#include <simgear/compiler.h>
-#include STL_STRING
-#include STL_FSTREAM
+#include <string>
+#include <fstream>
#include <simgear/sg_inlines.h>
#include <simgear/debug/logstream.hxx>
#include <simgear/structure/exception.hxx>
#include <simgear/structure/commands.hxx>
#include <simgear/props/props.hxx>
+#include <simgear/structure/event_mgr.hxx>
#include <Cockpit/panel.hxx>
#include <Cockpit/panel_io.hxx>
#include "viewmgr.hxx"
#include "main.hxx"
-SG_USING_STD(string);
-SG_USING_STD(ifstream);
-SG_USING_STD(ofstream);
+using std::string;
+using std::ifstream;
+using std::ofstream;
\f
static bool
do_load (const SGPropertyNode * arg)
{
- const string &file = arg->getStringValue("file", "fgfs.sav");
- ifstream input(file.c_str());
- if (input.good() && fgLoadFlight(input)) {
- input.close();
- SG_LOG(SG_INPUT, SG_INFO, "Restored flight from " << file);
- return true;
- } else {
- SG_LOG(SG_INPUT, SG_WARN, "Cannot load flight from " << file);
- return false;
- }
+ string file = arg->getStringValue("file", "fgfs.sav");
+ if (file.size() < 4 || file.substr(file.size() - 4) != ".sav")
+ file += ".sav";
+
+ if (!fgValidatePath(file.c_str(), false)) {
+ SG_LOG(SG_IO, SG_ALERT, "load: reading '" << file << "' denied "
+ "(unauthorized access)");
+ return false;
+ }
+
+ ifstream input(file.c_str());
+ if (input.good() && fgLoadFlight(input)) {
+ input.close();
+ SG_LOG(SG_INPUT, SG_INFO, "Restored flight from " << file);
+ return true;
+ } else {
+ SG_LOG(SG_INPUT, SG_WARN, "Cannot load flight from " << file);
+ return false;
+ }
}
static bool
do_save (const SGPropertyNode * arg)
{
- const string &file = arg->getStringValue("file", "fgfs.sav");
- bool write_all = arg->getBoolValue("write-all", false);
- SG_LOG(SG_INPUT, SG_INFO, "Saving flight");
- ofstream output(file.c_str());
- if (output.good() && fgSaveFlight(output, write_all)) {
- output.close();
- SG_LOG(SG_INPUT, SG_INFO, "Saved flight to " << file);
- return true;
- } else {
- SG_LOG(SG_INPUT, SG_ALERT, "Cannot save flight to " << file);
- return false;
- }
+ string file = arg->getStringValue("file", "fgfs.sav");
+ if (file.size() < 4 || file.substr(file.size() - 4) != ".sav")
+ file += ".sav";
+
+ if (!fgValidatePath(file.c_str(), false)) {
+ SG_LOG(SG_IO, SG_ALERT, "save: reading '" << file << "' denied "
+ "(unauthorized access)");
+ return false;
+ }
+
+ bool write_all = arg->getBoolValue("write-all", false);
+ SG_LOG(SG_INPUT, SG_INFO, "Saving flight");
+ ofstream output(file.c_str());
+ if (output.good() && fgSaveFlight(output, write_all)) {
+ output.close();
+ SG_LOG(SG_INPUT, SG_INFO, "Saved flight to " << file);
+ return true;
+ } else {
+ SG_LOG(SG_INPUT, SG_ALERT, "Cannot save flight to " << file);
+ return false;
+ }
}
if (file.extension() != "xml")
file.concat(".xml");
+ if (!fgValidatePath(file.c_str(), false)) {
+ SG_LOG(SG_IO, SG_ALERT, "loadxml: reading '" << file.str() << "' denied "
+ "(unauthorized access)");
+ return false;
+ }
+
SGPropertyNode *targetnode;
if (arg->hasValue("targetnode"))
targetnode = fgGetNode(arg->getStringValue("targetnode"), true);
return false;
}
- return true;
+ return true;
}
if (file.extension() != "xml")
file.concat(".xml");
+ if (!fgValidatePath(file.c_str(), true)) {
+ SG_LOG(SG_IO, SG_ALERT, "savexml: writing to '" << file.str() << "' denied "
+ "(unauthorized access)");
+ return false;
+ }
+
SGPropertyNode *sourcenode;
if (arg->hasValue("sourcenode"))
sourcenode = fgGetNode(arg->getStringValue("sourcenode"), true);
projects / flightgear.git / blobdiff