Replace eepget's whitelist of allowed characters with the blacklist from i2psnark. (closes #562)

Thanks to zzz for pointing me in the right direction so I could fix my own bug. :)
2011-12-11 00:10:38 +00:00
parent 6fa01a3b2d
commit 50e3cdba05
3 changed files with 44 additions and 22 deletions
--- a/core/java/src/net/i2p/util/EepGet.java
+++ b/core/java/src/net/i2p/util/EepGet.java
@ -241,16 +241,34 @@ public class EepGet {
            return sanitize(url);
    }

-    private static final String _safeChars = "abcdefghijklmnopqrstuvwxyz" +
-                                             "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
-                                             "01234567890.,_=@#:";
+
+/* Blacklist borrowed from snark */
+
+  private static final char[] ILLEGAL = new char[] {
+        '<', '>', ':', '"', '/', '\\', '|', '?', '*',
+        0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+        16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+        0x7f };
+
+  /**
+   * Removes 'suspicious' characters from the given file name.
+   * http://msdn.microsoft.com/en-us/library/aa365247%28VS.85%29.aspx
+   */
+
+
    private static String sanitize(String name) {
-        name = name.replace('/', '_');
-        StringBuilder buf = new StringBuilder(name);
-        for (int i = 0; i < name.length(); i++)
-            if (_safeChars.indexOf(buf.charAt(i)) == -1)
-                buf.setCharAt(i, '_');
-        return buf.toString();
+    if (name.equals(".") || name.equals(" "))
+        return "_";
+    String rv = name;
+    if (rv.startsWith("."))
+        rv = '_' + rv.substring(1);
+    if (rv.endsWith(".") || rv.endsWith(" "))
+        rv = rv.substring(0, rv.length() - 1) + '_';
+    for (int i = 0; i < ILLEGAL.length; i++) {
+        if (rv.indexOf(ILLEGAL[i]) >= 0)
+            rv = rv.replace(ILLEGAL[i], '_');
+    }
+    return rv;
    }

    private static void usage() {
--- a/history.txt
+++ b/history.txt
@ -1,3 +1,7 @@
+2011-12-10 kytv
+  * Replace eepget's whitelist of accepted characters with the
+    blacklist from i2psnark. (closes #562)
+
 2011-12-09 zzz
  * Base64: Add decodestring command in main()
  * Console, i2psnark: More button CSS tweaks
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@ -18,7 +18,7 @@ public class RouterVersion {
    /** deprecated */
    public final static String ID = "Monotone";
    public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 18;
+    public final static long BUILD = 19;

    /** for example "-test" */
    public final static String EXTRA = "";