linuxdcpp-team team mailing list archive

Thread
Date

[Branch ~dcplusplus-team/dcplusplus/trunk] Rev 3121: stricter URI scheme parsing in message link formatting

To: LinuxDC++ Team <linuxdcpp-team@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Thu, 08 Nov 2012 19:55:15 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 3121
committer: poy <poy@xxxxxxxxxx>
branch nick: trunk
timestamp: Thu 2012-11-08 20:52:58 +0100
message:
  stricter URI scheme parsing in message link formatting
modified:
  dcpp/ChatMessage.cpp
  dcpp/ChatMessage.h
  dcpp/forward.h


--
lp:dcplusplus
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk

Your team Dcplusplus-team is subscribed to branch lp:dcplusplus.
To unsubscribe from this branch go to https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk/+edit-subscription

=== modified file 'dcpp/ChatMessage.cpp'
--- dcpp/ChatMessage.cpp	2012-11-08 19:11:36 +0000
+++ dcpp/ChatMessage.cpp	2012-11-08 19:52:58 +0000
@@ -26,6 +26,7 @@
 #include "PluginManager.h"
 #include "SettingsManager.h"
 #include "SimpleXML.h"
+#include "Tagger.h"
 #include "Util.h"
 
 namespace dcpp {
@@ -107,6 +108,12 @@
 	PluginManager::getInstance()->onChatDisplay(htmlMessage, from);
 }
 
+namespace { inline bool validSchemeChar(char c, bool first) {
+	return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') ||
+		(!first && c >= '0' && c <= '9') ||
+		(!first && (c == '+' || c == '.' || c == '-'));
+} }
+
 void ChatMessage::format(string& text, Tagger& tags, string& tmp) {
 	/* link formatting - optimize the lookup a bit by using the fact that every link identifier
 	(except www ones) contains a colon. */
@@ -124,7 +131,13 @@
 	size_t i = 0, begin, end, n = text.size();
 	while((i = text.find(':', i)) != string::npos) {
 
-		if((begin = text.find_last_of(delimiters, i)) == string::npos) begin = 0; else ++begin;
+		// get the left bound; make sure it's a valid scheme according to RFC 3986, section 3.1
+		begin = i;
+		while(begin > 0 && validSchemeChar(text[begin - 1], false)) { --begin; }
+		while(begin < i && !validSchemeChar(text[begin], true)) { ++begin; }
+		if(begin == i) { ++i; continue; }
+
+		// get the right bound
 		if((end = text.find_first_of(delimiters, i + 1)) == string::npos) end = n;
 
 		if(i > 0 && (

=== modified file 'dcpp/ChatMessage.h'
--- dcpp/ChatMessage.h	2012-11-08 19:11:36 +0000
+++ dcpp/ChatMessage.h	2012-11-08 19:52:58 +0000
@@ -20,7 +20,6 @@
 #define DCPLUSPLUS_DCPP_CHAT_MESSAGE_H
 
 #include "forward.h"
-#include "Tagger.h"
 
 #include <string>
 

=== modified file 'dcpp/forward.h'
--- dcpp/forward.h	2012-01-13 20:55:20 +0000
+++ dcpp/forward.h	2012-11-08 19:52:58 +0000
@@ -99,6 +99,8 @@
 
 class StringSearch;
 
+class Tagger;
+
 class TigerHash;
 
 class Transfer;