1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

[svn] Make sure that slashes don't sneak in as part of file name via

query string.
Published in <sxsu21eb3te.fsf@florida.arsdigita.de>.
This commit is contained in:
hniksic 2001-06-18 02:08:04 -07:00
parent 69a4cff277
commit e1f4cff68c
2 changed files with 52 additions and 1 deletions

View File

@ -1,3 +1,9 @@
2001-06-18 Hrvoje Niksic <hniksic@arsdigita.com>
* url.c (url_filename): Make sure that slashes that sneak in to
u->file via query string get protected.
(file_name_protect_query_string): New function.
2001-06-14 Hrvoje Niksic <hniksic@arsdigita.com> 2001-06-14 Hrvoje Niksic <hniksic@arsdigita.com>
* recur.c (recursive_retrieve): Also check undesirable_urls with * recur.c (recursive_retrieve): Also check undesirable_urls with

View File

@ -1030,6 +1030,38 @@ mkstruct (const struct urlinfo *u)
return res; return res;
} }
/* Return a malloced copy of S, but protect any '/' characters. */
static char *
file_name_protect_query_string (const char *s)
{
const char *from;
char *to, *dest;
int destlen = 0;
for (from = s; *from; from++)
{
++destlen;
if (*from == '/')
destlen += 2; /* each / gets replaced with %2F, so
it adds two more chars. */
}
dest = (char *)xmalloc (destlen + 1);
for (from = s, to = dest; *from; from++)
{
if (*from != '/')
*to++ = *from;
else
{
*to++ = '%';
*to++ = '2';
*to++ = 'F';
}
}
assert (to - dest == destlen);
*to = '\0';
return dest;
}
/* Create a unique filename, corresponding to a given URL. Calls /* Create a unique filename, corresponding to a given URL. Calls
mkstruct if necessary. Does *not* actually create any directories. */ mkstruct if necessary. Does *not* actually create any directories. */
char * char *
@ -1048,7 +1080,20 @@ url_filename (const struct urlinfo *u)
if (!*u->file) if (!*u->file)
file = xstrdup ("index.html"); file = xstrdup ("index.html");
else else
{
/* If the URL came with a query string, u->file will contain
a question mark followed by query string contents. These
contents can contain '/' which would make us create
unwanted directories. These slashes must be protected
explicitly. */
if (!strchr (u->file, '/'))
file = xstrdup (u->file); file = xstrdup (u->file);
else
{
/*assert (strchr (u->file, '?') != NULL);*/
file = file_name_protect_query_string (u->file);
}
}
} }
if (!have_prefix) if (!have_prefix)