Mercurial > octave-nkf
comparison libinterp/corefcn/urlwrite.cc @ 19437:03067dab10ca
Use stricter input validation when looking for a string as input (bug #42651).
* data.cc (get_sort_mode_option, Fissorted): Use is_string() to check string
input.
* debug.cc (Fdbstep): use "string" rather than "character string" in error
messages.
* error.cc (Flasterr, Flastwarn): use "string" rather than "character string"
in error messages.
* file-io.cc (do_stream_open, do_fread, do_fwrite, Fpopen, Ftempname,
Fmkstemp): Use is_string() to check string input.
* graphics.cc (Fgraphics_toolkit): Use is_string() to check string input.
Rephrase error message.
* help.cc (F__list_functions): Use is_string() to check string input.
* input.cc (Fyes_or_no): Use is_string() to check string input. Rephrase
error message.
* input.cc (Fadd_input_event_hook): Rephrase error message.
* load-path.cc (Fgenpath, Faddpath): Rephrase error message.
* matrix_type.cc (Fmatrix_type): Use is_string() to check string input.
* qz.cc (Fqz): Follow Octave coding convention for space after '!'.
* regexp.cc (parse_options): Use is_string() to check string input.
Rephrase error message.
* schur.cc (Fschur): Use is_string() to check string input.
* strfns.cc (Flist_in_columns): Use is_string() to check string input.
Rephrase error message.
* symtab.cc (Fignore_function_time_stamp): Use is_string() to check string
input. Rephrase error message.
* syscalls.cc (Fexec, Fpopen2, Fcanonicalize_file_name): Use is_string() to
check string input. Rephrase error message.
* sysdep.cc (Fsetenv): Use is_string() to check string input.
* time.cc (Fstrftime, Fstrptime): Use is_string() to check string input.
* toplev.cc (Fsystem, Fatexit): Use is_string() to check string input.
* urlwrite.cc (Furlwrite, Furlread): Rephrase error message.
* utils.cc (Ffile_in_path): Use is_string() to check string input. Rephrase
error message.
* variables.cc (extract_function): Add FIXME about potentially using is_string.
* variables.cc (do_isglobal, Fmunlock, Fmislocked): Use is_string() to check
string input.
* variables.cc (set_internal_variable): Rephrase error message.
* ov-base.cc (make_idx_args): Rephrase error message.
* ov-class.cc (octave_class::all_strings, Fclass): Rephrase error message.
* ov-fcn-handle.cc (Fstr2func): Use is_string() to check string input
* ov-java.cc (FjavaObject, FjavaMethod, F__java_get__, F__java_set__):
Use is_string() to check string input.
* ov.cc (Fdecode_subscripts): Use is_string() to check string input.
Rephrase error message.
* pt-idx.cc (tree_index_expression::get_struct_index): Rephrase error message.
* io.tst: Change %!warning test to %!error test to match stricter checking.
* system.tst: Change %!warning test for setenv to %!error test to match
stricter checking.
| author | Rik <rik@octave.org> |
|---|---|
| date | Tue, 16 Dec 2014 09:21:29 -0800 |
| parents | 6443693a176f |
| children | c2f4f6eb5907 |
comparison
equal
deleted
inserted
replaced
| 19436:5cd83b466a3e | 19437:03067dab10ca |
|---|---|
| 348 | 348 |
| 349 std::string url = args(0).string_value (); | 349 std::string url = args(0).string_value (); |
| 350 | 350 |
| 351 if (error_state) | 351 if (error_state) |
| 352 { | 352 { |
| 353 error ("urlwrite: URL must be a character string"); | 353 error ("urlwrite: URL must be a string"); |
| 354 return retval; | 354 return retval; |
| 355 } | 355 } |
| 356 | 356 |
| 357 // name to store the file if download is succesful | 357 // name to store the file if download is succesful |
| 358 // FIXME: Maybe use is_string () for better input validation. | |
| 358 std::string filename = args(1).string_value (); | 359 std::string filename = args(1).string_value (); |
| 359 | 360 |
| 360 if (error_state) | 361 if (error_state) |
| 361 { | 362 { |
| 362 error ("urlwrite: LOCALFILE must be a character string"); | 363 error ("urlwrite: LOCALFILE must be a string"); |
