[gnome-tetravex] Sanitize inputs.



commit 3628435abb0f6ebfd026bae1cc6b07b622b64c1f
Author: Arnaud Bonatti <arnaud bonatti gmail com>
Date:   Tue Sep 24 12:28:25 2019 +0200

    Sanitize inputs.
    
    Try hard to ensure history
    strings are not corrupted.
    
    Thanks Al Thomas for info.

 meson.build      |  1 +
 src/history.vala | 34 ++++++++++++----------------------
 2 files changed, 13 insertions(+), 22 deletions(-)
---
diff --git a/meson.build b/meson.build
index 69036cb..ac3b9bf 100644
--- a/meson.build
+++ b/meson.build
@@ -22,6 +22,7 @@ datadir = join_paths (get_option ('prefix'), get_option ('datadir'))
 # Dependencies
 glib_dep = dependency ('glib-2.0', version: '>= 2.40.0')
 gtk_dep = dependency ('gtk+-3.0', version: '>= 3.14')
+# TODO build requires vala 0.46.3 for GLib vapi
 
 appstream_util          = find_program('appstream-util',        required: false)
 desktop_file_validate   = find_program('desktop-file-validate', required: false)
diff --git a/src/history.vala b/src/history.vala
index aab7d41..157c054 100644
--- a/src/history.vala
+++ b/src/history.vala
@@ -135,38 +135,28 @@ private class History : Object
             if (tokens.length != 3)
                 continue;
 
-            DateTime? date = parse_date (tokens[0]);
+            DateTime? date = new DateTime.from_iso8601 (tokens [0], /* the entries should have a timezone */ 
null);
             if (date == null)
                 continue;
 
-            uint8 size    = (uint8) int.parse (tokens[1]);
-            uint duration = (uint)  int.parse (tokens[2]);
+            uint64 test;
+            if (!uint64.try_parse (tokens [1], out test))
+                continue;
+            if (test < 2 || test > 6)
+                continue;
+            uint8 size = (uint8) test;
 
-            // FIXME use try_parse
+            if (!uint64.try_parse (tokens [2], out test))
+                continue;
+            if (test > uint.MAX)
+                continue;
+            uint duration = (uint) test;
 
             entries.prepend (new HistoryEntry ((!) date, size, duration));
         }
         entries.sort (HistoryEntry.compare_entries);
     }
 
-    private inline DateTime? parse_date (string date)
-    {
-        if (date.length < 19 || date[4] != '-' || date[7] != '-' || date[10] != 'T' || date[13] != ':' || 
date[16] != ':')
-            return null;
-
-        // FIXME use try_parse
-
-        int year        = int.parse (date.substring (0, 4));
-        int month       = int.parse (date.substring (5, 2));
-        int day         = int.parse (date.substring (8, 2));
-        int hour        = int.parse (date.substring (11, 2));
-        int minute      = int.parse (date.substring (14, 2));
-        int seconds     = int.parse (date.substring (17, 2));
-        string timezone = date.substring (19);
-
-        return new DateTime (new TimeZone (timezone), year, month, day, hour, minute, seconds);
-    }
-
     /*\
     * * saving
     \*/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]