Mercurial > octave-nkf
comparison libinterp/corefcn/urlwrite.cc @ 19437:03067dab10ca
Use stricter input validation when looking for a string as input (bug #42651).
* data.cc (get_sort_mode_option, Fissorted): Use is_string() to check string
input.
* debug.cc (Fdbstep): use "string" rather than "character string" in error
messages.
* error.cc (Flasterr, Flastwarn): use "string" rather than "character string"
in error messages.
* file-io.cc (do_stream_open, do_fread, do_fwrite, Fpopen, Ftempname,
Fmkstemp): Use is_string() to check string input.
* graphics.cc (Fgraphics_toolkit): Use is_string() to check string input.
Rephrase error message.
* help.cc (F__list_functions): Use is_string() to check string input.
* input.cc (Fyes_or_no): Use is_string() to check string input. Rephrase
error message.
* input.cc (Fadd_input_event_hook): Rephrase error message.
* load-path.cc (Fgenpath, Faddpath): Rephrase error message.
* matrix_type.cc (Fmatrix_type): Use is_string() to check string input.
* qz.cc (Fqz): Follow Octave coding convention for space after '!'.
* regexp.cc (parse_options): Use is_string() to check string input.
Rephrase error message.
* schur.cc (Fschur): Use is_string() to check string input.
* strfns.cc (Flist_in_columns): Use is_string() to check string input.
Rephrase error message.
* symtab.cc (Fignore_function_time_stamp): Use is_string() to check string
input. Rephrase error message.
* syscalls.cc (Fexec, Fpopen2, Fcanonicalize_file_name): Use is_string() to
check string input. Rephrase error message.
* sysdep.cc (Fsetenv): Use is_string() to check string input.
* time.cc (Fstrftime, Fstrptime): Use is_string() to check string input.
* toplev.cc (Fsystem, Fatexit): Use is_string() to check string input.
* urlwrite.cc (Furlwrite, Furlread): Rephrase error message.
* utils.cc (Ffile_in_path): Use is_string() to check string input. Rephrase
error message.
* variables.cc (extract_function): Add FIXME about potentially using is_string.
* variables.cc (do_isglobal, Fmunlock, Fmislocked): Use is_string() to check
string input.
* variables.cc (set_internal_variable): Rephrase error message.
* ov-base.cc (make_idx_args): Rephrase error message.
* ov-class.cc (octave_class::all_strings, Fclass): Rephrase error message.
* ov-fcn-handle.cc (Fstr2func): Use is_string() to check string input
* ov-java.cc (FjavaObject, FjavaMethod, F__java_get__, F__java_set__):
Use is_string() to check string input.
* ov.cc (Fdecode_subscripts): Use is_string() to check string input.
Rephrase error message.
* pt-idx.cc (tree_index_expression::get_struct_index): Rephrase error message.
* io.tst: Change %!warning test to %!error test to match stricter checking.
* system.tst: Change %!warning test for setenv to %!error test to match
stricter checking.
