Refactor: pull alert string sanitization into util

This commit is contained in:
Gavin Andresen 2013-11-02 05:27:42 +10:00
parent 0f90613cbe
commit 17faf56262
3 changed files with 15 additions and 9 deletions

View File

@ -241,15 +241,7 @@ bool CAlert::ProcessAlert(bool fThread)
// be safe we first strip anything not in safeChars, then add single quotes around // be safe we first strip anything not in safeChars, then add single quotes around
// the whole string before passing it to the shell: // the whole string before passing it to the shell:
std::string singleQuote("'"); std::string singleQuote("'");
// safeChars chosen to allow simple messages/URLs/email addresses, but avoid anything std::string safeStatus = SanitizeString(strStatusBar);
// even possibly remotely dangerous like & or >
std::string safeChars("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 .,;_/:?@");
std::string safeStatus;
for (std::string::size_type i = 0; i < strStatusBar.size(); i++)
{
if (safeChars.find(strStatusBar[i]) != std::string::npos)
safeStatus.push_back(strStatusBar[i]);
}
safeStatus = singleQuote+safeStatus+singleQuote; safeStatus = singleQuote+safeStatus+singleQuote;
boost::replace_all(strCmd, "%s", safeStatus); boost::replace_all(strCmd, "%s", safeStatus);

View File

@ -475,6 +475,19 @@ bool ParseMoney(const char* pszIn, int64_t& nRet)
return true; return true;
} }
// safeChars chosen to allow simple messages/URLs/email addresses, but avoid anything
// even possibly remotely dangerous like & or >
static string safeChars("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 .,;_/:?@");
string SanitizeString(const string& str)
{
string strResult;
for (std::string::size_type i = 0; i < str.size(); i++)
{
if (safeChars.find(str[i]) != std::string::npos)
strResult.push_back(str[i]);
}
return strResult;
}
const signed char p_util_hexdigit[256] = const signed char p_util_hexdigit[256] =
{ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, { -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,

View File

@ -175,6 +175,7 @@ void ParseString(const std::string& str, char c, std::vector<std::string>& v);
std::string FormatMoney(int64_t n, bool fPlus=false); std::string FormatMoney(int64_t n, bool fPlus=false);
bool ParseMoney(const std::string& str, int64_t& nRet); bool ParseMoney(const std::string& str, int64_t& nRet);
bool ParseMoney(const char* pszIn, int64_t& nRet); bool ParseMoney(const char* pszIn, int64_t& nRet);
std::string SanitizeString(const std::string& str);
std::vector<unsigned char> ParseHex(const char* psz); std::vector<unsigned char> ParseHex(const char* psz);
std::vector<unsigned char> ParseHex(const std::string& str); std::vector<unsigned char> ParseHex(const std::string& str);
bool IsHex(const std::string& str); bool IsHex(const std::string& str);