mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
[svn] Make sure that slashes don't sneak in as part of file name via
query string. Published in <sxsu21eb3te.fsf@florida.arsdigita.de>.
This commit is contained in:
parent
69a4cff277
commit
e1f4cff68c
@ -1,3 +1,9 @@
|
||||
2001-06-18 Hrvoje Niksic <hniksic@arsdigita.com>
|
||||
|
||||
* url.c (url_filename): Make sure that slashes that sneak in to
|
||||
u->file via query string get protected.
|
||||
(file_name_protect_query_string): New function.
|
||||
|
||||
2001-06-14 Hrvoje Niksic <hniksic@arsdigita.com>
|
||||
|
||||
* recur.c (recursive_retrieve): Also check undesirable_urls with
|
||||
|
45
src/url.c
45
src/url.c
@ -1030,6 +1030,38 @@ mkstruct (const struct urlinfo *u)
|
||||
return res;
|
||||
}
|
||||
|
||||
/* Return a malloced copy of S, but protect any '/' characters. */
|
||||
|
||||
static char *
|
||||
file_name_protect_query_string (const char *s)
|
||||
{
|
||||
const char *from;
|
||||
char *to, *dest;
|
||||
int destlen = 0;
|
||||
for (from = s; *from; from++)
|
||||
{
|
||||
++destlen;
|
||||
if (*from == '/')
|
||||
destlen += 2; /* each / gets replaced with %2F, so
|
||||
it adds two more chars. */
|
||||
}
|
||||
dest = (char *)xmalloc (destlen + 1);
|
||||
for (from = s, to = dest; *from; from++)
|
||||
{
|
||||
if (*from != '/')
|
||||
*to++ = *from;
|
||||
else
|
||||
{
|
||||
*to++ = '%';
|
||||
*to++ = '2';
|
||||
*to++ = 'F';
|
||||
}
|
||||
}
|
||||
assert (to - dest == destlen);
|
||||
*to = '\0';
|
||||
return dest;
|
||||
}
|
||||
|
||||
/* Create a unique filename, corresponding to a given URL. Calls
|
||||
mkstruct if necessary. Does *not* actually create any directories. */
|
||||
char *
|
||||
@ -1048,7 +1080,20 @@ url_filename (const struct urlinfo *u)
|
||||
if (!*u->file)
|
||||
file = xstrdup ("index.html");
|
||||
else
|
||||
{
|
||||
/* If the URL came with a query string, u->file will contain
|
||||
a question mark followed by query string contents. These
|
||||
contents can contain '/' which would make us create
|
||||
unwanted directories. These slashes must be protected
|
||||
explicitly. */
|
||||
if (!strchr (u->file, '/'))
|
||||
file = xstrdup (u->file);
|
||||
else
|
||||
{
|
||||
/*assert (strchr (u->file, '?') != NULL);*/
|
||||
file = file_name_protect_query_string (u->file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!have_prefix)
|
||||
|
Loading…
Reference in New Issue
Block a user