OpenClonk
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Friends Macros
C4InputValidation.cpp
Go to the documentation of this file.
1 /*
2  * OpenClonk, http://www.openclonk.org
3  *
4  * Copyright (c) 2007-2009, RedWolf Design GmbH, http://www.clonk.de/
5  * Copyright (c) 2009-2016, The OpenClonk Team and contributors
6  *
7  * Distributed under the terms of the ISC license; see accompanying file
8  * "COPYING" for details.
9  *
10  * "Clonk" is a registered trademark of Matthes Bender, used with permission.
11  * See accompanying file "TRADEMARK" for details.
12  *
13  * To redistribute this file separately, substitute the full license texts
14  * for the above references.
15  */
16 // user input validation functions
17 
18 #include "C4Include.h"
19 #include "lib/C4InputValidation.h"
20 #include "lib/C4Log.h"
21 #include "lib/C4Markup.h"
22 
23 #include <cctype>
24 
25 namespace C4InVal
26 {
27  bool ValidateString(char *szString, ValidationOption eOption, size_t iMaxSize)
28  {
29  // validate in a StdStrBuf. Does one alloc and copy :(
30  StdStrBuf buf; buf.Copy(szString);
31  bool fInvalid = ValidateString(buf, eOption);
32  if (fInvalid) SCopy(buf.getData(), szString, iMaxSize);
33  return fInvalid;
34  }
35 
36  bool ValidateString(StdStrBuf &rsString, ValidationOption eOption)
37  {
38  bool fValid = true;
39  // validation depending on option
40  // check min length
41  if (!rsString.getLength())
42  {
43  // empty if not allowed?
44  if (eOption != VAL_NameAllowEmpty && eOption != VAL_NameExAllowEmpty && eOption != VAL_Comment)
45  {
46  rsString.Copy("empty");
47  fValid = false;
48  }
49  }
50  switch (eOption)
51  {
52  case VAL_Filename: // regular filenames only
53  // absolutely no directory traversal
54  if (rsString.ReplaceChar('/', '_')) fValid = false;
55  if (rsString.ReplaceChar('\\', '_')) fValid = false;
56 
57  // fallthrough to general file name validation
58  case VAL_SubPathFilename: // filenames and optional subpath
59  // do not traverse upwards in file hierarchy
60  if (rsString.Replace("..", "__")) fValid = false;
61  if (*rsString.getData() == '/' || *rsString.getData() == '\\') { *rsString.getMData() = '_'; fValid = false; }
62 
63  // fallthrough to general file name validation
64  case VAL_FullPath: // full filename paths
65  // some characters are prohibited in filenames in general
66  if (rsString.ReplaceChar('*', '_')) fValid = false;
67  if (rsString.ReplaceChar('?', '_')) fValid = false;
68  if (rsString.ReplaceChar('<', '_')) fValid = false;
69  if (rsString.ReplaceChar('>', '_')) fValid = false;
70  // ';' and '|' is never allowed in filenames, because it would cause problems in many engine internal file lists
71  if (rsString.ReplaceChar(';', '_')) fValid = false;
72  if (rsString.ReplaceChar('|', '_')) fValid = false;
73  // the colon is generally prohibited except at pos 2 (C:\...), because it could lead to creation of (invisible) streams on NTFS
74  if (rsString.ReplaceChar(':', '_')) fValid = false;
75  if (*rsString.getData() == ':') { *rsString.getMData() = '_'; fValid = false; }
76  // validate drive letter
77  if (rsString.getLength()>=2 && *rsString.getPtr(1) == ':')
78  {
79  if (eOption != VAL_FullPath)
80  {
81  *rsString.getMPtr(1)='_'; fValid = false;
82  }
83  else if (!isalpha((unsigned char)*rsString.getData()) || (*rsString.getPtr(2)!='\\' && *rsString.getPtr(2)!='/'))
84  {
85  *rsString.getMData()=*rsString.getMPtr(1)='_'; fValid = false;
86  }
87  }
88  break;
89 
90  case VAL_NameNoEmpty:
91  case VAL_NameAllowEmpty:
92  // no markup
93  if (C4Markup::StripMarkup(&rsString)) { fValid = false; }
94  // trim spaces
95  if (rsString.TrimSpaces()) fValid = false;
96  // min length
97  if (eOption == VAL_NameNoEmpty) if (!rsString.getLength()) { fValid = false; rsString.Copy("Unknown"); }
98  // max length
99  if (rsString.getLength() > C4MaxName) { fValid = false; rsString.SetLength(C4MaxName); }
100  break;
101 
102  case VAL_NameExNoEmpty:
104  // trim spaces
105  if (rsString.TrimSpaces()) fValid = false;
106  // min length
107  if (eOption == VAL_NameExNoEmpty) if (!rsString.getLength()) { fValid = false; rsString.Copy("Unknown"); }
108  // max length
109  if (rsString.getLength() > C4MaxLongName) { fValid = false; rsString.SetLength(C4MaxLongName); }
110  break;
111 
112  case VAL_IRCName: // nickname for IRC. a-z, A-Z, _^{[]} only; 0-9|- inbetween; max 30 characters
113  if (rsString.getLength() > 30) fValid = false;
114  if (rsString.getLength() < 2) fValid = false;
