importfeed: Fix reversion that caused some '.' in filenames to be replaced with '_'
sanitizeFilePath was changed to sanitize leading '.', but ImportFeed was running it on parts of the template. So eg the leading '.' in the extension got sanitized. Note the added case for sanitizeLeadingFilePathCharacter ('/':_) -- this was added because, if the template is title/episode and the title is not set, it would expand to "/episode". So this is another potential security fix.
This commit is contained in:
parent
b4db85c265
commit
283d2f85d1
4 changed files with 29 additions and 16 deletions
|
@ -31,17 +31,26 @@ import System.FilePath
|
|||
- that case.
|
||||
-}
|
||||
sanitizeFilePath :: String -> FilePath
|
||||
sanitizeFilePath [] = "file"
|
||||
sanitizeFilePath f = leading (map sanitize f)
|
||||
sanitizeFilePath = sanitizeLeadingFilePathCharacter . sanitizeFilePathComponent
|
||||
|
||||
{- For when the filepath is being built up out of components that should be
|
||||
- individually sanitized, this can be used for each component, followed by
|
||||
- sanitizeLeadingFilePathCharacter for the whole thing.
|
||||
-}
|
||||
sanitizeFilePathComponent :: String -> String
|
||||
sanitizeFilePathComponent = map sanitize
|
||||
where
|
||||
sanitize c
|
||||
| c == '.' || c == '-' = c
|
||||
| isSpace c || isPunctuation c || isSymbol c || isControl c || c == '/' = '_'
|
||||
| otherwise = c
|
||||
|
||||
leading ('.':s) = '_':s
|
||||
leading ('-':s) = '_':s
|
||||
leading s = s
|
||||
sanitizeLeadingFilePathCharacter :: String -> FilePath
|
||||
sanitizeLeadingFilePathCharacter [] = "file"
|
||||
sanitizeLeadingFilePathCharacter ('.':s) = '_':s
|
||||
sanitizeLeadingFilePathCharacter ('-':s) = '_':s
|
||||
sanitizeLeadingFilePathCharacter ('/':s) = '_':s
|
||||
sanitizeLeadingFilePathCharacter s = s
|
||||
|
||||
escapeSequenceInFilePath :: FilePath -> Bool
|
||||
escapeSequenceInFilePath f = '\ESC' `elem` f
|
||||
|
|
|
@ -18,6 +18,8 @@ git-annex (8.20200720.2) UNRELEASED; urgency=medium
|
|||
standalone and OSX app.
|
||||
Thanks, Yaroslav Halchenko
|
||||
* Slightly sped up the linux standalone bundle.
|
||||
* importfeed: Fix reversion that caused some '.' in filenames to be
|
||||
replaced with '_'
|
||||
|
||||
-- Joey Hess <id@joeyh.name> Tue, 21 Jul 2020 12:58:30 -0400
|
||||
|
||||
|
|
|
@ -338,8 +338,9 @@ defaultTemplate = "${feedtitle}/${itemtitle}${extension}"
|
|||
{- Generates a filename to use for a feed item by filling out the template.
|
||||
- The filename may not be unique. -}
|
||||
feedFile :: Utility.Format.Format -> ToDownload -> String -> FilePath
|
||||
feedFile tmpl i extension = Utility.Format.format tmpl $
|
||||
M.map sanitizeFilePath $ M.fromList $ extractFields i ++
|
||||
feedFile tmpl i extension = sanitizeLeadingFilePathCharacter $
|
||||
Utility.Format.format tmpl $
|
||||
M.map sanitizeFilePathComponent $ M.fromList $ extractFields i ++
|
||||
[ ("extension", extension)
|
||||
, extractField "itempubdate" [itempubdate]
|
||||
, extractField "itempubyear" [itempubyear]
|
||||
|
|
|
@ -28,3 +28,4 @@ git annex version 8.20200720.1-g1ccb6699a1
|
|||
|
||||
|
||||
|
||||
> [[fixed|done]] --[[Joey]]
|
||||
|
|
Loading…
Reference in a new issue