mirror of
https://github.com/KingDuckZ/kamokan.git
synced 2024-11-27 00:43:47 +00:00
Remove invalid utf8 sequences from GET and POST.
This commit is contained in:
parent
f2bee62f0e
commit
fbc9afc81c
7 changed files with 67 additions and 13 deletions
|
@ -27,6 +27,7 @@ add_executable(${PROJECT_NAME}
|
|||
response_factory.cpp
|
||||
list_highlight_langs.cpp
|
||||
settings_bag.cpp
|
||||
sanitized_utf8.cpp
|
||||
)
|
||||
|
||||
configure_file(
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
|
||||
#include "cgi_environment_vars.hpp"
|
||||
#include "get_env.hpp"
|
||||
#include <utility>
|
||||
|
||||
namespace tawashi {
|
||||
std::vector<std::string> cgi_environment_vars() {
|
||||
|
@ -26,8 +27,8 @@ namespace tawashi {
|
|||
retlist.reserve(CGIVars::_size());
|
||||
|
||||
for (CGIVars var : CGIVars::_values()) {
|
||||
auto value = get_env_as<string_ref>(var._to_string(), "");
|
||||
retlist.push_back(std::string(value.data(), value.size()));
|
||||
auto value = get_env_as<std::string>(var._to_string(), "");
|
||||
retlist.push_back(std::move(value));
|
||||
}
|
||||
return retlist;
|
||||
}
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#include "cgi_env.hpp"
|
||||
#include "split_get_vars.hpp"
|
||||
#include "escapist.hpp"
|
||||
#include "sanitized_utf8.hpp"
|
||||
#include <iostream>
|
||||
#include <iterator>
|
||||
#include <algorithm>
|
||||
|
@ -48,6 +49,7 @@ namespace tawashi {
|
|||
input_len,
|
||||
std::back_inserter(original_data)
|
||||
);
|
||||
original_data = sanitized_utf8(original_data);
|
||||
|
||||
Escapist houdini;
|
||||
for (auto& itm : split_env_vars(original_data)) {
|
||||
|
|
|
@ -17,26 +17,24 @@
|
|||
|
||||
#include "get_env.hpp"
|
||||
#include "duckhandy/lexical_cast.hpp"
|
||||
#include "sanitized_utf8.hpp"
|
||||
#include <cstdlib>
|
||||
|
||||
namespace tawashi {
|
||||
boost::optional<boost::string_ref> get_env (const char* parName) {
|
||||
boost::optional<std::string> get_env (const char* parName) {
|
||||
using boost::string_ref;
|
||||
using boost::make_optional;
|
||||
using boost::optional;
|
||||
|
||||
const char* const raw_getvar = secure_getenv(parName);
|
||||
return (raw_getvar ? make_optional(string_ref(raw_getvar)) : optional<string_ref>());
|
||||
if (raw_getvar)
|
||||
return sanitized_utf8(boost::string_ref(raw_getvar));
|
||||
else
|
||||
return optional<std::string>();
|
||||
}
|
||||
|
||||
template <>
|
||||
std::string get_env_as (const char* parName, const std::string& parDefault) {
|
||||
auto var = get_env(parName);
|
||||
return (var ? std::string(var->data(), var->size()) : parDefault);
|
||||
}
|
||||
|
||||
template <>
|
||||
boost::string_ref get_env_as (const char* parName, const boost::string_ref& parDefault) {
|
||||
auto var = get_env(parName);
|
||||
return (var ? *var : parDefault);
|
||||
}
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#include <boost/optional.hpp>
|
||||
|
||||
namespace tawashi {
|
||||
boost::optional<boost::string_ref> get_env (const char* parName);
|
||||
boost::optional<std::string> get_env (const char* parName);
|
||||
|
||||
template <typename A>
|
||||
A get_env_as (const char* parName, const A& parDefault);
|
||||
|
@ -35,7 +35,5 @@ namespace tawashi {
|
|||
template <>
|
||||
std::string get_env_as (const char* parName, const std::string& parDefault);
|
||||
template <>
|
||||
boost::string_ref get_env_as (const char* parName, const boost::string_ref& parDefault);
|
||||
template <>
|
||||
std::size_t get_env_as (const char* parName, const std::size_t& parDefault);
|
||||
} //namespace tawashi
|
||||
|
|
29
src/sanitized_utf8.cpp
Normal file
29
src/sanitized_utf8.cpp
Normal file
|
@ -0,0 +1,29 @@
|
|||
/* Copyright 2017, Michele Santullo
|
||||
* This file is part of "tawashi".
|
||||
*
|
||||
* "tawashi" is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* "tawashi" is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with "tawashi". If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "sanitized_utf8.hpp"
|
||||
#include "utf8.h"
|
||||
#include <iterator>
|
||||
|
||||
namespace tawashi {
|
||||
std::string sanitized_utf8 (const boost::string_ref& parStr) {
|
||||
std::string sanitized;
|
||||
sanitized.reserve(parStr.size());
|
||||
utf8::replace_invalid(parStr.begin(), parStr.end(), std::back_inserter(sanitized));
|
||||
return sanitized;
|
||||
}
|
||||
} //namespace tawashi
|
25
src/sanitized_utf8.hpp
Normal file
25
src/sanitized_utf8.hpp
Normal file
|
@ -0,0 +1,25 @@
|
|||
/* Copyright 2017, Michele Santullo
|
||||
* This file is part of "tawashi".
|
||||
*
|
||||
* "tawashi" is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* "tawashi" is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with "tawashi". If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <boost/utility/string_ref.hpp>
|
||||
#include <string>
|
||||
|
||||
namespace tawashi {
|
||||
std::string sanitized_utf8 (const boost::string_ref& parStr);
|
||||
} //namespace tawashi
|
Loading…
Reference in a new issue