safe path names

author: Jakob Kaivo <jkk@ung.org> 2019-07-18 18:29:52 -0400
committer: Jakob Kaivo <jkk@ung.org> 2019-07-18 18:29:52 -0400
commit: d2e1b116fc3960cc95c4c2012047802379d6911c (patch)
tree: e2d2bf9f93bc0604f33e5a0ad4ef06a0ae6adc1c /blog.c
parent: 00757fd05c605633dd962a02e67548126b532c80 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/blog.c b/blog.c
index 950ad5e..bcb0419 100644
--- a/blog.c
+++ b/blog.c
@@ -1,4 +1,5 @@
 #define _XOPEN_SOURCE 700
+#include <ctype.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -20,7 +21,7 @@
 
 #define HTML_HEAD DOCTYPE HTML META TITLE ICON STYLE BODY
 
-#define HTML_TAIL "</body>\n</html>\n"
+#define HTML_TAIL "\n</body>\n</html>\n"
 
 int handle_post(void)
 {
@@ -58,7 +59,11 @@ int handle_post(void)
 
 	char *title = find_post_data("title");
 	char uri[FILENAME_MAX] = { 0 };
-	snprintf(uri, sizeof(uri), "%s/%s", ymd, title);
+	char *end = stpcpy(uri, ymd);
+	*end++ = '/';
+	for (char *f = title; *f != '\0'; f++) {
+		*end++ = isalnum(*f) ? *f : '-';
+	}
 
 	int newpost = openat(blogdir, uri, O_WRONLY | O_CREAT, 0644);
 	if (newpost == -1) {
author	Jakob Kaivo <jkk@ung.org>	2019-07-18 18:29:52 -0400
committer	Jakob Kaivo <jkk@ung.org>	2019-07-18 18:29:52 -0400
commit	d2e1b116fc3960cc95c4c2012047802379d6911c (patch)
tree	e2d2bf9f93bc0604f33e5a0ad4ef06a0ae6adc1c /blog.c
parent	00757fd05c605633dd962a02e67548126b532c80 (diff)