From 87f88f16edb809677be04464c15a6c89c3641724 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Tue, 2 Jun 2020 20:00:04 +0200 Subject: [PATCH] quicker path sanitizing --- cgilite.sh | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/cgilite.sh b/cgilite.sh index 384ec19..ddad1d4 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -27,18 +27,21 @@ BR=' ' cgilite_timeout=2 -PATH(){ - { [ $# -eq 0 ] && cat || printf %s "$*"; } \ - | sed -E 's;^.*$;/&/;; s;/+;/;g; - :X; - s;^/\.\./;/;; s;/\./;/;g; - tX; - s;/[^/]+/\.\./;/;; - tX; - s;^(/.*)/$;\1;' +PATH(){ + local str seg out + [ $# -eq 0 ] && str="$(cat)" || str="$*" + while [ "$str" ]; do + seg=${str%%/*}; str="${str#*/}" + case $seg in + ..) out="${out%/}"; out="${out%/*}/";; + .|'') out="${out%/}/";; + *) out="${out%/}/${seg}";; + esac; + [ "$seg" = "$str" ] && break + done + [ "${str}" -a "${out}" ] && printf %s "$out" || printf %s/ "${out%/}" } - HEX_DECODE=' s;\\;\\\\;g; :HEXDECODE_X; s;%([^0-9A-F]);\\045\1;g; tHEXDECODE_X; # Hexadecimal { %00 - %FF } will be transformed to octal { \000 - \377 } for posix printf -- 2.39.2