[Freeciv-Dev] Re: (PR#13463) New function to eval safety of filenames
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Subject: |
[Freeciv-Dev] Re: (PR#13463) New function to eval safety of filenames |
From: |
"Per I. Mathisen" <per@xxxxxxxxxxx> |
Date: |
Tue, 12 Jul 2005 15:10:54 -0700 |
Reply-to: |
bugs@xxxxxxxxxxx |
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=13463 >
Jason suggsted that '.' should be banned too, and I agreed with him, so
here is yet another patch.
- Per
Index: utility/shared.c
===================================================================
RCS file: /home/freeciv/CVS/freeciv/utility/shared.c,v
retrieving revision 1.133
diff -u -r1.133 shared.c
--- utility/shared.c 15 Jun 2005 20:23:00 -0000 1.133
+++ utility/shared.c 12 Jul 2005 22:09:00 -0000
@@ -378,6 +378,33 @@
}
/***************************************************************
+ Check if name is safe security-wise.
+***************************************************************/
+bool is_safe_name(const char *name)
+{
+ int i;
+
+ /* must not be NULL or empty */
+ if (!name || *name == '\0') {
+ return FALSE;
+ }
+
+ /* Accept only alphanumerics and -._ */
+ for (i = 0; name[i]; i++) {
+ if (!((name[i] <= 'z' && name[i] >= 'a')
+ || (name[i] <= 'Z' && name[i] >= 'A')
+ || (name[i] <= '9' && name[i] >= '0')
+ || name[i] == '-'
+ || name[i] == '_')) {
+ return FALSE;
+ }
+ }
+
+ /* Otherwise, it is okay... */
+ return TRUE;
+}
+
+/***************************************************************
This is used in sundry places to make sure that names of cities,
players etc. do not contain yucky characters of various sorts.
Returns TRUE iff the name is acceptable.
Index: utility/shared.h
===================================================================
RCS file: /home/freeciv/CVS/freeciv/utility/shared.h,v
retrieving revision 1.145
diff -u -r1.145 shared.h
--- utility/shared.h 11 May 2005 08:03:27 -0000 1.145
+++ utility/shared.h 12 Jul 2005 22:09:01 -0000
@@ -184,6 +184,7 @@
const char *int_to_text(unsigned int number);
bool is_ascii_name(const char *name);
+bool is_safe_name(const char *name);
const char *textyear(int year);
int compare_strings(const void *first, const void *second);
int compare_strings_ptrs(const void *first, const void *second);
|
|