summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEdwin Eefting <edwin@datux.nl>2013-01-22 22:20:31 (GMT)
committer Edwin Eefting <edwin@datux.nl>2013-01-22 22:20:31 (GMT)
commit24c897a74f530418e62f1f7ad1cdbff65d605498 (patch)
treed56425b7b5a209a8471f1e5d5d6a335cfdef1c00
parentbb2b02cc26f2a810378e75ba656e01974943f14f (diff)
fixes in escaping root dir
-rw-r--r--etc/synapse/pl.conf2
-rw-r--r--modules/pl_dir.module/module.cpp279
-rw-r--r--wwwdir/mp.html2
3 files changed, 153 insertions, 130 deletions
diff --git a/etc/synapse/pl.conf b/etc/synapse/pl.conf
index 799fd43..9517a64 100644
--- a/etc/synapse/pl.conf
+++ b/etc/synapse/pl.conf
@@ -1,3 +1,3 @@
{
- "path":"/mediabox/mp3/"
+ "path": "/mediabox/mp3"
}
diff --git a/modules/pl_dir.module/module.cpp b/modules/pl_dir.module/module.cpp
index d588780..2786225 100644
--- a/modules/pl_dir.module/module.cpp
+++ b/modules/pl_dir.module/module.cpp
@@ -152,6 +152,150 @@ namespace pl
};
+ //compares two absolute paths, to see if subdir is really a subdir of dir. (or the same dir)
+ bool isSubdir(path dir, path subdir)
+ {
+ if (dir==subdir)
+ {
+ return(true);
+ }
+
+ while (!subdir.empty())
+ {
+ subdir=subdir.parent_path();
+ if (dir==subdir)
+ return(true);
+ }
+ return(false);
+ }
+
+ /*
+ /a/b
+ /a/b/c/d
+ */
+
+ /*** traverses directories/files
+
+ -currentPath contains the currently 'selected' path.
+ -rootPath is the 'highest' path we can ever reach.
+ -filetype determines if we're looking for a file or directory or both.
+ -direction tells if you want the next or previous file or directory.
+ -RECURSE: its allow to enter or exit directories to find the next of previous file.
+
+ returns resulting path after this movement.
+ when first or last path is reached it loops.
+
+ */
+ enum Edirection { NEXT, PREVIOUS };
+ enum Erecursion { RECURSE, DONT_RECURSE };
+ path movePath(path rootPath, path currentPath, string sortField, Edirection direction, Erecursion recursion, CsortedDir::Efiletype filetype)
+ {
+
+ //determine the path we should get the initial listing of:
+ path listPath;
+ if (currentPath==rootPath)
+ listPath=currentPath;
+ else
+ listPath=currentPath.parent_path();
+
+ path startPath=currentPath;
+
+ CsortedDir::iterator dirI;
+ do
+ {
+ //get sorted directory listing
+ CsortedDir sortedDir(listPath, sortField, filetype);
+
+ if (!sortedDir.empty())
+ {
+
+ //try to find the current path:
+ if (!currentPath.empty())
+ dirI=find(sortedDir.begin(), sortedDir.end(), currentPath.filename());
+ else
+ dirI=sortedDir.end();
+
+ //currentPath not found?
+ if (dirI==sortedDir.end())
+ {
+ //start at the first or last entry depending on direction
+ if (direction==NEXT)
+ dirI=sortedDir.begin();
+ else
+ {
+ dirI=sortedDir.end();
+ dirI--;
+ }
+ }
+ else
+ {
+ //move one step in the correct direction
+ if (direction==NEXT)
+ {
+ dirI++;
+ }
+ //PREVIOUS:
+ else
+ {
+ if (dirI==sortedDir.begin())
+ dirI=sortedDir.end();
+ else
+ dirI--;
+ }
+ }
+
+ //top or bottom was reached
+ if (dirI==sortedDir.end())
+ {
+ //can we one dir higher?
+ if (recursion==RECURSE && listPath!=rootPath)
+ {
+ //yes, so go one dir higher and continue the loop
+ currentPath=listPath;
+ listPath=listPath.parent_path();
+ }
+ else
+ {
+ //no, cant go higher.
+ //clear the current path, so it just gets the first or last entry
+ currentPath.clear();
+ }
+ }
+ //we found something
+ else
+ {
+ //should we recurse?