author | Rik <rik@octave.org> |
---|---|
date | Tue, 16 Dec 2014 09:21:29 -0800 |
parents | 6443693a176f |
children | c2f4f6eb5907 |
comparison
equal
deleted
inserted
replaced
19436:5cd83b466a3e | 19437:03067dab10ca |
---|---|
348 | 348 |
349 std::string url = args(0).string_value (); | 349 std::string url = args(0).string_value (); |
350 | 350 |
351 if (error_state) | 351 if (error_state) |
352 { | 352 { |
353 error ("urlwrite: URL must be a character string"); | 353 error ("urlwrite: URL must be a string"); |
354 return retval; | 354 return retval; |
355 } | 355 } |
356 | 356 |
357 // name to store the file if download is succesful | 357 // name to store the file if download is succesful |
358 // FIXME: Maybe use is_string () for better input validation. | |
358 std::string filename = args(1).string_value (); | 359 std::string filename = args(1).string_value (); |
359 | 360 |
360 if (error_state) | 361 if (error_state) |
361 { | 362 { |
362 error ("urlwrite: LOCALFILE must be a character string"); | 363 error ("urlwrite: LOCALFILE must be a string"); |
363 return retval; | 364 return retval; |
364 } | 365 } |
365 | 366 |
366 std::string method; | 367 std::string method; |
367 Array<std::string> param; | 368 Array<std::string> param; |
368 | 369 |
369 if (nargin == 4) | 370 if (nargin == 4) |
370 { | 371 { |
371 method = args(2).string_value (); | 372 method = args(2).string_value (); |
372 | 373 |
373 if (error_state) | 374 if (error_state || (method != "get" && method != "post")) |
374 { | 375 { |
375 error ("urlwrite: METHOD must be \"get\" or \"post\""); | 376 error ("urlwrite: METHOD must be \"get\" or \"post\""); |
376 return retval; | 377 return retval; |
377 } | 378 } |
378 | 379 |
379 if (method != "get" && method != "post") | 380 param = args(3).cellstr_value (); |
380 { | 381 |
381 error ("urlwrite: METHOD must be \"get\" or \"post\""); | 382 if (error_state) |
383 { | |
384 error ("urlwrite: parameters (PARAM) for get and post requests must be given as a cell array of strings"); | |
382 return retval; | 385 return retval; |
383 } | 386 } |
384 | |
385 param = args(3).cellstr_value (); | |
386 | |
387 if (error_state) | |
388 { | |
389 error ("urlwrite: parameters (PARAM) for get and post requests must be given as a cell array of character strings"); | |
390 return retval; | |
391 } | |
392 | |
393 | 387 |
394 if (param.numel () % 2 == 1) | 388 if (param.numel () % 2 == 1) |
395 { | 389 { |
396 error ("urlwrite: number of elements in PARAM must be even"); | 390 error ("urlwrite: number of elements in PARAM must be even"); |
397 return retval; | 391 return retval; |
496 octave_value_list retval; | 490 octave_value_list retval; |
497 | 491 |
498 int nargin = args.length (); | 492 int nargin = args.length (); |
499 | 493 |
500 // verify arguments | 494 // verify arguments |
501 if (nargin != 1 && nargin != 3) | 495 if (nargin != 1 && nargin != 3) |
502 { | 496 { |
503 print_usage (); | 497 print_usage (); |
504 return retval; | 498 return retval; |
505 } | 499 } |
506 | 500 |
501 // FIXME: Maybe use is_string () for better input validation. | |
507 std::string url = args(0).string_value (); | 502 std::string url = args(0).string_value (); |
508 | 503 |
509 if (error_state) | 504 if (error_state) |
510 { | 505 { |
511 error ("urlread: URL must be a character string"); | 506 error ("urlread: URL must be a string"); |
512 return retval; | 507 return retval; |
513 } | 508 } |
514 | 509 |
515 std::string method; | 510 std::string method; |
516 Array<std::string> param; | 511 Array<std::string> param; |
517 | 512 |
518 if (nargin == 3) | 513 if (nargin == 3) |
519 { | 514 { |
515 // FIXME: Maybe use is_string () for better input validation. | |
520 method = args(1).string_value (); | 516 method = args(1).string_value (); |
521 | 517 |
522 if (error_state) | 518 if (error_state || (method != "get" && method != "post")) |
523 { | 519 { |
524 error ("urlread: METHOD must be \"get\" or \"post\""); | 520 error ("urlread: METHOD must be \"get\" or \"post\""); |
525 return retval; | 521 return retval; |
526 } | 522 } |
527 | 523 |
528 if (method != "get" && method != "post") | |
529 { | |
530 error ("urlread: METHOD must be \"get\" or \"post\""); | |
531 return retval; | |
532 } | |
533 | |
534 param = args(2).cellstr_value (); | 524 param = args(2).cellstr_value (); |
535 | 525 |
536 if (error_state) | 526 if (error_state) |
537 { | 527 { |
538 error ("urlread: parameters (PARAM) for get and post requests must be given as a cell array of character strings"); | 528 error ("urlread: parameters (PARAM) for get and post requests must be given as a cell array of strings"); |
539 return retval; | 529 return retval; |
540 } | 530 } |
541 | 531 |
542 if (param.numel () % 2 == 1) | 532 if (param.numel () % 2 == 1) |
543 { | 533 { |