Fossil SCM
Disallow invalid unicode characters in filenames.
Commit
897dfa48b4e28b3429f946b73353f1234409967a
Parent
d13143eb3be8c69…
4 files changed
+2
-1
+1
-1
+1
-1
+25
+2
-1
| --- src/add.c | ||
| +++ src/add.c | ||
| @@ -138,11 +138,12 @@ | ||
| 138 | 138 | int vid, /* Add to this VFILE */ |
| 139 | 139 | int caseSensitive /* True if filenames are case sensitive */ |
| 140 | 140 | ){ |
| 141 | 141 | const char *zCollate = caseSensitive ? "binary" : "nocase"; |
| 142 | 142 | if( !file_is_simple_pathname(zPath) ){ |
| 143 | - fossil_fatal("filename contains illegal characters: %s", zPath); | |
| 143 | + fossil_warning("filename contains illegal characters: %s", zPath); | |
| 144 | + return 0; | |
| 144 | 145 | } |
| 145 | 146 | if( db_exists("SELECT 1 FROM vfile" |
| 146 | 147 | " WHERE pathname=%Q COLLATE %s", zPath, zCollate) ){ |
| 147 | 148 | db_multi_exec("UPDATE vfile SET deleted=0" |
| 148 | 149 | " WHERE pathname=%Q COLLATE %s", zPath, zCollate); |
| 149 | 150 |
| --- src/add.c | |
| +++ src/add.c | |
| @@ -138,11 +138,12 @@ | |
| 138 | int vid, /* Add to this VFILE */ |
| 139 | int caseSensitive /* True if filenames are case sensitive */ |
| 140 | ){ |
| 141 | const char *zCollate = caseSensitive ? "binary" : "nocase"; |
| 142 | if( !file_is_simple_pathname(zPath) ){ |
| 143 | fossil_fatal("filename contains illegal characters: %s", zPath); |
| 144 | } |
| 145 | if( db_exists("SELECT 1 FROM vfile" |
| 146 | " WHERE pathname=%Q COLLATE %s", zPath, zCollate) ){ |
| 147 | db_multi_exec("UPDATE vfile SET deleted=0" |
| 148 | " WHERE pathname=%Q COLLATE %s", zPath, zCollate); |
| 149 |
| --- src/add.c | |
| +++ src/add.c | |
| @@ -138,11 +138,12 @@ | |
| 138 | int vid, /* Add to this VFILE */ |
| 139 | int caseSensitive /* True if filenames are case sensitive */ |
| 140 | ){ |
| 141 | const char *zCollate = caseSensitive ? "binary" : "nocase"; |
| 142 | if( !file_is_simple_pathname(zPath) ){ |
| 143 | fossil_warning("filename contains illegal characters: %s", zPath); |
| 144 | return 0; |
| 145 | } |
| 146 | if( db_exists("SELECT 1 FROM vfile" |
| 147 | " WHERE pathname=%Q COLLATE %s", zPath, zCollate) ){ |
| 148 | db_multi_exec("UPDATE vfile SET deleted=0" |
| 149 | " WHERE pathname=%Q COLLATE %s", zPath, zCollate); |
| 150 |
+1
-1
| --- src/checkout.c | ||
| +++ src/checkout.c | ||
| @@ -106,11 +106,11 @@ | ||
| 106 | 106 | /* Check the EXE permission status of all files |
| 107 | 107 | */ |
| 108 | 108 | pManifest = manifest_get(vid, CFTYPE_MANIFEST); |
| 109 | 109 | if( pManifest==0 ) return; |
| 110 | 110 | blob_zero(&filename); |
| 111 | - blob_appendf(&filename, "%s/", g.zLocalRoot); | |
| 111 | + blob_appendf(&filename, "%s", g.zLocalRoot); | |
| 112 | 112 | baseLen = blob_size(&filename); |
| 113 | 113 | manifest_file_rewind(pManifest); |
| 114 | 114 | while( (pFile = manifest_file_next(pManifest, 0))!=0 ){ |
| 115 | 115 | int isExe; |
| 116 | 116 | blob_append(&filename, pFile->zName, -1); |
| 117 | 117 |
| --- src/checkout.c | |
| +++ src/checkout.c | |
| @@ -106,11 +106,11 @@ | |
| 106 | /* Check the EXE permission status of all files |
| 107 | */ |
| 108 | pManifest = manifest_get(vid, CFTYPE_MANIFEST); |
