NS_DECL_ISUPPORTS
// we want to make sure that the names of file can't reach
// outside of the type of storage the user asked for.
bool
isSafePath()
{
nsAString::const_iterator start, end;
mPath.BeginReading(start);
mPath.EndReading(end);
// if the path has a ~ or \ in it, return false.
NS_NAMED_LITERAL_STRING(tilde, "~");
NS_NAMED_LITERAL_STRING(bslash, "\\");
if (FindInReadable(tilde, start, end) ||
FindInReadable(bslash, start, end)) {
return false;
}
// split on /. if any token is "", ., or .., return false.
NS_ConvertUTF16toUTF8 cname(mPath);
char* buffer = cname.BeginWriting();
const char* token;
while ((token = nsCRT::strtok(buffer, "/", &buffer))) {
if (PL_strcmp(token, "") == 0 ||
PL_strcmp(token, ".") == 0 ||
PL_strcmp(token, "..") == 0 ) {
return false;
}
}
return true;
}
