aboutsummaryrefslogtreecommitdiffstats
path: root/binding
diff options
context:
space:
mode:
authorMatt Ranostay <matt.ranostay@konsulko.com>2019-04-03 16:07:22 -0700
committerMatt Ranostay <matt.ranostay@konsulko.com>2019-04-03 16:41:37 -0700
commitb2174f462d8da243b8ae7ea0955f614907a3bda7 (patch)
tree8e5f8b8fc034398df20b860b99901ed586b95c6a /binding
parent15ea451b99c5fb9e49e7169f397f5aa905853e22 (diff)
To avoid prevent passing of non-input validated data to the agl-service-mediaplayer service the filename paths should be escaped. Change-Id: I7d0e9ddf26d02be5fcf127d810d84c3537ddbbce Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
Diffstat (limited to 'binding')
-rw-r--r--binding/media-manager.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/binding/media-manager.c b/binding/media-manager.c
index 9761924..f15d79e 100644
--- a/binding/media-manager.c
+++ b/binding/media-manager.c
@@ -131,13 +131,17 @@ GList* media_lightmediascanner_scan(GList *list, gchar *uri, int scan_type)
struct stat buf;
struct Media_Item *item;
const char *path = (const char *) sqlite3_column_text(res, 0);
+ gchar *tmp;
ret = stat(path, &buf);
if (ret)
continue;
item = g_malloc0(sizeof(*item));
- item->path = g_strdup_printf("file://%s", path);
+ tmp = g_uri_escape_string(path, "/", TRUE);
+ item->path = g_strdup_printf("file://%s", tmp);
+ g_free(tmp);
+
item->type = scan_type;
item->metadata.title = g_strdup((gchar *) sqlite3_column_text(res, 1));
item->metadata.artist = g_strdup((gchar *) sqlite3_column_text(res, 2));