uri: added function uri_safe_local()

af964e89 · Max Kellermann · 554b2b0e · af964e89 · af964e89
Commit af964e89 authored Dec 26, 2009 by Max Kellermann
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 0 deletions

uri.c src/uri.c +30 -0

uri.h src/uri.h +12 -0

No files found.
--- a/src/uri.c
+++ b/src/uri.c
@@ -22,6 +22,7 @@
 #include <glib.h>
+#include <assert.h>
 #include <string.h>
 bool uri_has_scheme(const char *uri)
@@ -45,6 +46,35 @@ uri_get_suffix(const char *uri)
 	return suffix;
 }
+static const char *
+verify_uri_segment(const char *p)
+{
+	const char *q;
+	if (*p == 0 || *p == '/' || *p == '.')
+		return NULL;
+	q = strchr(p + 1, '/');
+	return q != NULL ? q : "";
+}
+bool
+uri_safe_local(const char *uri)
+{
+	while (true) {
+		uri = verify_uri_segment(uri);
+		if (uri == NULL)
+			return false;
+		if (*uri == 0)
+			return true;
+		assert(*uri == '/');
+		++uri;
+	}
+}
 char *
 uri_remove_auth(const char *uri)
 {

--- a/src/uri.h
+++ b/src/uri.h
@@ -36,6 +36,18 @@ const char *
 uri_get_suffix(const char *uri);
 /**
+ * Returns true if this is a safe "local" URI:
+ *
+ * - non-empty
+ * - does not begin or end with a slash
+ * - no double slashes
+ * - no path component begins with a dot
+ */
+G_GNUC_PURE
+bool
+uri_safe_local(const char *uri);
+/**
 * Removes HTTP username and password from the URI.  This may be
 * useful for displaying an URI without disclosing secrets.  Returns
 * NULL if nothing needs to be removed, or if the URI is not