/* * Format the given command into a buffer, returning the resulting string. * * It is too dangerous to leave any URL that may come along unquoted. They * often contain '&', ';', and '?' chars, and who knows what else may occur. * Prevent spoofing of the shell. Dunno how this needs to be modified for VMS * or DOS. - kw */ PRIVATE char *format_command ARGS2( char *, command, char *, param) { char *cmdbuf = NULL; #if defined(WIN_EX) if (*param != '\"' && strchr(param, ' ') != NULL) { char *cp = quote_pathname(param); format(&cmdbuf, command, cp); FREE(cp); } else { char pram_string[LY_MAXPATH]; LYstrncpy(pram_string, param, sizeof(pram_string)-1); decode_string(pram_string); param = pram_string; if (isMAILTO_URL(param)) { format(&cmdbuf, command, param + 7); } else if (strnicmp("telnet://", param, 9) == 0) { char host[sizeof(pram_string)]; int last_pos; strcpy(host, param + 9); last_pos = strlen(host) - 1; if (last_pos > 1 && host[last_pos] == '/') host[last_pos] = '\0'; format(&cmdbuf, command, host); } else if (strnicmp("file://localhost/", param, 17) == 0) { char e_buff[LY_MAXPATH], *p; p = param + 17; *e_buff = 0; if (strchr(p, ':') == NULL) { sprintf(e_buff, "%.3s/", windows_drive); } strncat(e_buff, p, sizeof(e_buff) - strlen(e_buff) - 1); p = strrchr(e_buff, '.'); if (p) { trimPoundSelector(p); } /* Less ==> short filename with backslashes, * less ==> long filename with forward slashes, may be quoted */ if (ISUPPER(command[0])) { format(&cmdbuf, command, HTDOS_short_name(e_buff)); } else { if (*e_buff != '\"' && strchr(e_buff, ' ') != NULL) { p = quote_pathname(e_buff); LYstrncpy(e_buff, p, sizeof(e_buff)-1); FREE(p); } format(&cmdbuf, command, e_buff); } } else { format(&cmdbuf, command, param); } } #else format(&cmdbuf, command, param); #endif return cmdbuf; }
/* * Format the given command into a buffer, returning the resulting string. * * It is too dangerous to leave any URL that may come along unquoted. They * often contain '&', ';', and '?' chars, and who knows what else may occur. * Prevent spoofing of the shell. Dunno how this needs to be modified for VMS * or DOS. - kw */ static char *format_command(char *command, char *param) { char *cmdbuf = NULL; #if defined(WIN_EX) char pram_string[LY_MAXPATH]; char *escaped = NULL; if (strncasecomp("file://localhost/", param, 17) == 0) { /* decode local path parameter for programs to be able to interpret - TH */ LYStrNCpy(pram_string, param, sizeof(pram_string) - 1); decode_string(pram_string); param = pram_string; } else { /* encode or escape URL parameter - TH */ escaped = escapeParameter(param); param = escaped; } if (isMAILTO_URL(param)) { format(&cmdbuf, command, param + 7); } else if (strncasecomp("telnet://", param, 9) == 0) { char host[sizeof(pram_string)]; int last_pos; LYStrNCpy(host, param + 9, sizeof(host)); last_pos = (int) strlen(host) - 1; if (last_pos > 1 && host[last_pos] == '/') host[last_pos] = '\0'; format(&cmdbuf, command, host); } else if (strncasecomp("file://localhost/", param, 17) == 0) { char e_buff[LY_MAXPATH], *p; p = param + 17; delete_danger_characters(p); *e_buff = 0; if (StrChr(p, ':') == NULL) { sprintf(e_buff, "%.3s/", windows_drive); } strncat(e_buff, p, sizeof(e_buff) - strlen(e_buff) - 1); p = strrchr(e_buff, '.'); if (p) { trimPoundSelector(p); } /* Less ==> short filename with backslashes, * less ==> long filename with forward slashes, may be quoted */ if (ISUPPER(command[0])) { char *short_name = HTDOS_short_name(e_buff); p = quote_pathname(short_name); format(&cmdbuf, command, p); FREE(p); } else { p = quote_pathname(e_buff); format(&cmdbuf, command, p); FREE(p); } } else { format(&cmdbuf, command, param); } FREE(escaped); #else format(&cmdbuf, command, param); #endif return cmdbuf; }