From: Heikki Kallasjoki Date: Tue, 10 Nov 2009 17:09:02 +0000 (+0200) Subject: Add proper URL-encoding of user-provided data X-Git-Tag: v0.1~3 X-Git-Url: http://git.maemo.org/git/?p=g2-sharing;a=commitdiff_plain;h=86b7b7bae8024f4aa61a4cba3377bbc9dc397894 Add proper URL-encoding of user-provided data --- diff --git a/src/gallery2.c b/src/gallery2.c index 09caf67..c592d3d 100644 --- a/src/gallery2.c +++ b/src/gallery2.c @@ -16,6 +16,10 @@ #include #include "gallery2.h" +/* Helpers: */ + +static gchar* url_encode (const gchar* source); + /** * gallery2_login: * @con: Connection to use @@ -43,16 +47,25 @@ gallery2_login (ConIcConnection* con, /* Do the login request */ - gchar* url = g_strdup_printf("%s/main.php?g2_controller=remote:GalleryRemote&" - "g2_form[cmd]=login&g2_form[protocol_version]=2.0&" - "g2_form[uname]=%s&g2_form[password]=%s", - urlbase, username, password); + SharingHTTPRunResponse res = 0; - sharing_http_set_connection (http, con); - SharingHTTPRunResponse res = sharing_http_run (http, url); + { + gchar* euser = url_encode (username); + gchar* epass = url_encode (password); - g_free (url); - url = 0; + gchar* url = g_strdup_printf("%s/main.php?g2_controller=remote:GalleryRemote&" + "g2_form[cmd]=login&g2_form[protocol_version]=2.0&" + "g2_form[uname]=%s&g2_form[password]=%s", + urlbase, euser, epass); + + g_free (euser); + g_free (epass); + + sharing_http_set_connection (http, con); + res = sharing_http_run (http, url); + + g_free (url); + } /* Parse the response */ @@ -394,23 +407,33 @@ gallery2_send (ConIcConnection* con, /* Prepare and send the request */ - /* gchar* album = "1652"; */ /* TODO: get from UI/login */ - gchar* media_title = sharing_entry_media_get_title (media); gchar* media_mime = sharing_entry_media_get_mime (media); gchar* media_filename = sharing_entry_media_get_filename (media); const gchar* desc = sharing_entry_media_get_desc (media); - gchar* url = g_strdup_printf("%s/main.php?g2_controller=remote:GalleryRemote%s%s&" - "g2_form[cmd]=add-item&g2_form[protocol_version]=2.0&" - "g2_form[set_albumName]=%s&g2_form[caption]=%s" - "%s%s%s%s", - urlbase, - auth ? "&g2_authToken=" : "", auth ? auth : "", - album, media_title, - desc ? "&g2_form[extrafield.Summary]=" : "", desc ? desc : "", - desc ? "&g2_form[extrafield.Description]=" : "", desc ? desc : ""); + const gchar* title = media_title; + if (!title || !*title) title = media_filename; + if (!title || !*title) title = "(unknown)"; + + gchar* url = 0; + + { + gchar* edesc = (desc && *desc ? url_encode (desc) : 0); + gchar* etitle = url_encode (title); + url = g_strdup_printf("%s/main.php?g2_controller=remote:GalleryRemote%s%s&" + "g2_form[cmd]=add-item&g2_form[protocol_version]=2.0&" + "g2_form[set_albumName]=%s&g2_form[caption]=%s" + "%s%s%s%s", + urlbase, + auth ? "&g2_authToken=" : "", auth ? auth : "", + album, etitle, + edesc ? "&g2_form[extrafield.Summary]=" : "", edesc ? edesc : "", + edesc ? "&g2_form[extrafield.Description]=" : "", edesc ? edesc : ""); + g_free (etitle); + g_free (edesc); + } if (cookies) { @@ -529,3 +552,48 @@ gboolean gallery2_send_callback (SharingHTTP* http, guint64 bytes_sent, gpointer return TRUE; } + +/* Helper implementations */ + +static gchar url_encode_hex[16] = { + '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' +}; + +static gchar* url_encode (const gchar* source) +{ + gchar* dest = 0; + gsize dest_len = 0; + const gchar* s; + gchar* d; + + /* Count new string length */ + + for (s = source; *s; s++) + { + dest_len++; + if (!((*s >= '0' && *s <= '9') || (*s >= 'A' && *s <= 'Z') || (*s >= 'a' && *s <= 'z'))) + dest_len += 2; + } + + /* Build encoded string */ + + dest = g_malloc (dest_len + 1); + + for (s = source, d = dest; *s; s++) + { + if ((*s >= '0' && *s <= '9') || (*s >= 'A' && *s <= 'Z') || (*s >= 'a' && *s <= 'z')) + *d++ = *s; + else if (*s == ' ') + *d++ = '+'; + else + { + *d++ = '%'; + *d++ = url_encode_hex[(*s >> 4) & 0xf]; + *d++ = url_encode_hex[*s & 0xf]; + } + } + + *d = 0; + return dest; +}