mav56: #163253# tread invalid path segments correctly

author: Mikhail Voytenko <mav@openoffice.org> 2010-08-10 11:05:20 +0200
committer: Mikhail Voytenko <mav@openoffice.org> 2010-08-10 11:05:20 +0200
commit: 7c457734f3e76c7f9b5eb69d7a917dee9bab6bc3 (patch)
tree: ce3b0d841610625d3d85200d4d58b987dc42266b /ucb
parent: 85a4e97dc97a88c59ab0cf8a4d89d9f9413adf9f (diff)
2 files changed, 21 insertions, 16 deletions
diff --git a/ucb/source/ucp/package/makefile.mk b/ucb/source/ucp/package/makefile.mk
index 8c6dcda31829..a8cdf7430703 100644
--- a/ucb/source/ucp/package/makefile.mk
+++ b/ucb/source/ucp/package/makefile.mk
@@ -68,6 +68,7 @@ SHL1IMPLIB=i$(TARGET)
 SHL1VERSIONMAP=$(SOLARENV)/src/component.map
 
 SHL1STDLIBS=\
+    $(COMPHELPERLIB) \
     $(CPPUHELPERLIB) \
     $(CPPULIB) \
     $(SALLIB)  \
diff --git a/ucb/source/ucp/package/pkguri.cxx b/ucb/source/ucp/package/pkguri.cxx
index feb8daec7905..8424ed906e92 100644
--- a/ucb/source/ucp/package/pkguri.cxx
+++ b/ucb/source/ucp/package/pkguri.cxx
@@ -36,6 +36,7 @@
 
 #include "rtl/ustrbuf.hxx"
 #include "osl/diagnose.h"
+#include "comphelper/storagehelper.hxx"
 
 #include "../inc/urihelper.hxx"
 
@@ -85,7 +86,7 @@ void PackageUri::init() const
         if ( ( m_aUri.getLength() < PACKAGE_URL_SCHEME_LENGTH + 4 ) )
         {
             // error, but remember that we did a init().
-            m_aPath = rtl::OUString::createFromAscii( "/" );
+            m_aPath = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
             return;
         }
 
@@ -100,7 +101,7 @@ void PackageUri::init() const
                 != sal_Unicode( '/' ) ) )
         {
             // error, but remember that we did a init().
-            m_aPath = rtl::OUString::createFromAscii( "/" );
+            m_aPath = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
             return;
         }
 
@@ -128,8 +129,8 @@ void PackageUri::init() const
             {
                 m_aParam +=
                     ( m_aParam.getLength()
-                      ? ::rtl::OUString::createFromAscii( "&purezip" )
-                      : ::rtl::OUString::createFromAscii( "?purezip" ) );
+                      ? ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "&purezip" ) )
+                      : ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "?purezip" ) ) );
             }
 
             aPureUri = aPureUri.replaceAt( 0,
@@ -143,7 +144,7 @@ void PackageUri::init() const
                 // Only <scheme>:/// - Empty authority
 
                 // error, but remember that we did a init().
-                m_aPath = rtl::OUString::createFromAscii( "/" );
+                m_aPath = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
                 return;
             }
             else if ( nEnd == ( aPureUri.getLength() - 1 ) )
@@ -154,7 +155,7 @@ void PackageUri::init() const
                     // Only <scheme>://// or <scheme>://<something>//
 
                     // error, but remember that we did a init().
-                    m_aPath = rtl::OUString::createFromAscii( "/" );
+                    m_aPath = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
                     return;
                 }
 
@@ -175,7 +176,7 @@ void PackageUri::init() const
                     nStart, aPureUri.getLength() - nStart, aNormPackage );
                 m_aPackage
                     = ::ucb_impl::urihelper::decodeSegment( aNormPackage );
-                m_aPath = rtl::OUString::createFromAscii( "/" );
+                m_aPath = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
                 m_aUri = m_aUri.replaceAt( 0,
                                            ( nParam >= 0 )
                                            ? nParam
@@ -193,16 +194,19 @@ void PackageUri::init() const
             {
                 m_aPath = aPureUri.copy( nEnd + 1 );
 
-                // Empty path segments or encoded slashes?
-                if ( m_aPath.indexOf(
-                         rtl::OUString::createFromAscii( "//" ) ) != -1
-                  || m_aPath.indexOf(
-                      rtl::OUString::createFromAscii( "%2F" ) ) != -1
-                  || m_aPath.indexOf(
-                      rtl::OUString::createFromAscii( "%2f" ) ) != -1 )
+                // Unexpected sequences of characters:
+                // - empty path segments
+                // - encoded slashes
+                // - parent folder segments ".."
+                // - current folder segments "."
+                if ( m_aPath.indexOf( rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "//" ) ) ) != -1
+                  || m_aPath.indexOf( rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "%2F" ) ) ) != -1
+                  || m_aPath.indexOf( rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "%2f" ) ) ) != -1
+                  || ::comphelper::OStorageHelper::PathHasSegment( m_aPath, ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( ".." ) ) )
+                  || ::comphelper::OStorageHelper::PathHasSegment( m_aPath, ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "." ) ) ) )
                 {
                     // error, but remember that we did a init().
-                    m_aPath = rtl::OUString::createFromAscii( "/" );
+                    m_aPath = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
                     return;
                 }
 
@@ -239,7 +243,7 @@ void PackageUri::init() const
         else
         {
             // error, but remember that we did a init().
-            m_aPath = rtl::OUString::createFromAscii( "/" );
+            m_aPath = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
         }
     }
 }
author	Mikhail Voytenko <mav@openoffice.org>	2010-08-10 11:05:20 +0200
committer	Mikhail Voytenko <mav@openoffice.org>	2010-08-10 11:05:20 +0200
commit	7c457734f3e76c7f9b5eb69d7a917dee9bab6bc3 (patch)
tree	ce3b0d841610625d3d85200d4d58b987dc42266b /ucb
parent	85a4e97dc97a88c59ab0cf8a4d89d9f9413adf9f (diff)