[rygel] core: Validate passed sort criteria string

From: Zeeshan Ali Khattak <zeeshanak src gnome org>
To: commits-list gnome org
Cc:
Subject: [rygel] core: Validate passed sort criteria string
Date: Wed, 8 Jun 2011 11:32:24 +0000 (UTC)

commit 43878305ac33cf1352259676e26e07515363c660
Author: Jens Georg <mail jensge org>
Date:   Fri Jun 3 13:23:16 2011 +0200

    core: Validate passed sort criteria string
    
    This fixes UPnP CTT AV-CD:1-4.2

 src/rygel/rygel-content-directory.vala  |    1 +
 src/rygel/rygel-media-query-action.vala |   27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 0 deletions(-)
---
diff --git a/src/rygel/rygel-content-directory.vala b/src/rygel/rygel-content-directory.vala
index f550aa9..fec8db5 100644
--- a/src/rygel/rygel-content-directory.vala
+++ b/src/rygel/rygel-content-directory.vala
@@ -30,6 +30,7 @@ using Gee;
  */
 public errordomain Rygel.ContentDirectoryError {
     NO_SUCH_OBJECT = 701,
+    INVALID_SORT_CRITERIA = 709,
     RESTRICTED_OBJECT = 711,
     BAD_METADATA = 712,
     RESTRICTED_PARENT = 713,
diff --git a/src/rygel/rygel-media-query-action.vala b/src/rygel/rygel-media-query-action.vala
index 6ab893b..5a615a8 100644
--- a/src/rygel/rygel-media-query-action.vala
+++ b/src/rygel/rygel-media-query-action.vala
@@ -130,11 +130,38 @@ internal abstract class Rygel.MediaQueryAction : GLib.Object, StateMachine {
             this.sort_criteria = DEFAULT_SORT_CRITERIA;
         }
 
+        this.validate_sort_criteria ();
+
         if (this.xbox_hacks != null) {
             this.xbox_hacks.translate_container_id (this, ref this.object_id);
         }
     }
 
+    private void validate_sort_criteria () throws Error {
+        var supported_props = new HashSet<string> ();
+
+        var requested_sort_props = this.sort_criteria.split (",");
+
+        foreach (var property in MediaObjects.SORT_CAPS.split (",")) {
+            supported_props.add (property);
+        }
+
+        foreach (var property in requested_sort_props) {
+            if (!(property.has_prefix ("+") || property.has_prefix ("-"))) {
+                throw new ContentDirectoryError.INVALID_SORT_CRITERIA
+                                        ("%s is missing + or - modifier",
+                                         property);
+
+            }
+
+            if (!supported_props.contains (property.slice(1, property.length))) {
+                throw new ContentDirectoryError.INVALID_SORT_CRITERIA
+                                        ("%s is invalid or not supported",
+                                         property);
+            }
+        }
+    }
+
     protected abstract async MediaObjects fetch_results
                                         (MediaObject media_object) throws Error;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]