dark/zerotiertspu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Redis schema updates and fix for GitHub issue #72

Browse source
This commit is contained in:
Adam Ierymenko 2014-05-19 16:13:42 +00:00
parent e270887391
commit b958a2d30c
2 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
node/SoftwareUpdater.cpp
View file

@ -201,7 +201,17 @@ void SoftwareUpdater::_cbHandleGetLatestVersionBinary(void *arg,int code,const s
return;
}
std::string updatesDir(_r->homePath + ZT_PATH_SEPARATOR_S + "updates.d");
std::string updatePath(updatesDir + ZT_PATH_SEPARATOR_S + url.substr(lastSlash + 1));
std::string updateFilename(url.substr(lastSlash + 1));
for(std::string::iterator c(updateFilename.begin());c!=updateFilename.end();++c) {
// Only allow a list of whitelisted characters to make up the filename to prevent any
// path shenanigans, esp on Windows where / is not the path separator.
if (!strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_.0123456789",*c)) {
LOG("software update failed: invalid URL: filename contains invalid characters");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
}
std::string updatePath(updatesDir + ZT_PATH_SEPARATOR_S + updateFilename);
#ifdef __WINDOWS__
CreateDirectoryA(updatesDir.c_str(),NULL);
#else