You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2012/12/19 18:28:51 UTC
[3/6] git commit: improve parsing of mochiweb relative paths
improve parsing of mochiweb relative paths
Patch adapted from http://www.couchbase.com/issues/browse/MB-7390
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/4cd38466
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/4cd38466
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/4cd38466
Branch: refs/heads/1.2.x
Commit: 4cd3846680e39f51b655979ffb3109d71b0fa7ea
Parents: cf10ab1
Author: Sriram Melkote <si...@couchbase.com>
Authored: Sat Dec 15 04:03:45 2012 +0530
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Wed Dec 19 18:01:02 2012 +0100
----------------------------------------------------------------------
src/mochiweb/mochiweb_util.erl | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/4cd38466/src/mochiweb/mochiweb_util.erl
----------------------------------------------------------------------
diff --git a/src/mochiweb/mochiweb_util.erl b/src/mochiweb/mochiweb_util.erl
index 3b50fe7..6b88818 100644
--- a/src/mochiweb/mochiweb_util.erl
+++ b/src/mochiweb/mochiweb_util.erl
@@ -68,11 +68,17 @@ partition2(_S, _Sep) ->
%% @spec safe_relative_path(string()) -> string() | undefined
%% @doc Return the reduced version of a relative path or undefined if it
%% is not safe. safe relative paths can be joined with an absolute path
-%% and will result in a subdirectory of the absolute path.
+%% and will result in a subdirectory of the absolute path. Safe paths
+%% never contain a backslash character.
safe_relative_path("/" ++ _) ->
undefined;
safe_relative_path(P) ->
- safe_relative_path(P, []).
+ case string:chr(P, $\\) of
+ 0 ->
+ safe_relative_path(P, []);
+ _ ->
+ undefined
+ end.
safe_relative_path("", Acc) ->
case Acc of
@@ -809,6 +815,7 @@ safe_relative_path_test() ->
undefined = safe_relative_path("../foo"),
undefined = safe_relative_path("foo/../.."),
undefined = safe_relative_path("foo//"),
+ undefined = safe_relative_path("foo\\bar"),
ok.
parse_qvalues_test() ->