115  if (!rsString.ValidateChars("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_^{[]}", "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_^{[]}0123456789|-")) { fValid = false; rsString.Copy("Guest"); }
116  if (SEqualNoCase(rsString.getData(), "NickServ")
117  || SEqualNoCase(rsString.getData(), "ChanServ")
118  || SEqualNoCase(rsString.getData(), "MemoServ")
119  || SEqualNoCase(rsString.getData(), "OperServ")
120  || SEqualNoCase(rsString.getData(), "HelpServ")) fValid = false;
121  if (!fValid) rsString.Copy("Guest");
122  break;
123 
124  case VAL_IRCPass: // password for IRC; max 31 characters
125  // max length; no spaces
126  if (rsString.getLength() > 31) { fValid = false; rsString.SetLength(31); }
127  if (rsString.getLength() < 2) { fValid = false; rsString.Copy("secret"); }
128  if (rsString.ReplaceChar(' ', '_')) fValid = false;
129  break;
130 
131  case VAL_IRCChannel: // IRC channel name
132  { // needed for the vector
133  std::vector<StdCopyStrBuf> chans;
134  StdStrBuf SplitPart;
135  StdCopyStrBuf tmp; tmp.Copy(rsString);
136  while(tmp.SplitAtChar(',', &SplitPart)) // Split
137  {
138  chans.push_back(tmp);
139  tmp.Copy(SplitPart);
140  }
141  chans.push_back(tmp);
142  rsString.Clear();
143  for(std::vector<StdCopyStrBuf>::iterator it = chans.begin(); it < chans.end(); ++it) // Reassemble clean
144  {
145  if (it->getLength() > 32) { fValid = false; it->SetLength(32); }
146  else if (it->getLength() < 2) { fValid = false; it->Clear(); }
147  else if (*it->getData() != '#' && *it->getData() != '+') { fValid = false; it->InsertChar('#', 0); }
148  if (it->ReplaceChar(' ', '_')) fValid = false;
149  rsString.Append(*it);
150  if(it+1 < chans.end() && it->getLength() > 0) rsString.Append(",");
151  }
152  if(rsString.getLength() < 2) rsString.Copy("#openclonk");
153  break;
154  }
155 
156  case VAL_Comment: // comment - just limit length
157  if (rsString.getLength() > C4MaxComment) { fValid = false; rsString.SetLength(C4MaxComment); }
158  break;
159 
160  default:
161  assert(!"not yet implemented");
162  }
163  // issue warning for invalid adjustments
164  if (0) if (!fValid)
165  {
166  const char *szOption = "unknown";
167  switch (eOption)
168  {
169  case VAL_Filename: szOption = "filename"; break;
170  case VAL_SubPathFilename: szOption = "(sub-)filename"; break;
171  case VAL_FullPath: szOption = "free filename"; break;
172  case VAL_NameNoEmpty: szOption = "strict name"; break;
173  case VAL_NameExNoEmpty: szOption = "name"; break;
174  case VAL_NameAllowEmpty: szOption = "strict name*"; break;
175  case VAL_NameExAllowEmpty: szOption = "name*"; break;
176  case VAL_IRCName: szOption = "IRC nick"; break;
177  case VAL_IRCPass: szOption = "IRC password"; break;
178  case VAL_IRCChannel: szOption = "IRC channel"; break;
179  case VAL_Comment: szOption = "Comment"; break;
180  }
181  LogF("WARNING: Adjusted invalid user input for \"%s\" to \"%s\"", szOption, rsString.getData());
182  }
183  return !fValid;
184  }
185 
186  bool ValidateInt(int32_t &riVal, int32_t iMinVal, int32_t iMaxVal)
187  {
188  if (riVal < iMinVal) { riVal = iMinVal; return false; }
189  else if (riVal > iMaxVal) { riVal = iMaxVal; return false; }
190  else return true;
191  }
192 }
const char * getData() const
Definition: StdBuf.h:450
void SCopy(const char *szSource, char *sTarget, size_t iMaxL)
Definition: Standard.cpp:122
int Replace(const char *szOld, const char *szNew, size_t iStartSearch=0)
Definition: StdBuf.cpp:291
bool SplitAtChar(char cSplit, StdStrBuf *psSplit)
Definition: StdBuf.h:627
void Clear()
Definition: StdBuf.h:474
bool SEqualNoCase(const char *szStr1, const char *szStr2, int iLen)
Definition: Standard.cpp:177
bool ValidateChars(const char *szInitialChars, const char *szMidChars)
Definition: StdBuf.cpp:367
const unsigned int C4MaxLongName
char * getMData()
Definition: StdBuf.h:451
const unsigned int C4MaxComment
void Append(const char *pnData, size_t iChars)
Definition: StdBuf.h:527
bool ValidateInt(int32_t &riVal, int32_t iMinVal, int32_t iMaxVal)
const unsigned int C4MaxName
int ReplaceChar(char cOld, char cNew)
Definition: StdBuf.cpp:343
bool ValidateString(char *szString, ValidationOption eOption, size_t iMaxSize)
const char * getPtr(size_t i) const
Definition: StdBuf.h:456
size_t getLength() const
Definition: StdBuf.h:453
bool TrimSpaces()
Definition: StdBuf.cpp:477
void SetLength(size_t iLength)
Definition: StdBuf.h:517
char * getMPtr(size_t i)
Definition: StdBuf.h:457
bool LogF(const char *strMessage,...)
Definition: C4Log.cpp:253
void Copy()
Definition: StdBuf.h:475
static bool StripMarkup(char *szText)
Definition: C4Markup.cpp:113