diff options
author | Alexander Tkachev | 2016-08-01 14:55:58 +0600 |
---|---|---|
committer | Alexander Tkachev | 2016-08-24 16:07:55 +0600 |
commit | acfa1d1f1069e4a4bbed8599d0e6b4e9b2ea37fe (patch) | |
tree | e9d57e3797ac334df20794c10bfec2a049e974b0 /backends/networking/sdl_net/handlers/createdirectoryhandler.cpp | |
parent | dd9e5a95dc5bbae20d3da05d638139120f3113f4 (diff) | |
download | scummvm-rg350-acfa1d1f1069e4a4bbed8599d0e6b4e9b2ea37fe.tar.gz scummvm-rg350-acfa1d1f1069e4a4bbed8599d0e6b4e9b2ea37fe.tar.bz2 scummvm-rg350-acfa1d1f1069e4a4bbed8599d0e6b4e9b2ea37fe.zip |
CLOUD: Handle paths in marked places
Paths containing '../' are forbidden to use in Files Manager. There is
also a special inner black list of paths which are not used and a check
that specified path is under "savepath" or "rootpath" (from "cloud"
domain).
Diffstat (limited to 'backends/networking/sdl_net/handlers/createdirectoryhandler.cpp')
-rw-r--r-- | backends/networking/sdl_net/handlers/createdirectoryhandler.cpp | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/backends/networking/sdl_net/handlers/createdirectoryhandler.cpp b/backends/networking/sdl_net/handlers/createdirectoryhandler.cpp index c539525820..284bf16651 100644 --- a/backends/networking/sdl_net/handlers/createdirectoryhandler.cpp +++ b/backends/networking/sdl_net/handlers/createdirectoryhandler.cpp @@ -61,6 +61,12 @@ void CreateDirectoryHandler::handle(Client &client) { return; } + // check that <path> contains no '../' + if (HandlerUtils::hasForbiddenCombinations(path)) { + handleError(client, _("Invalid path!")); + return; + } + // transform virtual path to actual file system one Common::String prefixToRemove = "", prefixToAdd = ""; if (!transformPath(path, prefixToRemove, prefixToAdd) || path.empty()) { @@ -68,10 +74,12 @@ void CreateDirectoryHandler::handle(Client &client) { return; } - // TODO: handle <path> - - // check that <path> exists and is directory + // check that <path> exists, is directory and isn't forbidden AbstractFSNode *node = g_system->getFilesystemFactory()->makeFileNodePath(path); + if (!HandlerUtils::permittedPath(node->getPath())) { + handleError(client, _("Invalid path!")); + return; + } if (!node->exists()) { handleError(client, _("Parent directory doesn't exists!")); return; |