| 363 return retval; | 364 return retval; |
| 364 } | 365 } |
| 365 | 366 |
| 366 std::string method; | 367 std::string method; |
| 367 Array<std::string> param; | 368 Array<std::string> param; |
| 368 | 369 |
| 369 if (nargin == 4) | 370 if (nargin == 4) |
| 370 { | 371 { |
| 371 method = args(2).string_value (); | 372 method = args(2).string_value (); |
| 372 | 373 |
| 373 if (error_state) | 374 if (error_state || (method != "get" && method != "post")) |
| 374 { | 375 { |
| 375 error ("urlwrite: METHOD must be \"get\" or \"post\""); | 376 error ("urlwrite: METHOD must be \"get\" or \"post\""); |
| 376 return retval; | 377 return retval; |
| 377 } | 378 } |
| 378 | 379 |
| 379 if (method != "get" && method != "post") | 380 param = args(3).cellstr_value (); |
| 380 { | 381 |
| 381 error ("urlwrite: METHOD must be \"get\" or \"post\""); | 382 if (error_state) |
| 383 { | |
| 384 error ("urlwrite: parameters (PARAM) for get and post requests must be given as a cell array of strings"); | |
| 382 return retval; | 385 return retval; |
| 383 } | 386 } |
| 384 | |
| 385 param = args(3).cellstr_value (); | |
| 386 | |
| 387 if (error_state) | |
| 388 { | |
| 389 error ("urlwrite: parameters (PARAM) for get and post requests must be given as a cell array of character strings"); | |
| 390 return retval; | |
| 391 } | |
| 392 | |
| 393 | 387 |
| 394 if (param.numel () % 2 == 1) | 388 if (param.numel () % 2 == 1) |
| 395 { | 389 { |
| 396 error ("urlwrite: number of elements in PARAM must be even"); | 390 error ("urlwrite: number of elements in PARAM must be even"); |
| 397 return retval; | 391 return retval; |
| 496 octave_value_list retval; | 490 octave_value_list retval; |
| 497 | 491 |
| 498 int nargin = args.length (); | 492 int nargin = args.length (); |
| 499 | 493 |
| 500 // verify arguments | 494 // verify arguments |
| 501 if (nargin != 1 && nargin != 3) | 495 if (nargin != 1 && nargin != 3) |
| 502 { | 496 { |
| 503 print_usage (); | 497 print_usage (); |
| 504 return retval; | 498 return retval; |
| 505 } | 499 } |
| 506 | 500 |
| 501 // FIXME: Maybe use is_string () for better input validation. | |
| 507 std::string url = args(0).string_value (); | 502 std::string url = args(0).string_value (); |
| 508 | 503 |
| 509 if (error_state) | 504 if (error_state) |
| 510 { | 505 { |
| 511 error ("urlread: URL must be a character string"); | 506 error ("urlread: URL must be a string"); |
| 512 return retval; | 507 return retval; |
| 513 } | 508 } |
| 514 | 509 |
| 515 std::string method; | 510 std::string method; |
| 516 Array<std::string> param; | 511 Array<std::string> param; |
| 517 | 512 |
| 518 if (nargin == 3) | 513 if (nargin == 3) |
| 519 { | 514 { |
| 515 // FIXME: Maybe use is_string () for better input validation. | |
| 520 method = args(1).string_value (); | 516 method = args(1).string_value (); |
| 521 | 517 |
| 522 if (error_state) | 518 if (error_state || (method != "get" && method != "post")) |
| 523 { | 519 { |
| 524 error ("urlread: METHOD must be \"get\" or \"post\""); | 520 error ("urlread: METHOD must be \"get\" or \"post\""); |
| 525 return retval; | 521 return retval; |
| 526 } | 522 } |
| 527 | 523 |
| 528 if (method != "get" && method != "post") | |
| 529 { | |
| 530 error ("urlread: METHOD must be \"get\" or \"post\""); | |
| 531 return retval; | |
| 532 } | |
| 533 | |
| 534 param = args(2).cellstr_value (); | 524 param = args(2).cellstr_value (); |
| 535 | 525 |
| 536 if (error_state) | 526 if (error_state) |
| 537 { | 527 { |
| 538 error ("urlread: parameters (PARAM) for get and post requests must be given as a cell array of character strings"); | 528 error ("urlread: parameters (PARAM) for get and post requests must be given as a cell array of strings"); |
| 539 return retval; | 529 return retval; |
| 540 } | 530 } |
| 541 | 531 |
| 542 if (param.numel () % 2 == 1) | 532 if (param.numel () % 2 == 1) |
| 543 { | 533 { |