diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2016-02-05 01:44:27 -0500 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2016-02-05 01:44:27 -0500 |
commit | 4520534e6d5576f0647d03d6c573c5d7d45ccf6e (patch) | |
tree | 5871d4b60f9b4fab60b22287a065b5b0deac1815 /src/tool_operhlp.c | |
parent | d49881cb19971c058eca4a41317b6487bf939e5c (diff) | |
download | curl-4520534e6d5576f0647d03d6c573c5d7d45ccf6e.tar.gz |
tool_doswin: Improve sanitization processing
- Add unit test 1604 to test the sanitize_file_name function.
- Use -DCURL_STATICLIB when building libcurltool for unit testing.
- Better detection of reserved DOS device names.
- New flags to modify sanitize behavior:
SANITIZE_ALLOW_COLONS: Allow colons
SANITIZE_ALLOW_PATH: Allow path separators and colons
SANITIZE_ALLOW_RESERVED: Allow reserved device names
SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename
- Restore sanitization of banned characters from user-specified outfile.
Prior to this commit sanitization of a user-specified outfile was
temporarily disabled in 2b6dadc because there was no way to allow path
separators and colons through while replacing other banned characters.
Now in such a case we call the sanitize function with
SANITIZE_ALLOW_PATH which allows path separators and colons to pass
through.
Closes https://github.com/curl/curl/issues/624
Reported-by: Octavio Schroeder
Diffstat (limited to 'src/tool_operhlp.c')
-rw-r--r-- | src/tool_operhlp.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c index 387dcb628..fb344f65d 100644 --- a/src/tool_operhlp.c +++ b/src/tool_operhlp.c @@ -29,6 +29,7 @@ #include "tool_cfgable.h" #include "tool_convert.h" +#include "tool_doswin.h" #include "tool_operhlp.h" #include "tool_metalink.h" @@ -151,6 +152,17 @@ CURLcode get_url_file_name(char **filename, const char *url) if(!*filename) return CURLE_OUT_OF_MEMORY; +#if defined(MSDOS) || defined(WIN32) + { + char *sanitized; + SANITIZEcode sc = sanitize_file_name(&sanitized, *filename, 0); + Curl_safefree(*filename); + if(sc) + return CURLE_URL_MALFORMAT; + *filename = sanitized; + } +#endif /* MSDOS || WIN32 */ + /* in case we built debug enabled, we allow an environment variable * named CURL_TESTDIR to prefix the given file name to put it into a * specific directory |