From a7b2d8328c539da6e79a118a0b8e97462c7daa77 Mon Sep 17 00:00:00 2001 From: Cristy Date: Sun, 10 Nov 2019 14:53:23 -0500 Subject: [PATCH] Santize ';' from SHOW and WIN delegates --- magick/delegate.c | 26 +++++++++++++++++++++++++- magick/string.c | 4 ++-- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/magick/delegate.c b/magick/delegate.c index 37cd77b39..4fec87fc6 100644 --- a/magick/delegate.c +++ b/magick/delegate.c @@ -507,6 +507,30 @@ MagickExport int ExternalDelegateCommand(const MagickBooleanType asynchronous, % */ +static char *SanitizeDelegateString(const char *source) +{ + char + *sanitize_source; + + const char + *q; + + register char + *p; + + static char + whitelist[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " + "$-_.+!*'(),{}|\\^~[]`\"><#%/?:@&="; + + sanitize_source=AcquireString(source); + p=sanitize_source; + q=sanitize_source+strlen(sanitize_source); + for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist)) + *p='_'; + return(sanitize_source); +} + static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image, const char letter) { @@ -918,7 +942,7 @@ static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image, break; } } - return(SanitizeString(string)); + return(SanitizeDelegateString(string)); } static char *InterpretDelegateProperties(const ImageInfo *image_info, diff --git a/magick/string.c b/magick/string.c index 828f12a0c..1e4ae55cb 100644 --- a/magick/string.c +++ b/magick/string.c @@ -1588,10 +1588,10 @@ MagickExport void ResetStringInfo(StringInfo *string_info) % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % -% SanitizeString() returns an new string removes all characters except +% SanitizeString() returns a new string removes all characters except % letters, digits and !#$%&'*+-=?^_`{|}~@.[]. % -% The returned string shoud be freed using DestoryString(). +% Free the sanitized string with DestroyString(). % % The format of the SanitizeString method is: %