Skip to content
Snippets Groups Projects

http connection: perform sanitisation on the provided filename

Merged Felix Paul Kühne requested to merge fkuehne/vlc-ios:http-fix into master
2 files
+ 24
1
Compare changes
  • Side-by-side
  • Inline
Files
2
@@ -828,6 +828,22 @@ static NSMutableDictionary *authentifiedHosts;
//-----------------------------------------------------------------
#pragma mark multipart form data parser delegate
- (NSString *)_sanitizeFilePath:(NSString *)path {
NSArray *pathComponents = [path pathComponents];
NSMutableArray *validComponents = [NSMutableArray array];
for (NSString *component in pathComponents) {
if ([component isEqualToString:@".."] || [component isEqualToString:@"."]) {
// Skip "." and ".."
continue;
} else {
// Add valid component to the array
[validComponents addObject:component];
}
}
return [NSString pathWithComponents:validComponents];
}
- (void)processStartOfPartWithHeader:(MultipartMessageHeader*) header
{
@@ -843,6 +859,9 @@ static NSMutableDictionary *authentifiedHosts;
return;
}
// make sure to exclude illegal characters
filename = [self _sanitizeFilePath:filename];
// create the path where to store the media temporarily
NSArray *searchPaths = NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES);
NSString *uploadDirPath = [searchPaths.firstObject
Loading