test/UnitSession.cpp | 3 ++- wsd/LOOLWSD.cpp | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-)
New commits: commit 5544f5669b9f19ef53bd2b6a661737f58acf3867 Author: Michael Meeks <michael.me...@collabora.com> AuthorDate: Tue Aug 11 15:17:20 2020 +0100 Commit: Michael Meeks <michael.me...@collabora.com> CommitDate: Tue Aug 11 18:13:06 2020 +0200 iOS likes to do extra escaping of an iframe's .src This yields a relevant Post request of: slideshow.svg%3FWOPISrc=https:%252F%252Fshare.... slideshow.svg?WOPISrc=https%3A%2F%2Fshare.... Which ends up trying to serve a file with a ?WOPISRC= suffix. Since we don't want anything 'odd' being served from the file-system anyway; get a bit more paranoid and clean that up. Change-Id: I39993e4629b0d01f34098391a0fa448ef8a9984e Reviewed-on: https://gerrit.libreoffice.org/c/online/+/100509 Tested-by: Michael Meeks <michael.me...@collabora.com> Reviewed-by: Michael Meeks <michael.me...@collabora.com> diff --git a/test/UnitSession.cpp b/test/UnitSession.cpp index b81bd7cd3..ec8d1f9bf 100644 --- a/test/UnitSession.cpp +++ b/test/UnitSession.cpp @@ -200,7 +200,8 @@ UnitBase::TestResult UnitSession::testSlideShow() std::string encodedDoc; Poco::URI::encode(documentPath, ":/?", encodedDoc); - const std::string path = "/lool/" + encodedDoc + '/' + jail + '/' + dir + '/' + name; + const std::string ignoredSuffix = "%3FWOPISRC=madness"; // cf. iPhone. + const std::string path = "/lool/" + encodedDoc + '/' + jail + '/' + dir + '/' + name + ignoredSuffix; std::unique_ptr<Poco::Net::HTTPClientSession> session( helpers::createSession(Poco::URI(helpers::getTestServerURI()))); Poco::Net::HTTPRequest requestSVG(Poco::Net::HTTPRequest::HTTP_GET, path); diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index b8c75e5b5..3756db0fb 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -3013,6 +3013,15 @@ private: std::string fileName; URI::decode(requestDetails[4], fileName); + // sanitize if we can + auto it = fileName.find_first_of("?&%#!"); + if (it != std::string::npos) + { + std::string cleanedName = fileName.substr(0, it); + LOG_DBG("Cleaned unexpected parameters from filename: '" << fileName << "' to '" << cleanedName << "'"); + fileName = cleanedName; + } + const Path filePath(LOOLWSD::ChildRoot + requestDetails[2] + JAILED_DOCUMENT_ROOT + requestDetails[3] + '/' + fileName); const std::string filePathAnonym = LOOLWSD::anonymizeUrl(filePath.toString()); _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits