Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2006:
[Freeciv-Dev] (PR#15107) allow periods in scenario names

[Freeciv-Dev] (PR#15107) allow periods in scenario names

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

Subject:	[Freeciv-Dev] (PR#15107) allow periods in scenario names
From:	"Mike Kaufman" <kaufman@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Sun, 8 Jan 2006 15:12:22 -0800
Reply-to:	bugs@xxxxxxxxxxx

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=15107 >

subject line explains most of it. some of the stock scenarios have periods
in them which would be nice to be able to load them.

I added PARENT_DIR_OPERATOR, but this is kind of useless at this exact
moment since '/' is prohibited in the filename.

Also load will reject xxx.sav.gz but accepts xxx. That should change, but
is a separate patch.

-mike

Index: utility/shared.c
===================================================================
--- utility/shared.c    (revision 11429)
+++ utility/shared.c    (working copy)
@@ -61,6 +61,8 @@
 #endif
 #endif
 
+#define PARENT_DIR_OPERATOR ".."
+
 /* If no default data path is defined use the default default one */
 #ifndef DEFAULT_DATA_PATH
 #define DEFAULT_DATA_PATH "." PATH_SEPARATOR "data" PATH_SEPARATOR \
@@ -379,9 +381,7 @@
 
 /****************************************************************************
   Check if the name is safe security-wise.  This is intended to be used to
-  make sure an untrusted filename is safe to be used.  We disallow filename
-  extensions since we assume these will be appended automatically after
-  this function is called.
+  make sure an untrusted filename is safe to be used. 
 ****************************************************************************/
 bool is_safe_filename(const char *name)
 {
@@ -392,19 +392,24 @@
     return FALSE; 
   }
 
-  /* Accept only alphanumerics and '-', '_'.  '.' is not allowed so
-   * the untrusted source cannot provide a filename extension (this must
-   * be done by the caller). */
+  /* Accept only alphanumerics and '-', '_', '.' The exception is if
+   * part of PARENT_DIR_OPERATOR is one of these, which is prohibited */  
   for (i = 0; name[i]; i++) {
     if (!((name[i] <= 'z' && name[i] >= 'a')
           || (name[i] <= 'Z' && name[i] >= 'A')
           || (name[i] <= '9' && name[i] >= '0')
           || name[i] == '-'
-          || name[i] == '_')) {
+          || name[i] == '_'
+          || name[i] == '.')) {
       return FALSE;
     }
   }
 
+  /* we don't allow the filename to ascend directories */
+  if (strstr(name, PARENT_DIR_OPERATOR)) {
+    return FALSE;
+  }
+
   /* Otherwise, it is okay... */
   return TRUE;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] (PR#15107) allow periods in scenario names, Mike Kaufman <=
- [Freeciv-Dev] (PR#15107) allow periods in scenario names, Jason Short, 2006/01/12

Prev by Date: [Freeciv-Dev] (PR#15105) /list scenarios command
Next by Date: [Freeciv-Dev] civserver crashed: http://pubserver.freeciv.org/games/557980
Previous by thread: [Freeciv-Dev] (PR#15105) /list scenarios command
Next by thread: [Freeciv-Dev] (PR#15107) allow periods in scenario names
Index(es):
- Date
- Thread