importfeed: Fix reversion that caused some '.' in filenames to be replaced with '_'
sanitizeFilePath was changed to sanitize leading '.', but ImportFeed was running it on parts of the template. So eg the leading '.' in the extension got sanitized. Note the added case for sanitizeLeadingFilePathCharacter ('/':_) -- this was added because, if the template is title/episode and the title is not set, it would expand to "/episode". So this is another potential security fix.
This commit is contained in:
parent
b4db85c265
commit
283d2f85d1
4 changed files with 29 additions and 16 deletions
|
@ -31,17 +31,26 @@ import System.FilePath
|
|||
- that case.
|
||||
-}
|
||||
sanitizeFilePath :: String -> FilePath
|
||||
sanitizeFilePath [] = "file"
|
||||
sanitizeFilePath f = leading (map sanitize f)
|
||||
sanitizeFilePath = sanitizeLeadingFilePathCharacter . sanitizeFilePathComponent
|
||||
|
||||
{- For when the filepath is being built up out of components that should be
|
||||
- individually sanitized, this can be used for each component, followed by
|
||||
- sanitizeLeadingFilePathCharacter for the whole thing.
|
||||
-}
|
||||
sanitizeFilePathComponent :: String -> String
|
||||
sanitizeFilePathComponent = map sanitize
|
||||
where
|
||||
sanitize c
|
||||
| c == '.' || c == '-' = c
|
||||
| isSpace c || isPunctuation c || isSymbol c || isControl c || c == '/' = '_'
|
||||
| otherwise = c
|
||||
|
||||
leading ('.':s) = '_':s
|
||||
leading ('-':s) = '_':s
|
||||
leading s = s
|
||||
sanitizeLeadingFilePathCharacter :: String -> FilePath
|
||||
sanitizeLeadingFilePathCharacter [] = "file"
|
||||
sanitizeLeadingFilePathCharacter ('.':s) = '_':s
|
||||
sanitizeLeadingFilePathCharacter ('-':s) = '_':s
|
||||
sanitizeLeadingFilePathCharacter ('/':s) = '_':s
|
||||
sanitizeLeadingFilePathCharacter s = s
|
||||
|
||||
escapeSequenceInFilePath :: FilePath -> Bool
|
||||
escapeSequenceInFilePath f = '\ESC' `elem` f
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue