Ur/Web: src/c/urweb.c comparison

Runtime URL and MIME type filtering

author	Adam Chlipala <adamc@hcoop.net>
date	Sat, 02 May 2009 18:20:15 -0400
parents	21f6d2e65685
children	eac1974924bb

comparison

equal deleted inserted replaced

-:efceae06df17
+:c125df6fabfc
 }
 return r;
 }
+extern int uw_check_url(const char *);
+extern int uw_check_mime(const char *);
 uw_Basis_string uw_Basis_bless(uw_context ctx, uw_Basis_string s) {
-return s;
+if (uw_check_url(s))
+return s;
+else
+uw_error(ctx, FATAL, "Disallowed URL %s", uw_Basis_htmlifyString(ctx, s));
+}
+uw_Basis_string uw_Basis_checkUrl(uw_context ctx, uw_Basis_string s) {
+if (uw_check_url(s))
+return s;
+else
+return NULL;
+}
+int mime_format(const char *s) {
+for (; *s; ++s)
+if (!isalnum(*s) && *s != '/' && *s != '-' && *s != '.')
+return 0;
+return 1;
 }
 uw_Basis_string uw_Basis_blessMime(uw_context ctx, uw_Basis_string s) {
-char *s2;
+if (!mime_format(s))
+uw_error(ctx, FATAL, "MIME type \"%s\" contains invalid character", uw_Basis_htmlifyString(ctx, s));
-for (s2 = s; *s2; ++s2)
-if (!isalnum(*s2) && *s2 != '/' && *s2 != '-' && *s2 != '.')
+if (uw_check_mime(s))
-uw_error(ctx, FATAL, "MIME type \"%s\" contains invalid character %c\n", s, *s2);
+return s;
+else
-return s;
+uw_error(ctx, FATAL, "Disallowed MIME type %s", uw_Basis_htmlifyString(ctx, s));
+}
+uw_Basis_string uw_Basis_checkMime(uw_context ctx, uw_Basis_string s) {
+if (!mime_format(s))
+return NULL;
+if (uw_check_mime(s))
+return s;
+else
+return NULL;
 }
 uw_Basis_string uw_unnull(uw_Basis_string s) {
 return s ? s : "";
 }

Mercurial > urweb