From 3a93efefee25360844d70d9b7994ae1644a6fd95 Mon Sep 17 00:00:00 2001 From: Juan Linietsky Date: Sat, 14 Jan 2023 15:07:28 +0100 Subject: [PATCH] Fix cases of broken user:// paths. * Properly validate paths when supplying the project name. * Ensures that the user data dir will always be valid. Fixes 69366. --- core/os/os.cpp | 16 +++++++++++++--- core/os/os.h | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/core/os/os.cpp b/core/os/os.cpp index c6fa8d307be..86469852e3f 100644 --- a/core/os/os.cpp +++ b/core/os/os.cpp @@ -203,16 +203,26 @@ uint64_t OS::get_embedded_pck_offset() const { } // Helper function to ensure that a dir name/path will be valid on the OS -String OS::get_safe_dir_name(const String &p_dir_name, bool p_allow_dir_separator) const { +String OS::get_safe_dir_name(const String &p_dir_name, bool p_allow_paths) const { + String safe_dir_name = p_dir_name; Vector invalid_chars = String(": * ? \" < > |").split(" "); - if (p_allow_dir_separator) { + if (p_allow_paths) { // Dir separators are allowed, but disallow ".." to avoid going up the filesystem invalid_chars.push_back(".."); + safe_dir_name = safe_dir_name.replace("\\", "/").strip_edges(); } else { invalid_chars.push_back("/"); + invalid_chars.push_back("\\"); + safe_dir_name = safe_dir_name.strip_edges(); + + // These directory names are invalid. + if (safe_dir_name == ".") { + safe_dir_name = "dot"; + } else if (safe_dir_name == "..") { + safe_dir_name = "twodots"; + } } - String safe_dir_name = p_dir_name.replace("\\", "/").strip_edges(); for (int i = 0; i < invalid_chars.size(); i++) { safe_dir_name = safe_dir_name.replace(invalid_chars[i], "-"); } diff --git a/core/os/os.h b/core/os/os.h index b80efa47b73..c96c675bcb2 100644 --- a/core/os/os.h +++ b/core/os/os.h @@ -237,7 +237,7 @@ public: virtual uint64_t get_embedded_pck_offset() const; - String get_safe_dir_name(const String &p_dir_name, bool p_allow_dir_separator = false) const; + String get_safe_dir_name(const String &p_dir_name, bool p_allow_paths = false) const; virtual String get_godot_dir_name() const; virtual String get_data_path() const;