diff options
| author | Gavin Andresen <gavinandresen@gmail.com> | 2013-11-02 05:27:42 +1000 |
|---|---|---|
| committer | Gavin Andresen <gavinandresen@gmail.com> | 2013-11-28 11:03:33 +1000 |
| commit | 56ce843314f542bcfdc10fa8367aeeb08cdb5c4c (patch) | |
| tree | 97880b88babcd72a3df88cd9b94451e9dd501495 | |
| parent | e564297156b9103c5af85f6b444df0bdc2476397 (diff) | |
| download | bitcoin-56ce843314f542bcfdc10fa8367aeeb08cdb5c4c.tar.xz | |
Refactor: pull alert string sanitization into util
Rebased-from: 17faf562629cd27f00fc138e218ebcc1ce071765
| -rw-r--r-- | src/alert.cpp | 10 | ||||
| -rw-r--r-- | src/util.cpp | 13 | ||||
| -rw-r--r-- | src/util.h | 1 |
3 files changed, 15 insertions, 9 deletions
diff --git a/src/alert.cpp b/src/alert.cpp index 4b029840dd..8eb9451a7d 100644 --- a/src/alert.cpp +++ b/src/alert.cpp @@ -243,15 +243,7 @@ bool CAlert::ProcessAlert(bool fThread) // be safe we first strip anything not in safeChars, then add single quotes around // the whole string before passing it to the shell: std::string singleQuote("'"); - // safeChars chosen to allow simple messages/URLs/email addresses, but avoid anything - // even possibly remotely dangerous like & or > - std::string safeChars("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 .,;_/:?@"); - std::string safeStatus; - for (std::string::size_type i = 0; i < strStatusBar.size(); i++) - { - if (safeChars.find(strStatusBar[i]) != std::string::npos) - safeStatus.push_back(strStatusBar[i]); - } + std::string safeStatus = SanitizeString(strStatusBar); safeStatus = singleQuote+safeStatus+singleQuote; boost::replace_all(strCmd, "%s", safeStatus); diff --git a/src/util.cpp b/src/util.cpp index ea10273f85..56d558d7af 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -454,6 +454,19 @@ bool ParseMoney(const char* pszIn, int64& nRet) return true; } +// safeChars chosen to allow simple messages/URLs/email addresses, but avoid anything +// even possibly remotely dangerous like & or > +static string safeChars("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 .,;_/:?@"); +string SanitizeString(const string& str) +{ + string strResult; + for (std::string::size_type i = 0; i < str.size(); i++) + { + if (safeChars.find(str[i]) != std::string::npos) + strResult.push_back(str[i]); + } + return strResult; +} static const signed char phexdigit[256] = { -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, diff --git a/src/util.h b/src/util.h index 8c6c4bd205..a190a3b5da 100644 --- a/src/util.h +++ b/src/util.h @@ -187,6 +187,7 @@ void ParseString(const std::string& str, char c, std::vector<std::string>& v); std::string FormatMoney(int64 n, bool fPlus=false); bool ParseMoney(const std::string& str, int64& nRet); bool ParseMoney(const char* pszIn, int64& nRet); +std::string SanitizeString(const std::string& str); std::vector<unsigned char> ParseHex(const char* psz); std::vector<unsigned char> ParseHex(const std::string& str); bool IsHex(const std::string& str); |