admin: distfiles/file-fetcher.pl - refuse filenames with escape codes (%20, ...

sparky sparky at pld-linux.org
Wed Mar 30 20:15:00 CEST 2011


Author: sparky                       Date: Wed Mar 30 18:15:00 2011 GMT
Module: admin                         Tag: HEAD
---- Log message:
- refuse filenames with escape codes (%20, %7E)

---- Files affected:
admin/distfiles:
   file-fetcher.pl (1.56 -> 1.57) 

---- Diffs:

================================================================
Index: admin/distfiles/file-fetcher.pl
diff -u admin/distfiles/file-fetcher.pl:1.56 admin/distfiles/file-fetcher.pl:1.57
--- admin/distfiles/file-fetcher.pl:1.56	Wed Dec  8 20:54:45 2010
+++ admin/distfiles/file-fetcher.pl	Wed Mar 30 20:14:55 2011
@@ -231,6 +231,13 @@
 
   push @files, $bn;
 
+  if ( $bn =~ m/(%[0-9a-f]{2})/i ) {
+    $problems .= "$bn: refusing to download file with uri escape codes ($1) in the name\n";
+    $bn =~ s/%[0-9a-f]{2}/_/g;
+    $problems .= "HINT: use $url#/$bn as source to rename the file\n\n";
+    return;
+  }
+
   if (got_on_distfiles($md5, $url)) {
     $normal_out .=
         "ALREADY GOT: $url\n" .
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/admin/distfiles/file-fetcher.pl?r1=1.56&r2=1.57&f=u



More information about the pld-cvs-commit mailing list