| 109 | if( pManifest==0 ) return; |
| 110 | blob_zero(&filename); |
| 111 | blob_appendf(&filename, "%s/", g.zLocalRoot); |
| 112 | baseLen = blob_size(&filename); |
| 113 | manifest_file_rewind(pManifest); |
| 114 | while( (pFile = manifest_file_next(pManifest, 0))!=0 ){ |
| 115 | int isExe; |
| 116 | blob_append(&filename, pFile->zName, -1); |
| 117 |
| --- src/checkout.c | |
| +++ src/checkout.c | |
| @@ -106,11 +106,11 @@ | |
| 106 | /* Check the EXE permission status of all files |
| 107 | */ |
| 108 | pManifest = manifest_get(vid, CFTYPE_MANIFEST); |
| 109 | if( pManifest==0 ) return; |
| 110 | blob_zero(&filename); |
| 111 | blob_appendf(&filename, "%s", g.zLocalRoot); |
| 112 | baseLen = blob_size(&filename); |
| 113 | manifest_file_rewind(pManifest); |
| 114 | while( (pFile = manifest_file_next(pManifest, 0))!=0 ){ |
| 115 | int isExe; |
| 116 | blob_append(&filename, pFile->zName, -1); |
| 117 |
M
src/db.c
+1
-1
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -1697,11 +1697,11 @@ | ||
| 1697 | 1697 | ** and a checkout is open. */ |
| 1698 | 1698 | if( cacheEntry==0 ){ |
| 1699 | 1699 | Blob versionedPathname; |
| 1700 | 1700 | char *zVersionedPathname; |
| 1701 | 1701 | blob_zero(&versionedPathname); |
| 1702 | - blob_appendf(&versionedPathname, "%s/.fossil-settings/%s", | |
| 1702 | + blob_appendf(&versionedPathname, "%s.fossil-settings/%s", | |
| 1703 | 1703 | g.zLocalRoot, zName); |
| 1704 | 1704 | zVersionedPathname = blob_str(&versionedPathname); |
| 1705 | 1705 | if( file_size(zVersionedPathname)>=0 ){ |
| 1706 | 1706 | /* File exists, and contains the value for this setting. Load from |
| 1707 | 1707 | ** the file. */ |
| 1708 | 1708 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1697,11 +1697,11 @@ | |
| 1697 | ** and a checkout is open. */ |
| 1698 | if( cacheEntry==0 ){ |
| 1699 | Blob versionedPathname; |
| 1700 | char *zVersionedPathname; |
| 1701 | blob_zero(&versionedPathname); |
| 1702 | blob_appendf(&versionedPathname, "%s/.fossil-settings/%s", |
| 1703 | g.zLocalRoot, zName); |
| 1704 | zVersionedPathname = blob_str(&versionedPathname); |
| 1705 | if( file_size(zVersionedPathname)>=0 ){ |
| 1706 | /* File exists, and contains the value for this setting. Load from |
| 1707 | ** the file. */ |
| 1708 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1697,11 +1697,11 @@ | |
| 1697 | ** and a checkout is open. */ |
| 1698 | if( cacheEntry==0 ){ |
| 1699 | Blob versionedPathname; |
| 1700 | char *zVersionedPathname; |
| 1701 | blob_zero(&versionedPathname); |
| 1702 | blob_appendf(&versionedPathname, "%s.fossil-settings/%s", |
| 1703 | g.zLocalRoot, zName); |
| 1704 | zVersionedPathname = blob_str(&versionedPathname); |
| 1705 | if( file_size(zVersionedPathname)>=0 ){ |
| 1706 | /* File exists, and contains the value for this setting. Load from |
| 1707 | ** the file. */ |
| 1708 |
+25
| --- src/file.c | ||
| +++ src/file.c | ||
| @@ -495,10 +495,35 @@ | ||
| 495 | 495 | if( c=='.' ){ |
| 496 | 496 | if( z[1]=='/' || z[1]==0 ) return 0; |
| 497 | 497 | if( z[1]=='.' && (z[2]=='/' || z[2]==0) ) return 0; |
| 498 | 498 | } |
| 499 | 499 | for(i=0; (c=z[i])!=0; i++){ |
