thirdparty/scummvm
2
0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CLOUD: Handle paths in marked places

Browse source 
Paths containing '../' are forbidden to use in Files Manager. There is
also a special inner black list of paths which are not used and a check
that specified path is under "savepath" or "rootpath" (from "cloud"
domain).
This commit is contained in:
Alexander Tkachev 2016-08-01 14:55:58 +06:00
parent dd9e5a95dc
commit acfa1d1f10
9 changed files with 132 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

14
backends/networking/sdl_net/handlers/uploadfilehandler.cpp
View file

@ -44,6 +44,12 @@ void UploadFileHandler::handle(Client &client) {
return;
}
// check that <path> contains no '../'
if (HandlerUtils::hasForbiddenCombinations(path)) {
HandlerUtils::setFilesManagerErrorMessageHandler(client, _("Invalid path!"));
return;
}
// transform virtual path to actual file system one
Common::String prefixToRemove = "", prefixToAdd = "";
if (!transformPath(path, prefixToRemove, prefixToAdd, false) || path.empty()) {
@ -51,10 +57,12 @@ void UploadFileHandler::handle(Client &client) {
return;
}
// TODO: handle <path>
// check that <path> exists and is directory
// check that <path> exists, is directory and isn't forbidden
AbstractFSNode *node = g_system->getFilesystemFactory()->makeFileNodePath(path);
if (!HandlerUtils::permittedPath(node->getPath())) {
HandlerUtils::setFilesManagerErrorMessageHandler(client, _("Invalid path!"));
return;
}
if (!node->exists()) {
HandlerUtils::setFilesManagerErrorMessageHandler(client, _("The parent directory doesn't exist!"));
return;