couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject [1/6] git commit: improve parsing of mochiweb relative paths
Date Wed, 19 Dec 2012 17:28:51 GMT
Updated Branches:
  refs/heads/1.0.x f5be49631 -> a996d8dfb
  refs/heads/1.1.x 55ba156fd -> 170011330
  refs/heads/1.2.x 6637c7fca -> 4cd384668
  refs/heads/1.3.x 6429a44b2 -> bc5880f7c
  refs/heads/master 2b4ab67a9 -> 6e749bf7e


improve parsing of mochiweb relative paths

Patch adapted from http://www.couchbase.com/issues/browse/MB-7390


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/a996d8df
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/a996d8df
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/a996d8df

Branch: refs/heads/1.0.x
Commit: a996d8dfbc0853f82a2cba3e482df2e7093ff839
Parents: f5be496
Author: Sriram Melkote <siri@couchbase.com>
Authored: Sat Dec 15 04:03:45 2012 +0530
Committer: Jan Lehnardt <jan@apache.org>
Committed: Wed Dec 19 18:21:02 2012 +0100

----------------------------------------------------------------------
 src/mochiweb/mochiweb_util.erl |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/a996d8df/src/mochiweb/mochiweb_util.erl
----------------------------------------------------------------------
diff --git a/src/mochiweb/mochiweb_util.erl b/src/mochiweb/mochiweb_util.erl
index d8fc89d..b5134d3 100644
--- a/src/mochiweb/mochiweb_util.erl
+++ b/src/mochiweb/mochiweb_util.erl
@@ -68,11 +68,17 @@ partition2(_S, _Sep) ->
 %% @spec safe_relative_path(string()) -> string() | undefined
 %% @doc Return the reduced version of a relative path or undefined if it
 %%      is not safe. safe relative paths can be joined with an absolute path
-%%      and will result in a subdirectory of the absolute path.
+%%      and will result in a subdirectory of the absolute path. Safe paths
+%%      never contain a backslash character.
 safe_relative_path("/" ++ _) ->
     undefined;
 safe_relative_path(P) ->
-    safe_relative_path(P, []).
+    case string:chr(P, $\\) of
+        0 ->
+           safe_relative_path(P, []);
+        _ ->
+           undefined
+    end.
 
 safe_relative_path("", Acc) ->
     case Acc of
@@ -707,6 +713,7 @@ test_safe_relative_path() ->
     undefined = safe_relative_path("../foo"),
     undefined = safe_relative_path("foo/../.."),
     undefined = safe_relative_path("foo//"),
+    undefined = safe_relative_path("foo\\bar"),
     ok.
 
 test_parse_qvalues() ->


Mime
View raw message