aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Ranostay <matt.ranostay@konsulko.com>2019-04-03 16:07:22 -0700
committerMatt Ranostay <matt.ranostay@konsulko.com>2019-04-03 16:41:37 -0700
commitb2174f462d8da243b8ae7ea0955f614907a3bda7 (patch)
tree8e5f8b8fc034398df20b860b99901ed586b95c6a
parent15ea451b99c5fb9e49e7169f397f5aa905853e22 (diff)
To avoid prevent passing of non-input validated data to the agl-service-mediaplayer service the filename paths should be escaped. Change-Id: I7d0e9ddf26d02be5fcf127d810d84c3537ddbbce Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
-rw-r--r--README.md2
-rw-r--r--binding/media-manager.c6
2 files changed, 6 insertions, 2 deletions
diff --git a/README.md b/README.md
index 05b6cb2..b4fada9 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ with the following fields.
| Name | Description |
|:------------|---------------------------------------------|
| duration | length of track in milliseconds |
-| path | path to media on filesystem |
+| path | uri escaped path to media on filesystem |
| title | title for media entey |
| album | album name for media entry |
| artist | artist name for media entry |
diff --git a/binding/media-manager.c b/binding/media-manager.c
index 9761924..f15d79e 100644
--- a/binding/media-manager.c
+++ b/binding/media-manager.c
@@ -131,13 +131,17 @@ GList* media_lightmediascanner_scan(GList *list, gchar *uri, int scan_type)
struct stat buf;
struct Media_Item *item;
const char *path = (const char *) sqlite3_column_text(res, 0);
+ gchar *tmp;
ret = stat(path, &buf);
if (ret)
continue;
item = g_malloc0(sizeof(*item));
- item->path = g_strdup_printf("file://%s", path);
+ tmp = g_uri_escape_string(path, "/", TRUE);
+ item->path = g_strdup_printf("file://%s", tmp);
+ g_free(tmp);
+
item->type = scan_type;
item->metadata.title = g_strdup((gchar *) sqlite3_column_text(res, 1));
item->metadata.artist = g_strdup((gchar *) sqlite3_column_text(res, 2));