Commit 40639d17 by Cristy

Add support for SanitizeString() method

1 parent 18107aaa
......@@ -2484,7 +2484,8 @@ MagickExport MagickBooleanType OpenBlob(const ImageInfo *image_info,
if (*filename == '|')
{
char
fileMode[MagickPathExtent];
fileMode[MagickPathExtent],
*sanitize_command;
/*
Pipe image to or from a system command.
......@@ -2495,7 +2496,10 @@ MagickExport MagickBooleanType OpenBlob(const ImageInfo *image_info,
#endif
*fileMode =(*type);
fileMode[1]='\0';
image->blob->file_info.file=(FILE *) popen_utf8(filename+1, fileMode);
sanitize_command=SanitizeString(filename+1);
image->blob->file_info.file=(FILE *) popen_utf8(sanitize_command,
fileMode);
sanitize_command=DestroyString(sanitize_command);
if (image->blob->file_info.file == (FILE *) NULL)
{
ThrowFileException(exception,BlobError,"UnableToOpenBlob",filename);
......
......@@ -324,31 +324,6 @@ MagickPrivate void DelegateComponentTerminus(void)
% o exception: return any errors here.
%
*/
static char *SanitizeDelegateCommand(const char *command)
{
char
*sanitize_command;
const char
*q;
register char
*p;
static char
whitelist[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_- "
".@&;<>()|/\\\'\":%=~`";
sanitize_command=AcquireString(command);
p=sanitize_command;
q=sanitize_command+strlen(sanitize_command);
for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
*p='_';
return(sanitize_command);
}
MagickExport int ExternalDelegateCommand(const MagickBooleanType asynchronous,
const MagickBooleanType verbose,const char *command,char *message,
ExceptionInfo *exception)
......@@ -398,7 +373,7 @@ MagickExport int ExternalDelegateCommand(const MagickBooleanType asynchronous,
(void) FormatLocaleFile(stderr,"%s\n",command);
(void) fflush(stderr);
}
sanitize_command=SanitizeDelegateCommand(command);
sanitize_command=SanitizeString(command);
if (asynchronous != MagickFalse)
(void) ConcatenateMagickString(sanitize_command,"&",MagickPathExtent);
if (message != (char *) NULL)
......@@ -553,21 +528,11 @@ static char *GetMagickPropertyLetter(ImageInfo *image_info,Image *image,
}
char
*property,
value[MagickPathExtent];
const char
*string;
register char
*p,
*q;
static char
whitelist[] =
"^-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
"+&@#/%?=~_|!:,.;()";
if ((image != (Image *) NULL) && (image->debug != MagickFalse))
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
else
......@@ -874,15 +839,7 @@ static char *GetMagickPropertyLetter(ImageInfo *image_info,Image *image,
break;
}
}
/*
Sanitize string.
*/
property=ConstantString(string);
p=property;
q=property+strlen(property);
for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
*p='_';
return(property);
return(SanitizeString(string));
}
static char *InterpretDelegateProperties(ImageInfo *image_info,
......
......@@ -2569,30 +2569,6 @@ static const char *GetMagickPropertyLetter(ImageInfo *image_info,
(ssize_t) image->dispose);
break;
}
case 'F':
{
const char
*q;
register char
*p;
static char
whitelist[] =
"^-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
"+&@#/%?=~_|!:,.;()";
/*
Magick filename (sanitized) - filename given incl. coder & read mods.
*/
WarnNoImageReturn("\"%%%c\"",letter);
(void) CopyMagickString(value,image->magick_filename,MagickPathExtent);
p=value;
q=value+strlen(value);
for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
*p='_';
break;
}
case 'G': /* Image size as geometry = "%wx%h" */
{
WarnNoImageReturn("\"%%%c\"",letter);
......
......@@ -1631,6 +1631,55 @@ MagickExport void ResetStringInfo(StringInfo *string_info)
% %
% %
% %
% S a n t i z e S t r i n g %
% %
% %
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
% SanitizeString() returns an new string removes all characters except
% letters, digits and !#$%&'*+-=?^_`{|}~@.[].
%
% The returned string shoud be freed using DestoryString().
%
% The format of the SanitizeString method is:
%
% char *SanitizeString(const char *source)
%
% A description of each parameter follows:
%
% o source: A character string.
%
*/
MagickExport char *SanitizeString(const char *source)
{
char
*sanitize_source;
const char
*q;
register char
*p;
static char
whitelist[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
"$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&=";
sanitize_source=AcquireString(source);
p=sanitize_source;
q=sanitize_source+strlen(sanitize_source);
for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
*p='_';
return(sanitize_source);
}
/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% %
% %
% %
% S e t S t r i n g I n f o %
% %
% %
......
......@@ -46,6 +46,7 @@ extern MagickExport char
*EscapeString(const char *,const char),
*FileToString(const char *,const size_t,ExceptionInfo *),
*GetEnvironmentValue(const char *),
*SanitizeString(const char *),
*StringInfoToHexString(const StringInfo *),
*StringInfoToString(const StringInfo *),
**StringToArgv(const char *,int *),
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!