New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blacklist filename chars #2077
Blacklist filename chars #2077
Changes from 3 commits
b3f8a5a
b2ca410
c1bc0ea
a95567f
56329b1
ff3855a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,6 +15,7 @@ | |
|
||
#include "addon/validation.hpp" | ||
#include "config.hpp" | ||
#include "serialization/unicode_cast.hpp" | ||
|
||
#include <algorithm> | ||
|
||
|
@@ -44,13 +45,33 @@ namespace { | |
} | ||
} | ||
}; | ||
|
||
struct addon_filename_ucs4char_illegal | ||
{ | ||
inline bool operator()(ucs4::char_t c) const | ||
{ | ||
switch(c){ | ||
case ' ': | ||
case '/': | ||
case ':': | ||
case '\\': | ||
case '~': | ||
case 0x7F: // DEL | ||
return true; | ||
default: | ||
return ( | ||
c < 0x20 || // control characters | ||
(c >= 0xD800 && c < 0xE000) // surrogate pairs | ||
); | ||
} | ||
} | ||
}; | ||
} | ||
|
||
bool addon_name_legal(const std::string& name) | ||
{ | ||
if(name.empty() || name == "." || | ||
std::find_if(name.begin(), name.end(), addon_name_char_illegal()) != name.end() || | ||
name.find("..") != std::string::npos) { | ||
if(name.empty() || | ||
std::find_if(name.begin(), name.end(), addon_name_char_illegal()) != name.end()) { | ||
return false; | ||
} else { | ||
return true; | ||
|
@@ -59,12 +80,17 @@ bool addon_name_legal(const std::string& name) | |
|
||
bool addon_filename_legal(const std::string& name) | ||
{ | ||
if(name.empty() || name == "." || | ||
name.find_first_of("/:\\~ \r\n\v\t") != std::string::npos || | ||
name.find("..") != std::string::npos) { | ||
if(name.empty() || name.back() == '.' || | ||
name.find("..") != std::string::npos || | ||
name.size() > 255) { | ||
return false; | ||
} else { | ||
return true; | ||
const ucs4::string name_ucs4 = unicode_cast<ucs4::string>(name); | ||
const std::string name_utf8 = unicode_cast<utf8::string>(name_ucs4); | ||
if(name != name_utf8){ // name is invalid UTF-8 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. did you test that this check works? I'd think that unicode_cast simply throws an exception in case of invalid utf8 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. See unicode_cast.hpp. The cast swallows the exception and returns the part of the string that it was able to convert. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I tested this yesterday. It works, but a different check failed in |
||
return false; | ||
} | ||
return std::find_if(name_ucs4.begin(), name_ucs4.end(), addon_filename_ucs4char_illegal()) == name_ucs4.end(); | ||
} | ||
} | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpicking: I'd prefer if the comment said just "surrogates" instead of "surrogate pairs", as it analyzes only one code point at a time.