uri: added function uri_safe_local()

2 files changed, 42 insertions, 0 deletions

diff --git a/src/uri.c b/src/uri.c
index 41a613de7..3e622de3b 100644
--- a/src/uri.c
+++ b/src/uri.c
@@ -22,6 +22,7 @@
 
 #include <glib.h>
 
+#include <assert.h>
 #include <string.h>
 
 bool uri_has_scheme(const char *uri)
@@ -45,6 +46,35 @@ uri_get_suffix(const char *uri)
 	return suffix;
 }
 
+static const char *
+verify_uri_segment(const char *p)
+{
+	const char *q;
+
+	if (*p == 0 || *p == '/' || *p == '.')
+		return NULL;
+
+	q = strchr(p + 1, '/');
+	return q != NULL ? q : "";
+}
+
+bool
+uri_safe_local(const char *uri)
+{
+	while (true) {
+		uri = verify_uri_segment(uri);
+		if (uri == NULL)
+			return false;
+
+		if (*uri == 0)
+			return true;
+
+		assert(*uri == '/');
+
+		++uri;
+	}
+}
+
 char *
 uri_remove_auth(const char *uri)
 {
diff --git a/src/uri.h b/src/uri.h
index 46d36308b..857080f84 100644
--- a/src/uri.h
+++ b/src/uri.h
@@ -36,6 +36,18 @@ const char *
 uri_get_suffix(const char *uri);
 
 /**
+ * Returns true if this is a safe "local" URI:
+ *
+ * - non-empty
+ * - does not begin or end with a slash
+ * - no double slashes
+ * - no path component begins with a dot
+ */
+G_GNUC_PURE
+bool
+uri_safe_local(const char *uri);
+
+/**
  * Removes HTTP username and password from the URI.  This may be
  * useful for displaying an URI without disclosing secrets.  Returns
  * NULL if nothing needs to be removed, or if the URI is not