Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-08-09 18:13:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

more work toward keeping /~/../.. from working

Browse source
This commit is contained in:
Seth Alves 2016-04-29 11:03:14 -07:00 committed by Seth Alves
parent ced18fe6be
commit f03130ff5a
3 changed files with 26 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
libraries/script-engine/src/ScriptEngine.cpp
View file

@ -914,7 +914,12 @@ void ScriptEngine::include(const QStringList& includeFiles, QScriptValue callbac
for (QString file : includeFiles) { for (QString file : includeFiles) {
QUrl thisURL; QUrl thisURL;
if (file.startsWith("/~/")) { if (file.startsWith("/~/")) {
thisURL = expandScriptUrl(QUrl::fromLocalFile(file)); thisURL = expandScriptUrl(QUrl::fromLocalFile(expandScriptPath(file)));
QUrl defaultScriptsLoc = defaultScriptsLocation();
if (!defaultScriptsLoc.isParentOf(thisURL)) {
qDebug() << "ScriptEngine::include -- skipping" << file << "-- outside of standard libraries";
continue;
}
} else { } else {
thisURL = resolvePath(file); thisURL = resolvePath(file);
} }

24
libraries/script-engine/src/ScriptEngines.cpp
View file

@ -70,6 +70,12 @@ QUrl normalizeScriptURL(const QUrl& rawScriptURL) {
} }
} }
QString expandScriptPath(const QString& rawPath) {
QStringList splitPath = rawPath.split("/");
QUrl defaultScriptsLoc = defaultScriptsLocation();
return defaultScriptsLoc.path() + "/" + splitPath.mid(2).join("/"); // 2 to skip the slashes in /~/
}
QUrl expandScriptUrl(const QUrl& rawScriptURL) { QUrl expandScriptUrl(const QUrl& rawScriptURL) {
QUrl normalizedScriptURL = normalizeScriptURL(rawScriptURL); QUrl normalizedScriptURL = normalizeScriptURL(rawScriptURL);
if (normalizedScriptURL.scheme() == "http" || if (normalizedScriptURL.scheme() == "http" ||
@ -79,17 +85,25 @@ QUrl expandScriptUrl(const QUrl& rawScriptURL) {
} else if (normalizedScriptURL.scheme() == "file") { } else if (normalizedScriptURL.scheme() == "file") {
if (normalizedScriptURL.path().startsWith("/~/")) { if (normalizedScriptURL.path().startsWith("/~/")) {
QUrl url = normalizedScriptURL; QUrl url = normalizedScriptURL;
QStringList splitPath = url.path().split("/"); url.setPath(expandScriptPath(url.path()));
QUrl defaultScriptsLoc = defaultScriptsLocation();
url.setPath(defaultScriptsLoc.path() + "/" + splitPath.mid(2).join("/")); // 2 to skip the slashes in /~/
// stop something like Script.include(["/~/../Desktop/naughty.js"]); from working // stop something like Script.include(["/~/../Desktop/naughty.js"]); from working
QFileInfo fileInfo(url.toLocalFile()); QFileInfo fileInfo(url.toLocalFile());
#if defined(Q_OS_WIN)
url = QUrl::fromLocalFile(fileInfo.canonicalFilePath().toLower());
#elif defined(Q_OS_OSX)
url = QUrl::fromLocalFile(fileInfo.canonicalFilePath().toLower());
#else
url = QUrl::fromLocalFile(fileInfo.canonicalFilePath()); url = QUrl::fromLocalFile(fileInfo.canonicalFilePath());
#endif
QUrl defaultScriptsLoc = defaultScriptsLocation();
if (!defaultScriptsLoc.isParentOf(url)) { if (!defaultScriptsLoc.isParentOf(url)) {
qCWarning(scriptengine) << "Script.include() ignoring file path" << rawScriptURL qCWarning(scriptengine) << "Script.include() ignoring file path" << rawScriptURL
<< "-- outside of standard libraries: " << url.path() << defaultScriptsLoc.path(); << "-- outside of standard libraries: "
return QUrl(""); << url.path()
<< defaultScriptsLoc.path();
return rawScriptURL;
} }
return url; return url;
} }

1
libraries/script-engine/src/ScriptEngines.h
View file

@ -101,6 +101,7 @@ protected:
}; };
QUrl normalizeScriptURL(const QUrl& rawScriptURL); QUrl normalizeScriptURL(const QUrl& rawScriptURL);
QString expandScriptPath(const QString& rawPath);
QUrl expandScriptUrl(const QUrl& rawScriptURL); QUrl expandScriptUrl(const QUrl& rawScriptURL);
#endif // hifi_ScriptEngine_h #endif // hifi_ScriptEngine_h