diff options
| author | Vincent Untz <vuntz@novell.com> | 2010-02-16 19:09:16 +0100 |
|---|---|---|
| committer | Vincent Untz <vuntz@novell.com> | 2010-02-16 19:09:16 +0100 |
| commit | 3aa766b8c1952252913d5891cb0fb4567df7f448 (patch) | |
| tree | a347d77c0a0b6777a0ed1300f616c2e25c721144 | |
| parent | 65e48f8f65f755db466f87ee581713c488eab59f (diff) | |
Add real validation of URI schemes
| -rw-r--r-- | src/cups.c | 47 |
1 files changed, 43 insertions, 4 deletions
@@ -290,6 +290,33 @@ _cph_cups_is_printer_name_valid_internal (const char *name) } static gboolean +_cph_cups_is_scheme_valid_internal (const char *scheme) +{ + int i; + + /* no empty string */ + if (!scheme || scheme[0] == '\0') + return FALSE; + + /* From RFC 1738: + * Scheme names consist of a sequence of characters. The lower case + * letters "a"--"z", digits, and the characters plus ("+"), period + * ("."), and hyphen ("-") are allowed. For resiliency, programs + * interpreting URLs should treat upper case letters as equivalent to + * lower case in scheme names (e.g., allow "HTTP" as well as "http"). + */ + for (i = 0; i < strlen (scheme); i++) { + if (!g_ascii_isalnum (scheme[i]) && + scheme[i] != '+' && + scheme[i] != '.' && + scheme[i] != '-') + return FALSE; + } + + return TRUE; +} + +static gboolean _cph_cups_is_printer_name_valid (CphCups *cups, const char *name) { @@ -338,6 +365,22 @@ _cph_cups_is_job_id_valid (CphCups *cups, return FALSE; } +static gboolean +_cph_cups_is_scheme_valid (CphCups *cups, + const char *scheme) +{ + char *error; + + if (_cph_cups_is_scheme_valid_internal (scheme)) + return TRUE; + + error = g_strdup_printf ("\"%s\" is not a valid scheme.", scheme); + _cph_cups_set_internal_status (cups, error); + g_free (error); + + return FALSE; +} + /* This is some text, but we could potentially do more checks. We don't do them * because cups will already do them. * + for the URI, we could check that the scheme is supported and that the @@ -385,10 +428,6 @@ _CPH_CUPS_IS_VALID (location, "location", FALSE) _CPH_CUPS_IS_VALID (reject_jobs_reason, "reason", FALSE) _CPH_CUPS_IS_VALID (job_hold_until, "job hold until", FALSE) -/* Check for scheme. Unless we hardcode all schemes, we can only check it's - * valid text. */ -_CPH_CUPS_IS_VALID (scheme, "scheme", TRUE) - /* For put/get file: this is some text, but we could potentially do more * checks. We don't do them because cups will already do them. * + for the resource, we could check that it starts with a /, for example. |