if (*filename == '|')
{
char
- fileMode[MagickPathExtent];
+ fileMode[MagickPathExtent],
+ *sanitize_command;
/*
Pipe image to or from a system command.
#endif
*fileMode =(*type);
fileMode[1]='\0';
- image->blob->file_info.file=(FILE *) popen_utf8(filename+1, fileMode);
+ sanitize_command=SanitizeString(filename+1);
+ image->blob->file_info.file=(FILE *) popen_utf8(sanitize_command,
+ fileMode);
+ sanitize_command=DestroyString(sanitize_command);
if (image->blob->file_info.file == (FILE *) NULL)
{
ThrowFileException(exception,BlobError,"UnableToOpenBlob",filename);
% o exception: return any errors here.
%
*/
-
-static char *SanitizeDelegateCommand(const char *command)
-{
- char
- *sanitize_command;
-
- const char
- *q;
-
- register char
- *p;
-
- static char
- whitelist[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_- "
- ".@&;<>()|/\\\'\":%=~`";
-
- sanitize_command=AcquireString(command);
- p=sanitize_command;
- q=sanitize_command+strlen(sanitize_command);
- for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
- *p='_';
- return(sanitize_command);
-}
-
MagickExport int ExternalDelegateCommand(const MagickBooleanType asynchronous,
const MagickBooleanType verbose,const char *command,char *message,
ExceptionInfo *exception)
(void) FormatLocaleFile(stderr,"%s\n",command);
(void) fflush(stderr);
}
- sanitize_command=SanitizeDelegateCommand(command);
+ sanitize_command=SanitizeString(command);
if (asynchronous != MagickFalse)
(void) ConcatenateMagickString(sanitize_command,"&",MagickPathExtent);
if (message != (char *) NULL)
}
char
- *property,
value[MagickPathExtent];
const char
*string;
- register char
- *p,
- *q;
-
- static char
- whitelist[] =
- "^-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
- "+&@#/%?=~_|!:,.;()";
-
if ((image != (Image *) NULL) && (image->debug != MagickFalse))
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
else
break;
}
}
- /*
- Sanitize string.
- */
- property=ConstantString(string);
- p=property;
- q=property+strlen(property);
- for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
- *p='_';
- return(property);
+ return(SanitizeString(string));
}
static char *InterpretDelegateProperties(ImageInfo *image_info,
(ssize_t) image->dispose);
break;
}
- case 'F':
- {
- const char
- *q;
-
- register char
- *p;
-
- static char
- whitelist[] =
- "^-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
- "+&@#/%?=~_|!:,.;()";
-
- /*
- Magick filename (sanitized) - filename given incl. coder & read mods.
- */
- WarnNoImageReturn("\"%%%c\"",letter);
- (void) CopyMagickString(value,image->magick_filename,MagickPathExtent);
- p=value;
- q=value+strlen(value);
- for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
- *p='_';
- break;
- }
case 'G': /* Image size as geometry = "%wx%h" */
{
WarnNoImageReturn("\"%%%c\"",letter);
% %
% %
% %
+% S a n t i z e S t r i n g %
+% %
+% %
+% %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%
+% SanitizeString() returns an new string removes all characters except
+% letters, digits and !#$%&'*+-=?^_`{|}~@.[].
+%
+% The returned string shoud be freed using DestoryString().
+%
+% The format of the SanitizeString method is:
+%
+% char *SanitizeString(const char *source)
+%
+% A description of each parameter follows:
+%
+% o source: A character string.
+%
+*/
+MagickExport char *SanitizeString(const char *source)
+{
+ char
+ *sanitize_source;
+
+ const char
+ *q;
+
+ register char
+ *p;
+
+ static char
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+ "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&=";
+
+ sanitize_source=AcquireString(source);
+ p=sanitize_source;
+ q=sanitize_source+strlen(sanitize_source);
+ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
+ *p='_';
+ return(sanitize_source);
+}
+\f
+/*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+% %
+% %
+% %
% S e t S t r i n g I n f o %
% %
% %
*EscapeString(const char *,const char),
*FileToString(const char *,const size_t,ExceptionInfo *),
*GetEnvironmentValue(const char *),
+ *SanitizeString(const char *),
*StringInfoToHexString(const StringInfo *),
*StringInfoToString(const StringInfo *),
**StringToArgv(const char *,int *),
projects / imagemagick / commitdiff