Runtime URL and MIME type filtering

author: Adam Chlipala <adamc@hcoop.net> 2009-05-02 18:20:15 -0400
committer: Adam Chlipala <adamc@hcoop.net> 2009-05-02 18:20:15 -0400
commit: 2d37bf0ef2c634819293a191eff9799934b08346 (patch)
tree: 0baf5761c294a6cf6f12d93b16849bec6a4eb9cd /src/c
parent: 20d3fa9974879189544b752e43842a67c1fec0b9 (diff)
1 files changed, 38 insertions, 7 deletions
diff --git a/src/c/urweb.c b/src/c/urweb.c
index cc02b3d1..1f256681 100644
--- a/src/c/urweb.c
+++ b/src/c/urweb.c
@@ -2437,18 +2437,49 @@ failure_kind uw_initialize(uw_context ctx) {
   return r;
 }
 
+extern int uw_check_url(const char *);
+extern int uw_check_mime(const char *);
+
 uw_Basis_string uw_Basis_bless(uw_context ctx, uw_Basis_string s) {
-  return s;
+  if (uw_check_url(s))
+    return s;
+  else
+    uw_error(ctx, FATAL, "Disallowed URL %s", uw_Basis_htmlifyString(ctx, s));
+}
+
+uw_Basis_string uw_Basis_checkUrl(uw_context ctx, uw_Basis_string s) {
+  if (uw_check_url(s))
+    return s;
+  else
+    return NULL;
+}
+
+int mime_format(const char *s) {
+  for (; *s; ++s)
+    if (!isalnum(*s) && *s != '/' && *s != '-' && *s != '.')
+      return 0;
+
+  return 1;
 }
 
 uw_Basis_string uw_Basis_blessMime(uw_context ctx, uw_Basis_string s) {
-  char *s2;
+  if (!mime_format(s))
+    uw_error(ctx, FATAL, "MIME type \"%s\" contains invalid character", uw_Basis_htmlifyString(ctx, s));
 
-  for (s2 = s; *s2; ++s2)
-    if (!isalnum(*s2) && *s2 != '/' && *s2 != '-' && *s2 != '.')
-      uw_error(ctx, FATAL, "MIME type \"%s\" contains invalid character %c\n", s, *s2);
-  
-  return s;
+  if (uw_check_mime(s))
+    return s;
+  else
+    uw_error(ctx, FATAL, "Disallowed MIME type %s", uw_Basis_htmlifyString(ctx, s));
+}
+
+uw_Basis_string uw_Basis_checkMime(uw_context ctx, uw_Basis_string s) {
+  if (!mime_format(s))
+    return NULL;
+
+  if (uw_check_mime(s))
+    return s;
+  else
+    return NULL;
 }
 
 uw_Basis_string uw_unnull(uw_Basis_string s) {
author	Adam Chlipala <adamc@hcoop.net>	2009-05-02 18:20:15 -0400
committer	Adam Chlipala <adamc@hcoop.net>	2009-05-02 18:20:15 -0400
commit	2d37bf0ef2c634819293a191eff9799934b08346 (patch)
tree	0baf5761c294a6cf6f12d93b16849bec6a4eb9cd /src/c
parent	20d3fa9974879189544b752e43842a67c1fec0b9 (diff)