| 500 | + if( (c & 0xf0) == 0xf0 ) { | |
| 501 | + /* Unicode characters > U+FFFF are not supported. | |
| 502 | + * Windows XP and earlier cannot handle them. | |
| 503 | + */ | |
| 504 | + return 0; | |
| 505 | + } | |
| 506 | + if( (c & 0xf0) == 0xe0 ) { | |
| 507 | + /* This is a 3-byte UTF-8 character */ | |
| 508 | + if ( (c & 0xfe) == 0xee ){ | |
| 509 | + /* Range U+E000 - U+FFFF (Starting with 0xee or 0xef in UTF-8 ) */ | |
| 510 | + if ( (c & 1) && ((z[i+1] & 0xff) >= 0xa4) ){ | |
| 511 | + /* But exclude U+F900 - U+FFFF (0xef followed by byte >= 0xa4), | |
| 512 | + * which contain valid characters. */ | |
| 513 | + continue; | |
| 514 | + } | |
| 515 | + /* Unicode character in the range U+E000 - U+F8FF are for | |
| 516 | + * private use, they shouldn't occur in filenames. */ | |
| 517 | + return 0; | |
| 518 | + } | |
| 519 | + if( ((c & 0xff) == 0xed) && ((z[i+1] & 0xe0) == 0xa0) ){ | |
| 520 | + /* Unicode character in the range U+D800 - U+DFFF are for | |
| 521 | + * surrogate pairs, they shouldn't occur in filenames. */ | |
| 522 | + return 0; | |
| 523 | + } | |
| 524 | + } | |
| 500 | 525 | if( c=='\\' || c=='*' || c=='[' || c==']' || c=='?' ){ |
| 501 | 526 | return 0; |
| 502 | 527 | } |
| 503 | 528 | if( c=='/' ){ |
| 504 | 529 | if( z[i+1]=='/' ) return 0; |
| 505 | 530 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -495,10 +495,35 @@ | |
| 495 | if( c=='.' ){ |
| 496 | if( z[1]=='/' || z[1]==0 ) return 0; |
| 497 | if( z[1]=='.' && (z[2]=='/' || z[2]==0) ) return 0; |
| 498 | } |
| 499 | for(i=0; (c=z[i])!=0; i++){ |
| 500 | if( c=='\\' || c=='*' || c=='[' || c==']' || c=='?' ){ |
| 501 | return 0; |
| 502 | } |
| 503 | if( c=='/' ){ |
| 504 | if( z[i+1]=='/' ) return 0; |
| 505 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -495,10 +495,35 @@ | |
| 495 | if( c=='.' ){ |
| 496 | if( z[1]=='/' || z[1]==0 ) return 0; |
| 497 | if( z[1]=='.' && (z[2]=='/' || z[2]==0) ) return 0; |
| 498 | } |
| 499 | for(i=0; (c=z[i])!=0; i++){ |
| 500 | if( (c & 0xf0) == 0xf0 ) { |
| 501 | /* Unicode characters > U+FFFF are not supported. |
| 502 | * Windows XP and earlier cannot handle them. |
| 503 | */ |
| 504 | return 0; |
| 505 | } |
| 506 | if( (c & 0xf0) == 0xe0 ) { |
| 507 | /* This is a 3-byte UTF-8 character */ |
| 508 | if ( (c & 0xfe) == 0xee ){ |
| 509 | /* Range U+E000 - U+FFFF (Starting with 0xee or 0xef in UTF-8 ) */ |
| 510 | if ( (c & 1) && ((z[i+1] & 0xff) >= 0xa4) ){ |
| 511 | /* But exclude U+F900 - U+FFFF (0xef followed by byte >= 0xa4), |
| 512 | * which contain valid characters. */ |
| 513 | continue; |
| 514 | } |
| 515 | /* Unicode character in the range U+E000 - U+F8FF are for |
| 516 | * private use, they shouldn't occur in filenames. */ |
| 517 | return 0; |
| 518 | } |
| 519 | if( ((c & 0xff) == 0xed) && ((z[i+1] & 0xe0) == 0xa0) ){ |
| 520 | /* Unicode character in the range U+D800 - U+DFFF are for |
| 521 | * surrogate pairs, they shouldn't occur in filenames. */ |
| 522 | return 0; |
| 523 | } |
| 524 | } |
| 525 | if( c=='\\' || c=='*' || c=='[' || c==']' || c=='?' ){ |
| 526 | return 0; |
| 527 | } |
| 528 | if( c=='/' ){ |
| 529 | if( z[i+1]=='/' ) return 0; |
| 530 |