[rygel] server: Validate client supplied createClass value
- From: Jens Georg <jensgeorg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [rygel] server: Validate client supplied createClass value
- Date: Thu, 1 Aug 2013 09:12:50 +0000 (UTC)
commit 3fae8be115b7b26ee9bae7ff6160f9c1d590f586
Author: Parthiban Balasubramanian <p balasubramanian cablelabs com>
Date: Mon Jul 29 09:43:09 2013 -0600
server: Validate client supplied createClass value
https://bugzilla.gnome.org/show_bug.cgi?id=702741
src/librygel-server/rygel-object-creator.vala | 23 +++++++++++++++++++++++
1 files changed, 23 insertions(+), 0 deletions(-)
---
diff --git a/src/librygel-server/rygel-object-creator.vala b/src/librygel-server/rygel-object-creator.vala
index 37cce2e..4c2cbdf 100644
--- a/src/librygel-server/rygel-object-creator.vala
+++ b/src/librygel-server/rygel-object-creator.vala
@@ -145,6 +145,12 @@ internal class Rygel.ObjectCreator: GLib.Object, Rygel.StateMachine {
container.id);
}
+ if (this.didl_object is DIDLLiteContainer &&
+ !this.validate_create_class (container)) {
+ throw new ContentDirectoryError.BAD_METADATA
+ (_("upnp:createClass value not supported"));
+ }
+
yield this.create_object_from_didl (container);
if (this.object is MediaItem) {
yield container.add_item (this.object as MediaItem,
@@ -393,6 +399,23 @@ internal class Rygel.ObjectCreator: GLib.Object, Rygel.StateMachine {
this.completed ();
}
+ private bool validate_create_class (WritableContainer container) {
+ var didl_cont = this.didl_object as DIDLLiteContainer;
+ var create_classes = didl_cont.get_create_classes ();
+
+ if (create_classes == null) {
+ return true;
+ }
+
+ foreach (var create_class in create_classes) {
+ if (!container.can_create (create_class)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
private void handle_error (Error error) {
if (error is ContentDirectoryError) {
this.action.return_error (error.code, error.message);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
