Exemplo n.º 1
0
/*
 * Format the given command into a buffer, returning the resulting string.
 *
 * It is too dangerous to leave any URL that may come along unquoted.  They
 * often contain '&', ';', and '?' chars, and who knows what else may occur.
 * Prevent spoofing of the shell.  Dunno how this needs to be modified for VMS
 * or DOS.  - kw
 */
PRIVATE char *format_command ARGS2(
    char *,	command,
    char *,	param)
{
    char *cmdbuf = NULL;

#if defined(WIN_EX)
    if (*param != '\"' && strchr(param, ' ') != NULL) {
	char *cp = quote_pathname(param);
	format(&cmdbuf, command, cp);
	FREE(cp);
    } else {
	char pram_string[LY_MAXPATH];

	LYstrncpy(pram_string, param, sizeof(pram_string)-1);
	decode_string(pram_string);
	param = pram_string;

	if (isMAILTO_URL(param)) {
	    format(&cmdbuf, command, param + 7);
	} else if (strnicmp("telnet://", param, 9) == 0) {
	    char host[sizeof(pram_string)];
	    int last_pos;

	    strcpy(host, param + 9);
	    last_pos = strlen(host) - 1;
	    if (last_pos > 1 && host[last_pos] == '/')
		host[last_pos] = '\0';

	    format(&cmdbuf, command, host);
	} else if (strnicmp("file://localhost/", param, 17) == 0) {
	    char e_buff[LY_MAXPATH], *p;

	    p = param + 17;
	    *e_buff = 0;
	    if (strchr(p, ':') == NULL) {
		sprintf(e_buff, "%.3s/", windows_drive);
	    }
	    strncat(e_buff, p, sizeof(e_buff) - strlen(e_buff) - 1);
	    p = strrchr(e_buff, '.');
	    if (p) {
		trimPoundSelector(p);
	    }

	    /* Less ==> short filename with backslashes,
	     * less ==> long filename with forward slashes, may be quoted
	     */
	    if (ISUPPER(command[0])) {
		format(&cmdbuf,
			command, HTDOS_short_name(e_buff));
	    } else {
		if (*e_buff != '\"' && strchr(e_buff, ' ') != NULL) {
		    p = quote_pathname(e_buff);
		    LYstrncpy(e_buff, p, sizeof(e_buff)-1);
		    FREE(p);
		}
		format(&cmdbuf, command, e_buff);
	    }
	} else {
	    format(&cmdbuf, command, param);
	}
    }
#else
    format(&cmdbuf, command, param);
#endif
    return cmdbuf;
}
Exemplo n.º 2
0
/*
 * Format the given command into a buffer, returning the resulting string.
 *
 * It is too dangerous to leave any URL that may come along unquoted.  They
 * often contain '&', ';', and '?' chars, and who knows what else may occur.
 * Prevent spoofing of the shell.  Dunno how this needs to be modified for VMS
 * or DOS.  - kw
 */
static char *format_command(char *command,
			    char *param)
{
    char *cmdbuf = NULL;

#if defined(WIN_EX)
    char pram_string[LY_MAXPATH];
    char *escaped = NULL;

    if (strncasecomp("file://localhost/", param, 17) == 0) {
	/* decode local path parameter for programs to be
	   able to interpret - TH */
	LYStrNCpy(pram_string, param, sizeof(pram_string) - 1);
	decode_string(pram_string);
	param = pram_string;
    } else {
	/* encode or escape URL parameter - TH */
	escaped = escapeParameter(param);
	param = escaped;
    }

    if (isMAILTO_URL(param)) {
	format(&cmdbuf, command, param + 7);
    } else if (strncasecomp("telnet://", param, 9) == 0) {
	char host[sizeof(pram_string)];
	int last_pos;

	LYStrNCpy(host, param + 9, sizeof(host));
	last_pos = (int) strlen(host) - 1;
	if (last_pos > 1 && host[last_pos] == '/')
	    host[last_pos] = '\0';

	format(&cmdbuf, command, host);
    } else if (strncasecomp("file://localhost/", param, 17) == 0) {
	char e_buff[LY_MAXPATH], *p;

	p = param + 17;
	delete_danger_characters(p);
	*e_buff = 0;
	if (StrChr(p, ':') == NULL) {
	    sprintf(e_buff, "%.3s/", windows_drive);
	}
	strncat(e_buff, p, sizeof(e_buff) - strlen(e_buff) - 1);
	p = strrchr(e_buff, '.');
	if (p) {
	    trimPoundSelector(p);
	}

	/* Less ==> short filename with backslashes,
	 * less ==> long filename with forward slashes, may be quoted
	 */
	if (ISUPPER(command[0])) {
	    char *short_name = HTDOS_short_name(e_buff);

	    p = quote_pathname(short_name);
	    format(&cmdbuf, command, p);
	    FREE(p);
	} else {
	    p = quote_pathname(e_buff);
	    format(&cmdbuf, command, p);
	    FREE(p);
	}
    } else {
	format(&cmdbuf, command, param);
    }
    FREE(escaped);
#else
    format(&cmdbuf, command, param);
#endif
    return cmdbuf;
}