aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2010-02-27 19:01:17 +0100
committerMax Kellermann <max@duempel.org>2010-02-27 19:01:17 +0100
commita3645984cdf5a827b93b616acd4bae2d33af728a (patch)
tree77ad72d1be863ee6ea21a4eef3969c5697851715
parent43cf4e97b9895e37e7f12fad87f5fa5bb0e83d24 (diff)
downloadmpd-a3645984cdf5a827b93b616acd4bae2d33af728a.tar.gz
mpd-a3645984cdf5a827b93b616acd4bae2d33af728a.tar.xz
mpd-a3645984cdf5a827b93b616acd4bae2d33af728a.zip
command: "update" checks if the path is malformed
This is a very basic check, which only ensures that the path does not begin with a slash, doesn't have double slashes and the special names "." and ".." are forbidden.
Diffstat (limited to '')
-rw-r--r--NEWS1
-rw-r--r--src/command.c18
2 files changed, 17 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index d04d14e32..714cb533e 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ ver 0.16 (20??/??/??)
- "load" supports remote playlists (extm3u, pls, asx, xspf, lastfm://)
- allow changing replay gain mode on-the-fly
- omitting the range end is possible
+ - "update" checks if the path is malformed
* archive:
- iso: renamed plugin to "iso9660"
- zip: renamed plugin to "zzip"
diff --git a/src/command.c b/src/command.c
index e591d06e3..ab1a7b0a9 100644
--- a/src/command.c
+++ b/src/command.c
@@ -1055,9 +1055,16 @@ handle_update(struct client *client, G_GNUC_UNUSED int argc, char *argv[])
unsigned ret;
assert(argc <= 2);
- if (argc == 2)
+ if (argc == 2) {
path = argv[1];
+ if (!uri_safe_local(path)) {
+ command_error(client, ACK_ERROR_ARG,
+ "Malformed path");
+ return COMMAND_RETURN_ERROR;
+ }
+ }
+
ret = update_enqueue(path, false);
if (ret > 0) {
client_printf(client, "updating_db: %i\n", ret);
@@ -1076,9 +1083,16 @@ handle_rescan(struct client *client, G_GNUC_UNUSED int argc, char *argv[])
unsigned ret;
assert(argc <= 2);
- if (argc == 2)
+ if (argc == 2) {
path = argv[1];
+ if (!uri_safe_local(path)) {
+ command_error(client, ACK_ERROR_ARG,
+ "Malformed path");
+ return COMMAND_RETURN_ERROR;
+ }
+ }
+
ret = update_enqueue(path, true);
if (ret > 0) {
client_printf(client, "updating_db: %i\n", ret);