From a431fe8a8dfbbe121a30c66df0424be6351ae9ff Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Tue, 28 Jan 2020 20:44:28 +0300 Subject: Validate that values submitted to CI and submission services contain UTF-8 encoded graphic characters only --- bdep/publish.cxx | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'bdep/publish.cxx') diff --git a/bdep/publish.cxx b/bdep/publish.cxx index 1757f0b..00b36df 100644 --- a/bdep/publish.cxx +++ b/bdep/publish.cxx @@ -63,15 +63,15 @@ namespace bdep // Control repository URL. // - optional ctrl; + optional ctrl; if (!o.control_specified ()) { - ctrl = control_url (prj); + ctrl = control_url (prj).string (); } else if (o.control () != "none") try { - ctrl = url (o.control ()); + ctrl = url (o.control ()).string (); } catch (const invalid_argument& e) { @@ -101,6 +101,21 @@ namespace bdep fail << "unable to obtain publisher's email" << info << "use --author-email to specify explicitly"; + // Make sure that parameters we post to the submission service are UTF-8 + // encoded and contain only the graphic Unicode codepoints. + // + validate_utf8_graphic (*author.name, "author name", "--author-name"); + validate_utf8_graphic (*author.email, "author email", "--author-email"); + + if (o.section_specified ()) + validate_utf8_graphic (o.section (), "--section option value"); + + if (ctrl) + validate_utf8_graphic (*ctrl, "control URL", "--control"); + + if (o.simulate_specified ()) + validate_utf8_graphic (o.simulate (), "--simulate option value"); + // Collect package information (version, project, section, archive // path/checksum, and manifest). // @@ -777,7 +792,7 @@ namespace bdep {parameter::text, "author-email", *author.email}}); if (ctrl) - params.push_back ({parameter::text, "control", ctrl->string ()}); + params.push_back ({parameter::text, "control", *ctrl}); if (o.simulate_specified ()) params.push_back ({parameter::text, "simulate", o.simulate ()}); -- cgit v1.1