From: Adam Dickmeiss Date: Thu, 16 Aug 2012 07:10:59 +0000 (+0200) Subject: zoom: escape user/pass/ip in Torus auth lookup X-Git-Tag: v1.3.42~3 X-Git-Url: http://sru.miketaylor.org.uk/cgi-bin?a=commitdiff_plain;h=57a48e6fff520cb9848e14af3b09f3092cc6436a;p=metaproxy-moved-to-github.git zoom: escape user/pass/ip in Torus auth lookup --- diff --git a/src/filter_zoom.cpp b/src/filter_zoom.cpp index 22e1ca7..264fa5a 100644 --- a/src/filter_zoom.cpp +++ b/src/filter_zoom.cpp @@ -2430,6 +2430,20 @@ void yf::Zoom::Frontend::handle_package(mp::Package &package) } } +std::string escape_cql_term(std::string inp) +{ + std::string res; + size_t l = inp.length(); + size_t i; + for (i = 0; i < l; i++) + { + if (strchr("*?^\"", inp[i])) + res += "\\"; + res += inp[i]; + } + return res; +} + void yf::Zoom::Frontend::auth(mp::Package &package, Z_InitRequest *req, int *error, char **addinfo, ODR odr) { @@ -2470,7 +2484,8 @@ void yf::Zoom::Frontend::auth(mp::Package &package, Z_InitRequest *req, if (user.length() && password.length()) { - torus_query = "userName==" + user + " and password==" + password; + torus_query = "userName==\"" + escape_cql_term(user) + + "\" and password==\"" + escape_cql_term(password) + "\""; } else { @@ -2480,7 +2495,7 @@ void yf::Zoom::Frontend::auth(mp::Package &package, Z_InitRequest *req, ip_cstr = cp + 1; torus_query = "ip encloses/net.ipaddress \""; - torus_query += ip_cstr; + torus_query += escape_cql_term(std::string(ip_cstr)); torus_query += "\""; }