--- libaitwww/src/tools.c 2012/07/31 22:59:33 1.2.6.2 +++ libaitwww/src/tools.c 2012/08/06 11:26:23 1.3.2.2 @@ -3,7 +3,7 @@ * by Michael Pounov * * $Author: misho $ -* $Id: tools.c,v 1.2.6.2 2012/07/31 22:59:33 misho Exp $ +* $Id: tools.c,v 1.3.2.2 2012/08/06 11:26:23 misho Exp $ * ************************************************************************** The ELWIX and AITNET software is distributed under the following @@ -60,12 +60,12 @@ www_cmp(const char *ct, const char *s) assert(ct && s); - while (isspace(*ct)) + while (isspace((int) *ct)) ct++; if (!(sc = strchr(ct, ';'))) sc = strchr(ct, '\x0'); - while (isspace(*(sc - 1))) + while (isspace((int) *(sc - 1))) sc--; if (strlen(s) != sc - ct) @@ -87,7 +87,7 @@ www_cmptype(const char *ct, const char *type) assert(ct && type); - while (isspace(*ct)) + while (isspace((int) *ct)) ct++; if (!(sl = strchr(ct, '/'))) @@ -162,7 +162,8 @@ www_unescape(char * __restrict str) { register int i, j; - assert(str); + if (!str) + return; for (i = j = 0; str[j]; i++, j++) { str[i] = str[j]; @@ -176,4 +177,64 @@ www_unescape(char * __restrict str) } str[i] = 0; +} + +/* + * www_undot() - Undotted and clean WWW query filename + * + * @fname = query filename + * @fnlen = filename length + * return: -1 error, 0 not valid filename or >0 validated filename length + */ +int +www_undot(const char * __restrict fname, int fnlen) +{ + char *s, *s2; + int l; + + if (!fname || !fnlen) + return -1; + + /* collapse / sequences */ + if ((s = strstr(fname, "//"))) { + s2 = s + 1; + for (s2 = ++s; *s2 == '/'; s2++); + memmove(s, s2, strlen(s2) + 1); + } + + /* escaped ./ and /./ sequences */ + while (!strncmp(fname, "./", 2)) + memmove((void*) fname, fname + 2, strlen(fname + 1)); + while ((s = strstr(fname, "/./"))) + memmove(s, s + 2, strlen(s + 1)); + + /* alternate between removing leading ../ and removing xxx/../ */ + while (42) { + while (!strncmp(fname, "../", 3)) + memmove((void*) fname, fname + 3, strlen(fname + 2)); + if (!(s = strstr(fname, "/../"))) + break; + for (s2 = s - 1; s2 >= fname && *s2 != '/'; --s2); + memmove(s2 + 1, s + 4, strlen(s + 3)); + } + + /* elide any /.. at the end */ + while ((l = strlen(fname)) > 3 && + !strcmp((s = (char*) fname + l - 3), "/..")) { + for (s2 = s - 1; s2 >= fname && *s2 != '/'; --s2); + if (s2 < fname) + break; + *s2 = 0; + } + + /* if filename is empry add current dir */ + if (!*fname) + strlcpy((char*) fname, "./", fnlen); + + /* check for valid filename */ + if (*fname == '/' || (fname[0] == '.' && fname[1] == '.' && + (!fname[2] || fname[2] == '/'))) + return 0; + + return strlen(fname); }