]>
Commit | Line | Data |
---|---|---|
c13f2f65 JB |
1 | diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c |
2 | --- wget-1.8.2/src/fnmatch.c Sat May 18 05:05:15 2002 | |
3 | +++ wget-1.8.2_save/src/fnmatch.c Fri Oct 4 14:53:40 2002 | |
4 | @@ -198,6 +198,17 @@ | |
5 | return (FNM_NOMATCH); | |
6 | } | |
7 | ||
8 | +/* Return non-zero if S has a leading '/' or contains '../' */ | |
9 | +int | |
10 | +has_invalid_name (const char *s) | |
11 | +{ | |
12 | + if (*s == '/') | |
13 | + return 1; | |
14 | + if (strstr(s, "../") != 0) | |
15 | + return 1; | |
16 | + return 0; | |
17 | +} | |
18 | + | |
19 | /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or | |
20 | `]'). */ | |
21 | int | |
22 | diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c | |
23 | --- wget-1.8.2/src/ftp.c Sat May 18 05:05:16 2002 | |
24 | +++ wget-1.8.2_save/src/ftp.c Fri Oct 4 15:07:22 2002 | |
25 | @@ -1551,6 +1551,8 @@ | |
26 | { | |
27 | struct fileinfo *orig, *start; | |
28 | uerr_t res; | |
29 | + struct fileinfo *f; | |
30 | + | |
31 | ||
32 | con->cmd |= LEAVE_PENDING; | |
33 | ||
34 | @@ -1562,8 +1564,7 @@ | |
35 | opt.accepts and opt.rejects. */ | |
36 | if (opt.accepts || opt.rejects) | |
37 | { | |
38 | - struct fileinfo *f = orig; | |
39 | - | |
40 | + f = orig; | |
41 | while (f) | |
42 | { | |
43 | if (f->type != FT_DIRECTORY && !acceptable (f->name)) | |
44 | @@ -1575,6 +1576,18 @@ | |
45 | f = f->next; | |
46 | } | |
47 | } | |
48 | + /* Remove all files with possible harmful names */ | |
49 | + f = orig; | |
50 | + while (f) | |
51 | + { | |
52 | + if (has_invalid_name(f->name)) | |
53 | + { | |
54 | + logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name); | |
55 | + f = delelement (f, &start); | |
56 | + } | |
57 | + else | |
58 | + f = f->next; | |
59 | + } | |
60 | /* Now weed out the files that do not match our globbing pattern. | |
61 | If we are dealing with a globbing pattern, that is. */ | |
62 | if (*u->file && (action == GLOBALL || action == GETONE)) |