| 1 | // |
|---|---|
| 2 | // ZipCommon.cpp |
| 3 | // |
| 4 | // Library: Zip |
| 5 | // Package: Zip |
| 6 | // Module: ZipCommon |
| 7 | // |
| 8 | // Copyright (c) 2007, Applied Informatics Software Engineering GmbH. |
| 9 | // and Contributors. |
| 10 | // |
| 11 | // SPDX-License-Identifier: BSL-1.0 |
| 12 | // |
| 13 | |
| 14 | |
| 15 | #include "Poco/Zip/ZipCommon.h" |
| 16 | #include "Poco/Path.h" |
| 17 | |
| 18 | |
| 19 | namespace Poco { |
| 20 | namespace Zip { |
| 21 | |
| 22 | |
| 23 | bool ZipCommon::isValidPath(const std::string& path) |
| 24 | { |
| 25 | try |
| 26 | { |
| 27 | if (Path(path, Path::PATH_UNIX).isAbsolute() || Path(path, Path::PATH_WINDOWS).isAbsolute()) |
| 28 | return false; |
| 29 | } |
| 30 | catch (...) |
| 31 | { |
| 32 | return false; |
| 33 | } |
| 34 | |
| 35 | if (path == "..") |
| 36 | return false; |
| 37 | if ((path.size() >= 3) && path.compare(0, 3, "../") == 0) |
| 38 | return false; |
| 39 | if ((path.size() >= 3) && path.compare(0, 3, "..\\") == 0) |
| 40 | return false; |
| 41 | if (path.find("/../") != std::string::npos) |
| 42 | return false; |
| 43 | if (path.find("\\..\\") != std::string::npos) |
| 44 | return false; |
| 45 | if (path.find("/..\\") != std::string::npos) |
| 46 | return false; |
| 47 | if (path.find("\\../") != std::string::npos) |
| 48 | return false; |
| 49 | if ((path.size() >= 2) && path.compare(0, 2, "~/") == 0) |
| 50 | return false; |
| 51 | |
| 52 | return true; |
| 53 | } |
| 54 | |
| 55 | |
| 56 | } } // namespace Poco::Zip |
| 57 |
Generated on 2019-Jun-21 from project POCO revision 1.9.1
Powered by 
Code Browser 2.1
Generator usage only permitted with license.