1
/*------------------------------------------------------------------------
2
Module: /extra/development/xamime/xamime_working/ripmime/filename-filters.c
6
Creation Date: 01 Jan 03
7
Description: Filename Filters is a module which is designed to check and 'safety-enhance'
8
filenames which are passed to it. This may include things like removing
9
directory risers ( ../.. ), root directory attempts ( / ), and parameter passing.
10
------------------------------------------------------------------------*/
21
#include "filename-filters.h"
25
#define FL __FILE__, __LINE__
28
#define FNFILTER_DEBUG_PEDANTIC 10
29
#define FNFILTER_DEBUG_NORMAL 1
32
#define FNFILTER_DPEDANTIC ((glb.debug >= FNFILTER_DEBUG_PEDANTIC))
33
#define FNFILTER_DNORMAL ((glb.debug >= FNFILTER_DEBUG_NORMAL ))
35
#define DFN if ((glb.debug >= FNFILTER_DEBUG_NORMAL))
38
struct FNFILTER_globals {
46
static struct FNFILTER_globals glb;
49
int FNFILTER_init( void )
60
int FNFILTER_set_debug( int level )
67
int FNFILTER_set_verbose( int level )
75
int FNFILTER_set_mac( int level )
82
int FNFILTER_set_paranoid( int level )
90
/*------------------------------------------------------------------------
91
Procedure: quick_clean_filename ID:1
92
Purpose: Removes non-7bit characers from the filename
93
Input: char *fname: Null terminated string
96
------------------------------------------------------------------------*/
97
int FNFILTER_paranoid_filter( char *fname, int size )
103
/* Scan for . and .. filenames
105
** Patch supplied by Marco Ariano
106
** Patch modified by Paul L Daniels
109
if ((1 == size)&&('.' == *fname))
113
} else if ((2 == size)&&(0 == strncmp(fname,"..",2))) {
114
snprintf(fname,3,"__");
119
/* scan out any directory separators */
121
p = strrchr(fname,'/');
124
// Check to see that this seperator isn't the -last- char in the string
125
if (*(p+1) == '\0') *p = '\0';
129
PLD_strncpy(tmp,p,sizeof(tmp));
130
PLD_strncpy(fname,tmp,size);
133
else if ( (p = strrchr(fname,'\\')))
135
// Check to see that this seperator isn't the -last- char in the string
136
if (*(p+1) == '\0') *p = '\0';
140
PLD_strncpy(tmp,p,sizeof(tmp));
141
PLD_strncpy(fname,tmp,size);
146
if ( glb.paranoid > 0 )
148
// If we're really paranoid, then we go along and convert anything we don't like
149
// the look of into 7-bit
151
// These days we shouldn't be using this any more as there are many filenames
152
// which require > 7-bit charsets.
156
if( !isalnum((int)*fname) && (*fname != '.') ) *fname='_';
157
if( (*fname < ' ')||(*fname > '~') ) *fname='_';
173
/*------------------------------------------------------------------------
174
Procedure: MIME_decode_filename ID:1
175
Purpose: Removed spurilous characters from filename strings.
176
Input: char *fname: null terminated character string
179
------------------------------------------------------------------------*/
180
int FNFILTER_filter( char *fname, int size )
186
if (fname == NULL) return 0;
190
DFN LOGGER_log("%s:%d:FNFILTER_filter:DEBUG: fname[%d chars] = '%s'\n", FL, fnl, fname );
192
/** If we're handling a Mac file, prefilter **/
197
DFN LOGGER_log("%s:%d:FNFILTER_filter:DEBUG: Filtering x-mac filename '%s'",FL,fname);
200
if (*q == '/') *q = '-'; /** Convert the Mac / separator to a hyphen **/
203
DFN LOGGER_log("%s:%d:FNFILTER_filter:DEBUG: x-mac filename is now '%s'",FL,fname);
207
/* We only look at trimming the quotes off a filename if it has more than 2 chars
208
* because obviously we'll need to strip off 2 chars (leading and finishing quote)
213
/* if the MIME_filename starts and ends with "'s */
214
if ((fname[0] == '\"') && (fname[fnl-1] == '\"'))
216
if (FNFILTER_DNORMAL) LOGGER_log("%s:%d:FNFILTER_filter:DEBUG: Trimming quotes off filename\n", FL );
218
/* reduce the file namelength by two*/
219
fnl = fnl -2; // 17-11-2002: was =-2, thanks to Vasily Chernikov for spotting the glaring error!
221
/* shuffle the MIME_filename chars down */
222
memmove(fname,fname+1,fnl);
224
/* terminate the string */
226
if (FNFILTER_DNORMAL) LOGGER_log("%s:%d:FNFILTER_filter:DEBUG: Trimming filename done, fname = '%s'\n", FL, fname );
230
p = strrchr(fname,'/');
234
PLD_strncpy( tmp, p, sizeof(tmp) );
235
PLD_strncpy( fname, tmp, size);
239
// Check for Windows/DOS backslash seperator
241
p = strrchr( fname, '\\' );
247
PLD_strncpy( tmp, p, sizeof(tmp) );
248
PLD_strncpy( fname, tmp, size );
253
// Scan for ? symbols - these are often used to make the email client pass paremeters to the filename
254
// Check though to see that the previous character is not a '=' symbol, because if it is, then we
255
// actually have an ISO encoded filename
257
p = strchr( fname, '?' );
266
// leave the ? alone, as it's part of an ISO encoded filename
270
// First char of the filename is a '?', change this to a hypen.
275
if (FNFILTER_DNORMAL) LOGGER_log("%s:%d:FNFILTER_filter:DEBUG: Starting paranoia filter\n", FL );
277
FNFILTER_paranoid_filter( fname, strlen( fname ) );
279
if (FNFILTER_DNORMAL) LOGGER_log("%s:%d:FNFILTER_filter:DEBUG: paranoia filter done. Filename='%s'\n", FL, fname );