diff options
author | Florian Dold <florian.dold@gmail.com> | 2019-09-23 17:23:54 +0200 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2019-09-23 17:23:54 +0200 |
commit | 5e859bae099245af0b9a95b6c45059863153b95f (patch) | |
tree | 9fd8281728f111ee40774ee808de3694cab2a8a9 | |
parent | 389b5de09dc3720c22ac86d5cad4c1495fc5be58 (diff) | |
download | exchange-5e859bae099245af0b9a95b6c45059863153b95f.tar.gz exchange-5e859bae099245af0b9a95b6c45059863153b95f.zip |
make URL joining more restrictive to avoid mistakes
-rw-r--r-- | src/util/test_url.c | 10 | ||||
-rw-r--r-- | src/util/util.c | 9 |
2 files changed, 12 insertions, 7 deletions
diff --git a/src/util/test_url.c b/src/util/test_url.c index 59a5e3fa7..f6aab0dc7 100644 --- a/src/util/test_url.c +++ b/src/util/test_url.c | |||
@@ -51,12 +51,8 @@ main (int argc, | |||
51 | 51 | ||
52 | cf (TALER_url_join ("https://taler.net/", "foo", NULL), | 52 | cf (TALER_url_join ("https://taler.net/", "foo", NULL), |
53 | "https://taler.net/foo"); | 53 | "https://taler.net/foo"); |
54 | cf (TALER_url_join ("https://taler.net", "foo", NULL), | 54 | cf (TALER_url_join ("https://taler.net/", "foo", NULL), |
55 | "https://taler.net/foo"); | ||
56 | cf (TALER_url_join ("https://taler.net/", "/foo", NULL), | ||
57 | "https://taler.net/foo"); | 55 | "https://taler.net/foo"); |
58 | cf (TALER_url_join ("https://taler.net/", "/foo/", NULL), | ||
59 | "https://taler.net/foo/"); | ||
60 | 56 | ||
61 | cf (TALER_url_join ("https://taler.net/", "foo", "x", "42", NULL), | 57 | cf (TALER_url_join ("https://taler.net/", "foo", "x", "42", NULL), |
62 | "https://taler.net/foo?x=42"); | 58 | "https://taler.net/foo?x=42"); |
@@ -67,11 +63,11 @@ main (int argc, | |||
67 | cf (TALER_url_join ("https://taler.net/", "foo", "x", "", "y", "1", NULL), | 63 | cf (TALER_url_join ("https://taler.net/", "foo", "x", "", "y", "1", NULL), |
68 | "https://taler.net/foo?x=&y=1"); | 64 | "https://taler.net/foo?x=&y=1"); |
69 | 65 | ||
70 | cf (TALER_url_join ("https://taler.net", "foo/bar", "x", "a&b", NULL), | 66 | cf (TALER_url_join ("https://taler.net/", "foo/bar", "x", "a&b", NULL), |
71 | "https://taler.net/foo/bar?x=a%26b"); | 67 | "https://taler.net/foo/bar?x=a%26b"); |
72 | 68 | ||
73 | /* Path component is not encoded! */ | 69 | /* Path component is not encoded! */ |
74 | cf (TALER_url_join ("https://taler.net", "foo/bar?spam=eggs&quux=", NULL), | 70 | cf (TALER_url_join ("https://taler.net/", "foo/bar?spam=eggs&quux=", NULL), |
75 | "https://taler.net/foo/bar?spam=eggs&quux="); | 71 | "https://taler.net/foo/bar?spam=eggs&quux="); |
76 | 72 | ||
77 | cf (TALER_url_absolute_raw ("https", "taler.net", "foo/bar", "baz", | 73 | cf (TALER_url_absolute_raw ("https", "taler.net", "foo/bar", "baz", |
diff --git a/src/util/util.c b/src/util/util.c index 75ace4dcf..027daf427 100644 --- a/src/util/util.c +++ b/src/util/util.c | |||
@@ -300,6 +300,15 @@ TALER_url_join (const char *base_url, | |||
300 | va_list args; | 300 | va_list args; |
301 | 301 | ||
302 | GNUNET_assert (NULL != res); | 302 | GNUNET_assert (NULL != res); |
303 | GNUNET_assert (NULL != base_url); | ||
304 | GNUNET_assert (NULL != path); | ||
305 | GNUNET_assert (strlen (base_url) > 0); | ||
306 | |||
307 | // Must be an actual base URL! | ||
308 | GNUNET_assert ('/' == base_url[strlen (base_url) - 1]); | ||
309 | |||
310 | // Path must be relative to existing path of base URL | ||
311 | GNUNET_assert ('/' != path[0]); | ||
303 | 312 | ||
304 | grow_string (&res, base_url, &n); | 313 | grow_string (&res, base_url, &n); |
305 | 314 | ||