Re: [wmvs] OpenSP -R and Win32 from Bjoern Hoehrmann on 2004-09-07 (public-qa-dev@w3.org from September 2004)

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 07 Sep 2004 06:46:47 +0200
To: Liam Quinn <liam@htmlhelp.com>
Cc: QA Dev <public-qa-dev@w3.org>, openjade-devel@lists.sourceforge.net
Message-ID: <41803b42.283498539@smtp.bjoern.hoehrmann.de>

* Liam Quinn wrote:
>> In order to make this behave more properly isSafe(...) would
>> need to allow at least the characters ':' and '\' in paths and
>> it might be neccessary to change the comparison code so that
>> c:\x and c:/x are considered a match.

>Your suggestion for improving isSafe() sounds reasonable to me.

I have applied the following patch,

Index: PosixStorage.cxx
===================================================================
RCS file: /cvsroot/openjade/sp/lib/PosixStorage.cxx,v
retrieving revision 1.1.4.3
diff -u -p -r1.1.4.3 PosixStorage.cxx
--- PosixStorage.cxx    23 Aug 2002 01:14:08 -0000      1.1.4.3
+++ PosixStorage.cxx    7 Sep 2004 04:36:50 -0000
@@ -201,6 +201,10 @@ Boolean PosixStorageManager::isSafe(cons
           || file[i] == '.'
           || file[i] == '-'
           || file[i] == '_'
+#ifdef SP_MSDOS_FILENAMES
+          || file[i] == '\\'
+          || file[i] == ':'
+#endif
        )) return 0;
   }

@@ -212,11 +216,20 @@ Boolean PosixStorageManager::isSafe(cons
     if (dir.size() >= searchDir.size()) {
       size_t j = 0;
       for (; j < searchDir.size(); j++) {
-        if (searchDir[j] != dir[j]) break;
+        if (searchDir[j] != dir[j]
+#ifdef SP_MSDOS_FILENAMES
+        && ((searchDir[j] != '/' && dir[j] == '\\') ||
+            (searchDir[j] != '\\' && dir[j] == '/'))
+#endif
+        ) break;
       }

       if (j == searchDir.size() &&
-           (dir.size() == searchDir.size() || dir[j] == '/')) return 1;
+           (dir.size() == searchDir.size() || dir[j] == '/'
+#ifdef SP_MSDOS_FILENAMES
+                                           || dir[j] == '\\'
+#endif
+           )) return 1;
     }
   }

It is neither pretty nor does it deal with the wide variety of legal
cases (e.g., you have a search path of c:\ and an entity /x it won't be
considered a match) but as this is not really designed to deal with all
legal cases to mitigate risks I've kept it this way. Win32 install docs
should point out that our SGML Library config parameter needs to be a
full x:\ path, in fact, a comment to this effect should precede the
corresponding line in the default configuration file.

Received on Tuesday, 7 September 2004 04:47:40 UTC