uris));
|
(*i)->file->getLength(), offset, uris));
|
||||||
if(option->getAsBool(PREF_METALINK_ENABLE_UNIQUE_PROTOCOL)) {
|
if(option->getAsBool(PREF_METALINK_ENABLE_UNIQUE_PROTOCOL)) {
|
||||||
fe->disableSingleHostMultiConnection();
|
fe->disableSingleHostMultiConnection();
|
||||||
|
|
|
||||||
|
|
@ -90,7 +90,7 @@ void MetalinkParserController::setFileNameOfEntry(const std::string& filename)
|
||||||
std::string path = util::joinPath(elements.begin(), elements.end());
|
std::string path = util::joinPath(elements.begin(), elements.end());
|
||||||
|
|
||||||
if(_tEntry->file.isNull()) {
|
if(_tEntry->file.isNull()) {
|
||||||
_tEntry->file.reset(new FileEntry(path, 0, 0));
|
_tEntry->file.reset(new FileEntry(util::escapePath(path), 0, 0));
|
||||||
} else {
|
} else {
|
||||||
_tEntry->file->setPath(util::escapePath(path));
|
_tEntry->file->setPath(util::escapePath(path));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -252,4 +252,5 @@ EXTRA_DIST = 4096chunk.txt\
|
||||||
metalink4.xml\
|
metalink4.xml\
|
||||||
metalink3-dirtraversal.xml\
|
metalink3-dirtraversal.xml\
|
||||||
metalink4-groupbymetaurl.xml\
|
metalink4-groupbymetaurl.xml\
|
||||||
serialize_session.meta4
|
serialize_session.meta4\
|
||||||
|
metalink4-dosdirtraversal.xml
|
||||||
|
|
|
||||||
|
|
@ -691,7 +691,8 @@ EXTRA_DIST = 4096chunk.txt\
|
||||||
metalink4.xml\
|
metalink4.xml\
|
||||||
metalink3-dirtraversal.xml\
|
metalink3-dirtraversal.xml\
|
||||||
metalink4-groupbymetaurl.xml\
|
metalink4-groupbymetaurl.xml\
|
||||||
serialize_session.meta4
|
serialize_session.meta4\
|
||||||
|
metalink4-dosdirtraversal.xml
|
||||||
|
|
||||||
all: all-am
|
all: all-am
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ class Metalink2RequestGroupTest:public CppUnit::TestFixture {
|
||||||
CPPUNIT_TEST_SUITE(Metalink2RequestGroupTest);
|
CPPUNIT_TEST_SUITE(Metalink2RequestGroupTest);
|
||||||
CPPUNIT_TEST(testGenerate);
|
CPPUNIT_TEST(testGenerate);
|
||||||
CPPUNIT_TEST(testGenerate_groupByMetaurl);
|
CPPUNIT_TEST(testGenerate_groupByMetaurl);
|
||||||
|
CPPUNIT_TEST(testGenerate_dosDirTraversal);
|
||||||
CPPUNIT_TEST_SUITE_END();
|
CPPUNIT_TEST_SUITE_END();
|
||||||
private:
|
private:
|
||||||
SharedHandle<Option> _option;
|
SharedHandle<Option> _option;
|
||||||
|
|
@ -30,6 +31,7 @@ public:
|
||||||
|
|
||||||
void testGenerate();
|
void testGenerate();
|
||||||
void testGenerate_groupByMetaurl();
|
void testGenerate_groupByMetaurl();
|
||||||
|
void testGenerate_dosDirTraversal();
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -195,4 +197,29 @@ void Metalink2RequestGroupTest::testGenerate_groupByMetaurl()
|
||||||
#endif // !ENABLE_BITTORRENT
|
#endif // !ENABLE_BITTORRENT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void Metalink2RequestGroupTest::testGenerate_dosDirTraversal()
|
||||||
|
{
|
||||||
|
#ifdef __MINGW32__
|
||||||
|
#ifdef ENABLE_BITTORRENT
|
||||||
|
std::vector<SharedHandle<RequestGroup> > groups;
|
||||||
|
_option->put(PREF_DIR, "/tmp");
|
||||||
|
Metalink2RequestGroup().generate
|
||||||
|
(groups, "metalink4-dosdirtraversal.xml", _option);
|
||||||
|
CPPUNIT_ASSERT_EQUAL((size_t)3, groups.size());
|
||||||
|
SharedHandle<RequestGroup> rg = groups[0];
|
||||||
|
SharedHandle<FileEntry> file = rg->getDownloadContext()->getFirstFileEntry();
|
||||||
|
CPPUNIT_ASSERT_EQUAL(std::string("/tmp/.._.._example.ext"),
|
||||||
|
file->getPath());
|
||||||
|
|
||||||
|
rg = groups[2];
|
||||||
|
file = rg->getDownloadContext()->getFileEntries()[0];
|
||||||
|
CPPUNIT_ASSERT_EQUAL(std::string("/tmp/.._.._file1.ext"),
|
||||||
|
file->getPath());
|
||||||
|
file = rg->getDownloadContext()->getFileEntries()[1];
|
||||||
|
CPPUNIT_ASSERT_EQUAL(std::string("/tmp/.._.._file2.ext"),
|
||||||
|
file->getPath());
|
||||||
|
#endif // ENABLE_BITTORRENT
|
||||||
|
#endif // __MINGW32__
|
||||||
|
}
|
||||||
|
|
||||||
} // namespace aria2
|
} // namespace aria2
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<metalink xmlns="urn:ietf:params:xml:ns:metalink">
|
||||||
|
<file name="..\..\example.ext">
|
||||||
|
<url location="fr" priority="1">http://example.com/example.ext</url>
|
||||||
|
</file>
|
||||||
|
<file name="..\..\file1.ext">
|
||||||
|
<size>12345</size>
|
||||||
|
<metaurl mediatype="torrent" name="d/file1.ext">http://example.com/example.torrent</metaurl>
|
||||||
|
</file>
|
||||||
|
<file name="..\..\file2.ext">
|
||||||
|
<size>12345</size>
|
||||||
|
<metaurl mediatype="torrent" name="d/file2.ext">http://example.com/example.torrent</metaurl>
|
||||||
|
</file>
|
||||||
|
</metalink>
|
||||||
Loading…
Reference in New Issue