Fix inconsistent sanitation with the database (#32)

Cytoplasm's Db currently doesn't sanitate database entries consistently, and this PR should be a quick fix for this.

Reviewed-on: Telodendria/Cytoplasm#32
Co-authored-by: lda <lda@freetards.xyz>
Co-committed-by: lda <lda@freetards.xyz>
This commit is contained in:
lda 2024-05-26 15:31:14 -05:00 committed by Jordan Bancino
parent 346b912a06
commit 9108fef701

View file

@ -218,19 +218,38 @@ DbHashKey(Array * args)
return str; return str;
} }
static char
DbSanitiseChar(char input)
{
switch (input)
{
case '/':
return '_';
case '.':
return '-';
}
return input;
}
static char * static char *
DbDirName(Db * db, Array * args, size_t strip) DbDirName(Db * db, Array * args, size_t strip)
{ {
size_t i; size_t i, j;
char *str = StrConcat(2, db->dir, "/"); char *str = StrConcat(2, db->dir, "/");
for (i = 0; i < ArraySize(args) - strip; i++) for (i = 0; i < ArraySize(args) - strip; i++)
{ {
char *tmp; char *tmp;
char *sanitise = StrDuplicate(ArrayGet(args, i));
for (j = 0; j < strlen(sanitise); j++)
{
sanitise[j] = DbSanitiseChar(sanitise[j]);
}
tmp = StrConcat(3, str, ArrayGet(args, i), "/"); tmp = StrConcat(3, str, sanitise, "/");
Free(str); Free(str);
Free(sanitise);
str = tmp; str = tmp;
} }
@ -253,17 +272,7 @@ DbFileName(Db * db, Array * args)
/* Sanitize name to prevent directory traversal attacks */ /* Sanitize name to prevent directory traversal attacks */
while (arg[j]) while (arg[j])
{ {
switch (arg[j]) arg[j] = DbSanitiseChar(arg[j]);
{
case '/':
arg[j] = '_';
break;
case '.':
arg[j] = '-';
break;
default:
break;
}
j++; j++;
} }