From b2174f462d8da243b8ae7ea0955f614907a3bda7 Mon Sep 17 00:00:00 2001
From: Matt Ranostay <matt.ranostay@konsulko.com>
Date: Wed, 3 Apr 2019 16:07:22 -0700
Subject: binding: mediascanner: escape file uri paths

To avoid prevent passing of non-input validated data to the
agl-service-mediaplayer service the filename paths should be
escaped.

Change-Id: I7d0e9ddf26d02be5fcf127d810d84c3537ddbbce
Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
---
 binding/media-manager.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'binding')

diff --git a/binding/media-manager.c b/binding/media-manager.c
index 9761924..f15d79e 100644
--- a/binding/media-manager.c
+++ b/binding/media-manager.c
@@ -131,13 +131,17 @@ GList* media_lightmediascanner_scan(GList *list, gchar *uri, int scan_type)
         struct stat buf;
         struct Media_Item *item;
         const char *path = (const char *) sqlite3_column_text(res, 0);
+        gchar *tmp;
 
         ret = stat(path, &buf);
         if (ret)
             continue;
 
         item = g_malloc0(sizeof(*item));
-        item->path = g_strdup_printf("file://%s", path);
+        tmp = g_uri_escape_string(path, "/", TRUE);
+        item->path = g_strdup_printf("file://%s", tmp);
+        g_free(tmp);
+
         item->type = scan_type;
         item->metadata.title = g_strdup((gchar *) sqlite3_column_text(res, 1));
         item->metadata.artist = g_strdup((gchar *) sqlite3_column_text(res, 2));
-- 
cgit