Audacity 3.2.0
XMLTagHandler.cpp
Go to the documentation of this file.
1/**********************************************************************
2
3 Audacity: A Digital Audio Editor
4
5 XMLTagHandler.cpp
6
7 Dominic Mazzoni
8 Vaughan Johnson
9
10
11*//****************************************************************//*******************************************************************/
23
24#include "XMLTagHandler.h"
25
26#ifdef _WIN32
27 #include <windows.h>
28 #include <wx/msw/winundef.h>
29#endif
30
31#include <wx/defs.h>
32#include <wx/arrstr.h>
33#include <wx/filename.h>
34
35#include "FileNames.h"
36
37
38// "Good" means the name is well-formed and names an existing file or folder.
39bool XMLValueChecker::IsGoodFileName(const FilePath & strFileName, const FilePath & strDirName /* = "{} */)
40{
41 // Test strFileName.
42 if (!IsGoodFileString(strFileName) ||
43 (strDirName.length() + 1 + strFileName.length() > PLATFORM_MAX_PATH))
44 return false;
45
46 // Test the corresponding wxFileName.
47 wxFileName fileName(strDirName, strFileName);
48 return (fileName.IsOk() && fileName.FileExists());
49}
50
52{
53 return (!str.empty() &&
54
55 // FILENAME_MAX is 260 in MSVC, but inconsistent across platforms,
56 // sometimes huge, but we use 260 for all platforms.
57 (str.length() <= 260) &&
58
59 (str.Find(wxFileName::GetPathSeparator()) == -1)); // No path separator characters.
60}
61
62bool XMLValueChecker::IsGoodSubdirName(const FilePath & strSubdirName, const FilePath & strDirName /* = {} */)
63{
64 // Test strSubdirName.
65 // Note this prevents path separators, and relative path to parents (strDirName),
66 // so fixes vulnerability #3 in the NGS report for UmixIt,
67 // where an attacker could craft an AUP file with relative pathnames to get to system files, for example.
68 if (!IsGoodFileString(strSubdirName) ||
69 (strSubdirName == wxT(".")) || (strSubdirName == wxT("..")) ||
70 (strDirName.length() + 1 + strSubdirName.length() > PLATFORM_MAX_PATH))
71 return false;
72
73 // Test the corresponding wxFileName.
74 wxFileName fileName(strDirName, strSubdirName);
75 return (fileName.IsOk() && fileName.DirExists());
76}
77
79{
80 // Test the corresponding wxFileName.
81 wxFileName fileName(strPathName);
82 return XMLValueChecker::IsGoodFileName(fileName.GetFullName(), fileName.GetPath(wxPATH_GET_VOLUME));
83}
84
86{
87 return (!str.empty() &&
88 (str.length() <= PLATFORM_MAX_PATH));
89}
90
91void XMLTagHandler::ReadXMLEndTag(const char *tag)
92{
93 HandleXMLEndTag(tag);
94}
95
96void XMLTagHandler::ReadXMLContent(const char *s, int len)
97{
98 HandleXMLContent(std::string_view(s, len));
99}
100
102{
103 return HandleXMLChild(tag);
104}
#define str(a)
#define PLATFORM_MAX_PATH
Definition: FileNames.h:43
wxString FilePath
Definition: Project.h:20
This class is an interface which should be implemented by classes which wish to be able to load and s...
Definition: XMLTagHandler.h:42
virtual XMLTagHandler * HandleXMLChild(const std::string_view &tag)=0
virtual void HandleXMLEndTag(const std::string_view &WXUNUSED(tag))
Definition: XMLTagHandler.h:59
virtual void HandleXMLContent(const std::string_view &WXUNUSED(content))
Definition: XMLTagHandler.h:64
void ReadXMLContent(const char *s, int len)
XMLTagHandler * ReadXMLChild(const char *tag)
void ReadXMLEndTag(const char *tag)
static bool IsGoodSubdirName(const FilePath &strSubdirName, const FilePath &strDirName={})
static bool IsGoodFileString(const FilePath &str)
static bool IsGoodPathName(const FilePath &strPathName)
static bool IsGoodPathString(const FilePath &str)
static bool IsGoodFileName(const FilePath &strFileName, const FilePath &strDirName={})