Fix inconsistent sanitation with the database (#32)

Cytoplasm's Db currently doesn't sanitate database entries consistently, and this PR should be a quick fix for this. Reviewed-on: #32 Co-authored-by: lda <lda@freetards.xyz> Co-committed-by: lda <lda@freetards.xyz>
2024-05-26 15:31:14 -05:00 · 2024-05-26 15:31:14 -05:00 · 9108fef701
parent 346b912a06
commit 9108fef701
1 changed files with 22 additions and 13 deletions
--- a/src/Db.c
+++ b/src/Db.c
@ -218,19 +218,38 @@ DbHashKey(Array * args)
    return str;
 }

+static char
+DbSanitiseChar(char input)
+{
+    switch (input)
+    {
+        case '/':
+            return '_';
+        case '.':
+            return '-';
+    }
+    return input;
+}
+
 static char *
 DbDirName(Db * db, Array * args, size_t strip)
 {
-    size_t i;
+    size_t i, j;
    char *str = StrConcat(2, db->dir, "/");

    for (i = 0; i < ArraySize(args) - strip; i++)
    {
        char *tmp;
+        char *sanitise = StrDuplicate(ArrayGet(args, i));
+        for (j = 0; j < strlen(sanitise); j++)
+        {
+            sanitise[j] = DbSanitiseChar(sanitise[j]);
+        }

-        tmp = StrConcat(3, str, ArrayGet(args, i), "/");
+        tmp = StrConcat(3, str, sanitise, "/");

        Free(str);
+        Free(sanitise);

        str = tmp;
    }
@ -253,17 +272,7 @@ DbFileName(Db * db, Array * args)
        /* Sanitize name to prevent directory traversal attacks */
        while (arg[j])
        {
-            switch (arg[j])
-            {
-                case '/':
-                    arg[j] = '_';
-                    break;
-                case '.':
-                    arg[j] = '-';
-                    break;
-                default:
-                    break;
-            }
+            arg[j] = DbSanitiseChar(arg[j]);
            j++;
        }