- SGPropertyNode_ptr r, w;
- r = fgGetNode("/sim/paths/validate/read", true);
- r->setAttribute(SGPropertyNode::READ, true);
- r->setAttribute(SGPropertyNode::WRITE, true);
-
- w = fgGetNode("/sim/paths/validate/write", true);
- w->setAttribute(SGPropertyNode::READ, true);
- w->setAttribute(SGPropertyNode::WRITE, true);
-
- SGPropertyNode *prop = write ? w : r;
- prop->setStringValue(str);
- const char *result = prop->getStringValue();
- return result[0] ? result : 0;
+ string_list path_parts;
+ char c;
+ std::string normed_path = "", this_part = "";
+
+ for (int pos = 0; ; pos++) {
+ c = path[pos];
+ if (c == '\\') { c = '/'; }
+ if ((c == '/') || (c == 0)) {
+ if ((this_part == "/..") || (this_part == "..")) {
+ if (path_parts.empty()) { return ""; }
+ path_parts.pop_back();
+ } else if ((this_part != "/.") && (this_part != "/")) {
+ path_parts.push_back(this_part);
+ }
+ this_part = "";
+ }
+ if (c == 0) { break; }
+ this_part = this_part + c;
+ }
+ for( string_list::const_iterator it = path_parts.begin();
+ it != path_parts.end();
+ ++it )
+ {
+ normed_path.append(*it);
+ }
+ return normed_path;
+ }
+
+static string_list read_allowed_paths;
+static string_list write_allowed_paths;
+
+// Allowed paths here are absolute, and may contain _one_ *,
+// which matches any string
+// FG_SCENERY is deliberately not allowed, as it would make
+// /sim/terrasync/scenery-dir a security hole
+void fgInitAllowedPaths()
+{
+ read_allowed_paths.clear();
+ write_allowed_paths.clear();
+ std::string fg_root = fgNormalizePath(globals->get_fg_root());
+ std::string fg_home = fgNormalizePath(globals->get_fg_home());
+ read_allowed_paths.push_back(fg_root + "/*");
+ read_allowed_paths.push_back(fg_home + "/*");
+ string_list const aircraft_paths = globals->get_aircraft_paths();
+ for( string_list::const_iterator it = aircraft_paths.begin();
+ it != aircraft_paths.end();
+ ++it )
+ {
+ read_allowed_paths.push_back(fgNormalizePath(*it) + "/*");
+ }
+
+ for( string_list::const_iterator it = read_allowed_paths.begin();
+ it != read_allowed_paths.end();
+ ++it )
+ { // if we get the initialization order wrong, better to have an
+ // obvious error than a can-read-everything security hole...
+ if (!(it->compare("/*"))){
+ flightgear::fatalMessageBox("Nasal initialization error",
+ "Empty string in FG_ROOT, FG_HOME or FG_AIRCRAFT",
+ "or fgInitAllowedPaths() called too early");
+ exit(-1);
+ }
+ }
+ write_allowed_paths.push_back(fg_home + "/*.sav");
+ write_allowed_paths.push_back(fg_home + "/*.log");
+ write_allowed_paths.push_back(fg_home + "/cache/*");
+ write_allowed_paths.push_back(fg_home + "/Export/*");
+ write_allowed_paths.push_back(fg_home + "/state/*.xml");
+ write_allowed_paths.push_back(fg_home + "/aircraft-data/*.xml");
+ write_allowed_paths.push_back(fg_home + "/Wildfire/*.xml");
+ write_allowed_paths.push_back(fg_home + "/runtime-jetways/*.xml");
+ write_allowed_paths.push_back(fg_home + "/Input/Joysticks/*.xml");
+
+ // Check that it works
+ if(!fgValidatePath(globals->get_fg_home() + "/../no.log",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "/no.logt",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "/nolog",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "no.log",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "\\..\\no.log",false).empty() ||
+ fgValidatePath(globals->get_fg_home() + "/aircraft-data/yes..xml",true).empty() ||
+ fgValidatePath(globals->get_fg_root() + "/.\\yes.bmp",false).empty()) {
+ flightgear::fatalMessageBox("Nasal initialization error",
+ "fgInitAllowedPaths() does not work",
+ "");
+ exit(-1);
+ }