aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorWarren Dukes <warren.dukes@gmail.com>2004-06-02 01:26:15 +0000
committerWarren Dukes <warren.dukes@gmail.com>2004-06-02 01:26:15 +0000
commitefe8a04c70f1dde3c62e88f514433515631db858 (patch)
treed6ba8eb0acd4a299149596718cd4bfb6224f20f1 /src
parentbef55ff3de4a16100b8115950c10f3cede755d3c (diff)
downloadmpd-efe8a04c70f1dde3c62e88f514433515631db858.tar.gz
mpd-efe8a04c70f1dde3c62e88f514433515631db858.tar.xz
mpd-efe8a04c70f1dde3c62e88f514433515631db858.zip
validate url's before adding to playlist
git-svn-id: https://svn.musicpd.org/mpd/trunk@1289 09075e82-0dd4-0310-85a5-a0d7c8717e4f
Diffstat (limited to 'src')
-rw-r--r--src/decode.c21
-rw-r--r--src/inputStream.h2
-rw-r--r--src/ls.c66
-rw-r--r--src/ls.h2
-rw-r--r--src/playlist.c7
5 files changed, 83 insertions, 15 deletions
diff --git a/src/decode.c b/src/decode.c
index 4d04e4c74..e01e63f67 100644
--- a/src/decode.c
+++ b/src/decode.c
@@ -256,13 +256,19 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) {
int ret;
InputStream inStream;
InputPlugin * plugin;
- char path[MAXPATHLEN+1];
+ char * path;
if(isRemoteUrl(pc->utf8url)) {
- strncpy(path, pc->utf8url, MAXPATHLEN);
+ path = utf8StrToLatin1Dup(pc->utf8url);
}
- else strncpy(path, rmp2amp(utf8ToFsCharset(pc->utf8url)), MAXPATHLEN);
- path[MAXPATHLEN] = '\0';
+ else path = strdup(rmp2amp(utf8ToFsCharset(pc->utf8url)));
+
+ if(!path) {
+ dc->error = DECODE_ERROR_FILE;
+ dc->state = DECODE_STATE_STOP;
+ dc->start = 0;
+ return;
+ }
dc->metadataSet = 0;
memset(dc->metadata, 0, DECODE_METADATA_LENGTH);
@@ -275,9 +281,9 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) {
if(openInputStream(&inStream, path) < 0) {
dc->error = DECODE_ERROR_FILE;
- dc->start = 0;
- dc->stop = 0;
dc->state = DECODE_STATE_STOP;
+ dc->start = 0;
+ free(path);
return;
}
@@ -291,6 +297,7 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) {
if(dc->stop) {
dc->state = DECODE_STATE_STOP;
dc->stop = 0;
+ free(path);
return;
}
@@ -345,6 +352,8 @@ void decodeStart(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) {
dc->stop = 0;
dc->state = DECODE_STATE_STOP;
}
+
+ free(path);
}
int decoderInit(PlayerControl * pc, OutputBuffer * cb, DecoderControl * dc) {
diff --git a/src/inputStream.h b/src/inputStream.h
index 5add3f486..6e54315fe 100644
--- a/src/inputStream.h
+++ b/src/inputStream.h
@@ -48,6 +48,8 @@ struct _InputStream {
char * metaTitle;
};
+int isUrlSaneForInputStream(char * url);
+
/* if an error occurs for these 3 functions, then -1 is returned and errno
for the input stream is set */
int openInputStream(InputStream * inStream, char * url);
diff --git a/src/ls.c b/src/ls.c
index 285874585..f477d7fa2 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -22,6 +22,7 @@
#include "path.h"
#include "myfprintf.h"
#include "log.h"
+#include "utf8.h"
#include <sys/types.h>
#include <sys/stat.h>
@@ -41,17 +42,68 @@ char * dupAndStripPlaylistSuffix(char * file) {
return ret;
}
-int isRemoteUrl(char * url) {
- char * prefixes[] = {
- "http://",
- NULL
- };
+static char * remoteUrlPrefixes[] =
+{
+ "http://",
+ NULL
+};
+
+int isValidRemoteUtf8Url(char * utf8url) {
+ int ret = 0;
+ char * lat1 = utf8StrToLatin1Dup(utf8url);
+ char * temp;
+
+ if(!lat1) return 0;
+
+ switch(isRemoteUrl(lat1)) {
+ case 1:
+ ret = 1;
+ temp = lat1;
+ while(*temp) {
+ if((*temp >= 'a' && *temp <= 'z') ||
+ (*temp >= 'A' && *temp <= 'z') ||
+ (*temp >= '0' && *temp <= '9') ||
+ *temp == '$' ||
+ *temp == '-' ||
+ *temp == '.' ||
+ *temp == '+' ||
+ *temp == '!' ||
+ *temp == '*' ||
+ *temp == '\'' ||
+ *temp == '(' ||
+ *temp == ')' ||
+ *temp == ',' ||
+ *temp == '%' ||
+ *temp == '/' ||
+ *temp == ':' ||
+ *temp == '?' ||
+ *temp == ';' ||
+ *temp == '&' ||
+ *temp == '=')
+ {
+ }
+ else {
+ ret = 1;
+ break;
+ }
+ temp++;
+ }
+ break;
+ }
+
+ free(lat1);
+
+ return ret;
+}
- char ** urlPrefixes = prefixes;
+int isRemoteUrl(char * url) {
+ int count = 0;
+ char ** urlPrefixes = remoteUrlPrefixes;
while(*urlPrefixes) {
+ count++;
if(strncmp(*urlPrefixes,url,strlen(*urlPrefixes)) == 0) {
- return 1;
+ return count;
}
urlPrefixes++;
}
diff --git a/src/ls.h b/src/ls.h
index ef19676b1..c297e1670 100644
--- a/src/ls.h
+++ b/src/ls.h
@@ -30,6 +30,8 @@ int lsPlaylists(FILE * fp, char * utf8path);
char * getSuffix(char * utf8file);
+int isValidRemoteUtf8Url(char * utf8url);
+
int isRemoteUrl(char * url);
int isFile(char * utf8file, time_t * mtime);
diff --git a/src/playlist.c b/src/playlist.c
index ba5b5150c..cb9314661 100644
--- a/src/playlist.c
+++ b/src/playlist.c
@@ -471,10 +471,13 @@ int addToPlaylist(FILE * fp, char * url) {
if((song = getSongFromDB(url))) {
}
- else if(isRemoteUrl(url) && (song = newSong(url,SONG_TYPE_URL))) {
+ else if(isValidRemoteUtf8Url(url) &&
+ (song = newSong(url,SONG_TYPE_URL)))
+ {
}
else {
- myfprintf(fp,"%s \"%s\" is not in the music db\n",
+ myfprintf(fp,"%s \"%s\" is not in the music db or is"
+ "not a valid url\n",
COMMAND_RESPOND_ERROR,url);
return -1;
}