From efe8a04c70f1dde3c62e88f514433515631db858 Mon Sep 17 00:00:00 2001 From: Warren Dukes Date: Wed, 2 Jun 2004 01:26:15 +0000 Subject: validate url's before adding to playlist git-svn-id: https://svn.musicpd.org/mpd/trunk@1289 09075e82-0dd4-0310-85a5-a0d7c8717e4f --- src/decode.c | 21 +++++++++++++----- src/inputStream.h | 2 ++ src/ls.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++------ src/ls.h | 2 ++ src/playlist.c | 7 ++++-- 5 files changed, 83 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/decode.c b/src/decode.c index 4d04e4c7..e01e63f6 100644 --- a/src/decode.c +++ b/src/decode.c @@ -256,13 +256,19 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) { int ret; InputStream inStream; InputPlugin * plugin; - char path[MAXPATHLEN+1]; + char * path; if(isRemoteUrl(pc->utf8url)) { - strncpy(path, pc->utf8url, MAXPATHLEN); + path = utf8StrToLatin1Dup(pc->utf8url); } - else strncpy(path, rmp2amp(utf8ToFsCharset(pc->utf8url)), MAXPATHLEN); - path[MAXPATHLEN] = '\0'; + else path = strdup(rmp2amp(utf8ToFsCharset(pc->utf8url))); + + if(!path) { + dc->error = DECODE_ERROR_FILE; + dc->state = DECODE_STATE_STOP; + dc->start = 0; + return; + } dc->metadataSet = 0; memset(dc->metadata, 0, DECODE_METADATA_LENGTH); @@ -275,9 +281,9 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) { if(openInputStream(&inStream, path) < 0) { dc->error = DECODE_ERROR_FILE; - dc->start = 0; - dc->stop = 0; dc->state = DECODE_STATE_STOP; + dc->start = 0; + free(path); return; } @@ -291,6 +297,7 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) { if(dc->stop) { dc->state = DECODE_STATE_STOP; dc->stop = 0; + free(path); return; } @@ -345,6 +352,8 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) { dc->stop = 0; dc->state = DECODE_STATE_STOP; } + + free(path); } int decoderInit(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) { diff --git a/src/inputStream.h b/src/inputStream.h index 5add3f48..6e54315f 100644 --- a/src/inputStream.h +++ b/src/inputStream.h @@ -48,6 +48,8 @@ struct _InputStream { char * metaTitle; }; +int isUrlSaneForInputStream(char * url); + /* if an error occurs for these 3 functions, then -1 is returned and errno for the input stream is set */ int openInputStream(InputStream * inStream, char * url); diff --git a/src/ls.c b/src/ls.c index 28587458..f477d7fa 100644 --- a/src/ls.c +++ b/src/ls.c @@ -22,6 +22,7 @@ #include "path.h" #include "myfprintf.h" #include "log.h" +#include "utf8.h" #include #include @@ -41,17 +42,68 @@ char * dupAndStripPlaylistSuffix(char * file) { return ret; } -int isRemoteUrl(char * url) { - char * prefixes[] = { - "http://", - NULL - }; +static char * remoteUrlPrefixes[] = +{ + "http://", + NULL +}; + +int isValidRemoteUtf8Url(char * utf8url) { + int ret = 0; + char * lat1 = utf8StrToLatin1Dup(utf8url); + char * temp; + + if(!lat1) return 0; + + switch(isRemoteUrl(lat1)) { + case 1: + ret = 1; + temp = lat1; + while(*temp) { + if((*temp >= 'a' && *temp <= 'z') || + (*temp >= 'A' && *temp <= 'z') || + (*temp >= '0' && *temp <= '9') || + *temp == '$' || + *temp == '-' || + *temp == '.' || + *temp == '+' || + *temp == '!' || + *temp == '*' || + *temp == '\'' || + *temp == '(' || + *temp == ')' || + *temp == ',' || + *temp == '%' || + *temp == '/' || + *temp == ':' || + *temp == '?' || + *temp == ';' || + *temp == '&' || + *temp == '=') + { + } + else { + ret = 1; + break; + } + temp++; + } + break; + } + + free(lat1); + + return ret; +} - char ** urlPrefixes = prefixes; +int isRemoteUrl(char * url) { + int count = 0; + char ** urlPrefixes = remoteUrlPrefixes; while(*urlPrefixes) { + count++; if(strncmp(*urlPrefixes,url,strlen(*urlPrefixes)) == 0) { - return 1; + return count; } urlPrefixes++; } diff --git a/src/ls.h b/src/ls.h index ef19676b..c297e167 100644 --- a/src/ls.h +++ b/src/ls.h @@ -30,6 +30,8 @@ int lsPlaylists(FILE * fp, char * utf8path); char * getSuffix(char * utf8file); +int isValidRemoteUtf8Url(char * utf8url); + int isRemoteUrl(char * url); int isFile(char * utf8file, time_t * mtime); diff --git a/src/playlist.c b/src/playlist.c index ba5b5150..cb931466 100644 --- a/src/playlist.c +++ b/src/playlist.c @@ -471,10 +471,13 @@ int addToPlaylist(FILE * fp, char * url) { if((song = getSongFromDB(url))) { } - else if(isRemoteUrl(url) && (song = newSong(url,SONG_TYPE_URL))) { + else if(isValidRemoteUtf8Url(url) && + (song = newSong(url,SONG_TYPE_URL))) + { } else { - myfprintf(fp,"%s \"%s\" is not in the music db\n", + myfprintf(fp,"%s \"%s\" is not in the music db or is" + "not a valid url\n", COMMAND_RESPOND_ERROR,url); return -1; } -- cgit v1.2.3