+ if (recursion==RECURSE && is_directory(listPath/(*dirI)))
+ {
+ //enter it
+ listPath=listPath/(*dirI);
+ currentPath.clear();
+ }
+ else
+ {
+ //return the new path
+ return (listPath/(*dirI));
+ }
+ }
+ }
+ else
+ {
+ //list is empty, our last chance is to go one dir higher, otherwise we will exit the loop:
+ if (recursion==RECURSE && listPath!=rootPath)
+ {
+ //go one dir higher and continue the loop
+ currentPath=listPath;
+ listPath=listPath.parent_path();
+ }
+ }
+
+ }
+ while(currentPath!=startPath);
+
+ //nothing found, just return currentPath
+ return(currentPath);
+ }
+
class Citer
{
private:
@@ -162,134 +306,6 @@ namespace pl
int mId;
-
- private:
-
- //to make stuff more readable and less error prone
- enum Edirection { NEXT, PREVIOUS };
- enum Erecursion { RECURSE, DONT_RECURSE };
-
- /*
- /a/b
- /a/b/c/d
- */
-
- //traverses directories/files
- //currentPath contains the 'selected' path. direction tells if you want to move up or down.
- //returns resulting path after this movement. when first or last path is reached it loops.
- //recursion means, recurse until we're at a file
- //rootPath is the highest path, it can never be escaped.
- path movePath(path rootPath, path currentPath, string sortField, Edirection direction, Erecursion recursion, CsortedDir::Efiletype filetype)
- {
- DEB("rootpath:" << rootPath);
- DEB("currentpath:" << currentPath);
- DEB("gelijko?" << ( currentPath==rootPath));
-
- //determine the path we should get the initial listing of:
- path listPath;
- if (currentPath==rootPath)
- listPath=currentPath;
- else
- listPath=currentPath.parent_path();
-
- path startPath=currentPath;
-
- CsortedDir::iterator dirI;
- do
- {
- //get sorted directory listing
- CsortedDir sortedDir(listPath, sortField, filetype);
-
- if (!sortedDir.empty())
- {
-
- //try to find the current path:
- if (!currentPath.empty())
- dirI=find(sortedDir.begin(), sortedDir.end(), currentPath.filename());
- else
- dirI=sortedDir.end();
-
- //currentPath not found?
- if (dirI==sortedDir.end())
- {
- //start at the first or last entry depending on direction
- if (direction==NEXT)
- dirI=sortedDir.begin();
- else
- {
- dirI=sortedDir.end();
- dirI--;
- }
- }
- else
- {
- //move one step in the correct direction
- if (direction==NEXT)
- {
- dirI++;
- }
- //PREVIOUS:
- else
- {
- if (dirI==sortedDir.begin())
- dirI=sortedDir.end();
- else
- dirI--;
- }
- }
-
- //top or bottom was reached
- if (dirI==sortedDir.end())
- {
- //can we one dir higher?
- if (recursion==RECURSE && listPath!=rootPath)
- {
- //yes, so go one dir higher and continue the loop
- currentPath=listPath;
- listPath=listPath.parent_path();
- }
- else
- {
- //no, cant go higher.
- //clear the current path, so it just gets the first or last entry
- currentPath.clear();
- }
- }
- //we found something
- else
- {
- //should we recurse?
- if (recursion==RECURSE && is_directory(listPath/(*dirI)))
- {
- //enter it
- listPath=listPath/(*dirI);
- currentPath.clear();
- }
- else
- {
- //return the new path
- return (listPath/(*dirI));
- }
- }
- }
- else
- {
- //list is empty, our last chance is to go one dir higher, otherwise we will exit the loop:
- if (recursion==RECURSE && listPath!=rootPath)
- {
- //go one dir higher and continue the loop
- currentPath=listPath;
- listPath=listPath.parent_path();
- }
- }
-
- }
- while(currentPath!=startPath);
-
- //nothing found, just return currentPath
- return(currentPath);
- }
-
public:
//next file
@@ -354,6 +370,13 @@ namespace pl
void send(int dst)
{
+ //there are lots of places/situations where things can go wrong, so do this extra check:
+ if (!isSubdir(mRootPath, mCurrentPath) || !isSubdir(mRootPath, mCurrentFile))
+ {
+ ERROR("escaped rootpath: " << mRootPath << " " << mCurrentPath << " " << mCurrentFile);
+ throw(synapse::runtime_error("Program error: ended up outside rootpath. (dont use trailing slashes for rootpath)"));
+ }
+
Cmsg out;
out.event="pl_Entry";
out.dst=dst;
diff --git a/wwwdir/mp.html b/wwwdir/mp.html
index 026ab36..35e8702 100644
--- a/wwwdir/mp.html
+++ b/wwwdir/mp.html
@@ -4,7 +4,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
- <title>Mindfull player</title>
+ <title>Media Zapper</title>
<script type="text/javascript" src="/synapse/synapse.js"></script>