VirtualBox

Changeset 94807 in vbox


Ignore:
Timestamp:
May 4, 2022 8:13:06 AM (3 years ago)
Author:
vboxsync
Message:

Main/Update check: Added sanity checks for repository URLs. bugref:7983

Location:
trunk/src/VBox/Main
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Main/include/UpdateAgentImpl.h

    r94756 r94807  
    7575     * @{ */
    7676    static Utf8Str i_getPlatformInfo(void);
    77     const char *i_proxyModeToStr(ProxyMode_T enmMode);
     77    const char    *i_proxyModeToStr(ProxyMode_T enmMode);
     78    bool           i_urlSchemeIsSupported(const Utf8Str &strUrl) const;
    7879    /** @} */
    7980

  • trunk/src/VBox/Main/src-server/UpdateAgentImpl.cpp

    r94756 r94807  
    287287}
    288288
     289/**
     290 * Returns whether a given URL's scheme is supported or not.
     291 *
     292 * @returns \c true if scheme is supported, or \c false if not.
     293 * @param   strUrl              URL to check scheme for.
     294 *
     295 * @note Empty URL are considered as being supported for convenience.
     296 */
     297bool UpdateAgentBase::i_urlSchemeIsSupported(const Utf8Str &strUrl) const
     298{
     299    if (strUrl.isEmpty())
     300        return true;
     301    return strUrl.startsWith("https://", com::Utf8Str::CaseInsensitive);
     302}
     303
    289304
    290305/*********************************************************************************************************************************
     
    534549HRESULT UpdateAgent::setRepositoryURL(const com::Utf8Str &aRepo)
    535550{
    536     if (!aRepo.startsWith("https://", com::Utf8Str::CaseInsensitive))
    537         return setError(E_INVALIDARG, tr("Invalid URL scheme specified; only https:// is supported."));
     551    if (!i_urlSchemeIsSupported(aRepo))
     552        return setError(E_INVALIDARG, tr("Invalid URL scheme specified!"));
    538553
    539554    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
     
    664679 *
    665680 * @returns HRESULT
     681 * @retval  E_INVALIDARG if to-load settings are invalid / not supported.
    666682 * @param   data                Where to load the settings from.
    667683 */
     
    679695        m->strRepoUrl    = data.strRepoUrl;
    680696    m->enmProxyMode      = data.enmProxyMode;
    681     m->strProxyUrl       = data.strProxyUrl;
     697    if (data.strProxyUrl.isNotEmpty()) /* Explicitly set (and mark) an own proxy? */
     698    {
     699        m->strProxyUrl   = data.strProxyUrl;
     700        mData.m_fUseOwnProxy = true;
     701    }
    682702    m->strLastCheckDate  = data.strLastCheckDate;
    683703    m->uCheckCount       = data.uCheckCount;
     704
     705    /* Sanity checks. */
     706    if (!i_urlSchemeIsSupported(data.strRepoUrl))
     707        return setError(E_INVALIDARG, tr("Invalid URL scheme specified!"));
    684708
    685709    return S_OK;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette