diff options
| author | Tomas Bzatek <tbzatek@users.sourceforge.net> | 2009-10-01 23:38:59 +0200 |
|---|---|---|
| committer | Tomas Bzatek <tbzatek@users.sourceforge.net> | 2009-10-01 23:38:59 +0200 |
| commit | 140ab8b26adefd427fedfc32aadf46f47f7f4019 (patch) | |
| tree | edd3d96bf6d9a2e6754916e82bcf22839b2af11b /UCoreUtils.pas | |
| parent | fbcbfad62bb22b42871052b08d474209511878ce (diff) | |
| download | tuxcmd-140ab8b26adefd427fedfc32aadf46f47f7f4019.tar.xz | |
Peoperly escape username and password in URIv0.6.64
This prevent parsing issues and confusion with separators
Fixes bugs #2454128 and #2808177
Diffstat (limited to 'UCoreUtils.pas')
| -rw-r--r-- | UCoreUtils.pas | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/UCoreUtils.pas b/UCoreUtils.pas index fa89eea..d82f657 100644 --- a/UCoreUtils.pas +++ b/UCoreUtils.pas @@ -32,6 +32,7 @@ type const ConstERRSpawn = 26; ConstQuotationCharacters = [' ', '"', '''', '(', ')', ':', '&']; + ConstURIIllegalCharacters = '%:@/'; function GetErrorString(ErrorNo: integer): string; function GetSignalString(SignalNo: integer): string; @@ -96,6 +97,8 @@ procedure SetupColors; function ConstructURI(IncludePasswd, HidePasswd: boolean; Protocol, Server, Username, Password, Dir: string): string; function URIHidePassword(const SrcURI: string): string; +function UnEscapeURI(const Str: string): string; +function EscapeURI(const Str: string; const IllegalChars: string): string; function StrTotimetDef(const S: string; const Default: time_t): time_t; @@ -838,7 +841,7 @@ begin if (libGnomeUI2Handle = nil) or (@gnome_about_new = nil) then Application.MessageBox(Format(LANGAboutString, [ConstAboutVersion, ConstAboutBuildDate])) else begin - AboutBox := gnome_about_new('Tux Commander', nil, 'Copyright © 2008 Tomáš Bžatek', + AboutBox := gnome_about_new('Tux Commander', nil, 'Copyright © 2009 Tomáš Bžatek', PChar(Format(LANGAboutStringGnome, [ConstAboutVersion, ConstAboutBuildDate])), @Authors, nil, Translations, nil); gtk_window_set_transient_for(GTK_WINDOW(AboutBox), GTK_WINDOW(FMain.FWidget)); @@ -1022,10 +1025,10 @@ function ConstructURI(IncludePasswd, HidePasswd: boolean; Protocol, Server, User begin Result := Protocol + '://'; if Length(Username) > 0 then begin - Result := Result + Username; + Result := Result + EscapeURI(Username, ConstURIIllegalCharacters); if (Length(Password) > 0) and IncludePasswd then begin - if HidePasswd then Result := Result + ':' + StringOfChar('*', Length(Password)) - else Result := Result + ':' + Password; + if HidePasswd then Result := Result + ':' + StringOfChar('*', Length(EscapeURI(Password, ConstURIIllegalCharacters))) + else Result := Result + ':' + EscapeURI(Password, ConstURIIllegalCharacters); end; Result := Result + '@'; end; @@ -1058,6 +1061,37 @@ begin end; (********************************************************************************************************************************) +function UnEscapeURI(const Str: string): string; +var i: integer; +begin + Result := ''; + if Length(Str) > 0 then begin + i := 1; + while i <= Length(Str) do begin + if (Str[i] = '%') and (i <= Length(Str) - 2) then begin + Result := Result + Chr(StrToInt('$' + Copy(Str, i + 1, 2))); + Inc(i, 3); + end else begin + Result := Result + Str[i]; + Inc(i); + end; + end; + end; +end; + +function EscapeURI(const Str: string; const IllegalChars: string): string; +var i: integer; +begin + Result := ''; + if Length(Str) > 0 then + for i := 1 to Length(Str) do begin + if (Ord(Str[i]) >= $80) or (Pos(Str[i], IllegalChars) > 0) + then Result := Result + '%' + IntToHex(Ord(Str[i]), 2) + else Result := Result + Str[i]; + end; +end; + +(********************************************************************************************************************************) procedure DebugMsg(Params: array of const); var I: Integer; |