diff options
author | Max Kellermann <max@duempel.org> | 2010-02-27 19:01:17 +0100 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2010-02-27 19:01:17 +0100 |
commit | a3645984cdf5a827b93b616acd4bae2d33af728a (patch) | |
tree | 77ad72d1be863ee6ea21a4eef3969c5697851715 | |
parent | 43cf4e97b9895e37e7f12fad87f5fa5bb0e83d24 (diff) | |
download | mpd-a3645984cdf5a827b93b616acd4bae2d33af728a.tar.gz mpd-a3645984cdf5a827b93b616acd4bae2d33af728a.tar.xz mpd-a3645984cdf5a827b93b616acd4bae2d33af728a.zip |
command: "update" checks if the path is malformed
This is a very basic check, which only ensures that the path does not
begin with a slash, doesn't have double slashes and the special names
"." and ".." are forbidden.
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/command.c | 18 |
2 files changed, 17 insertions, 2 deletions
@@ -10,6 +10,7 @@ ver 0.16 (20??/??/??) - "load" supports remote playlists (extm3u, pls, asx, xspf, lastfm://) - allow changing replay gain mode on-the-fly - omitting the range end is possible + - "update" checks if the path is malformed * archive: - iso: renamed plugin to "iso9660" - zip: renamed plugin to "zzip" diff --git a/src/command.c b/src/command.c index e591d06e3..ab1a7b0a9 100644 --- a/src/command.c +++ b/src/command.c @@ -1055,9 +1055,16 @@ handle_update(struct client *client, G_GNUC_UNUSED int argc, char *argv[]) unsigned ret; assert(argc <= 2); - if (argc == 2) + if (argc == 2) { path = argv[1]; + if (!uri_safe_local(path)) { + command_error(client, ACK_ERROR_ARG, + "Malformed path"); + return COMMAND_RETURN_ERROR; + } + } + ret = update_enqueue(path, false); if (ret > 0) { client_printf(client, "updating_db: %i\n", ret); @@ -1076,9 +1083,16 @@ handle_rescan(struct client *client, G_GNUC_UNUSED int argc, char *argv[]) unsigned ret; assert(argc <= 2); - if (argc == 2) + if (argc == 2) { path = argv[1]; + if (!uri_safe_local(path)) { + command_error(client, ACK_ERROR_ARG, + "Malformed path"); + return COMMAND_RETURN_ERROR; + } + } + ret = update_enqueue(path, true); if (ret > 0) { client_printf(client, "updating_db: %i\n", ret); |