Fix inconsistent sanitation with the database (#32)
Some checks failed
Compile Cytoplasm / Compile Cytoplasm (x86, alpine-v3.19) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86, debian-v12.4) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86, freebsd-v14.0) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86, netbsd-v9.3) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, alpine-v3.19) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, debian-v12.4) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, freebsd-v14.0) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, netbsd-v9.3) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, openbsd-v7.4) (push) Has been cancelled
Some checks failed
Compile Cytoplasm / Compile Cytoplasm (x86, alpine-v3.19) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86, debian-v12.4) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86, freebsd-v14.0) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86, netbsd-v9.3) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, alpine-v3.19) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, debian-v12.4) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, freebsd-v14.0) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, netbsd-v9.3) (push) Has been cancelled
Compile Cytoplasm / Compile Cytoplasm (x86_64, openbsd-v7.4) (push) Has been cancelled
Cytoplasm's Db currently doesn't sanitate database entries consistently, and this PR should be a quick fix for this. Reviewed-on: #32 Co-authored-by: lda <lda@freetards.xyz> Co-committed-by: lda <lda@freetards.xyz>
This commit is contained in:
parent
346b912a06
commit
9108fef701
1 changed files with 22 additions and 13 deletions
35
src/Db.c
35
src/Db.c
|
|
@ -218,19 +218,38 @@ DbHashKey(Array * args)
|
|||
return str;
|
||||
}
|
||||
|
||||
static char
|
||||
DbSanitiseChar(char input)
|
||||
{
|
||||
switch (input)
|
||||
{
|
||||
case '/':
|
||||
return '_';
|
||||
case '.':
|
||||
return '-';
|
||||
}
|
||||
return input;
|
||||
}
|
||||
|
||||
static char *
|
||||
DbDirName(Db * db, Array * args, size_t strip)
|
||||
{
|
||||
size_t i;
|
||||
size_t i, j;
|
||||
char *str = StrConcat(2, db->dir, "/");
|
||||
|
||||
for (i = 0; i < ArraySize(args) - strip; i++)
|
||||
{
|
||||
char *tmp;
|
||||
char *sanitise = StrDuplicate(ArrayGet(args, i));
|
||||
for (j = 0; j < strlen(sanitise); j++)
|
||||
{
|
||||
sanitise[j] = DbSanitiseChar(sanitise[j]);
|
||||
}
|
||||
|
||||
tmp = StrConcat(3, str, ArrayGet(args, i), "/");
|
||||
tmp = StrConcat(3, str, sanitise, "/");
|
||||
|
||||
Free(str);
|
||||
Free(sanitise);
|
||||
|
||||
str = tmp;
|
||||
}
|
||||
|
|
@ -253,17 +272,7 @@ DbFileName(Db * db, Array * args)
|
|||
/* Sanitize name to prevent directory traversal attacks */
|
||||
while (arg[j])
|
||||
{
|
||||
switch (arg[j])
|
||||
{
|
||||
case '/':
|
||||
arg[j] = '_';
|
||||
break;
|
||||
case '.':
|
||||
arg[j] = '-';
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
arg[j] = DbSanitiseChar(arg[j]);
|
||||
j++;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue