faux/lub/string/string_escape.c

/*
 * string_escape.c
 */
#include "private.h"

#include <stdlib.h>
#include <string.h>

/*
 * These are the escape characters which are used by default when 
 * expanding variables. These characters will be backslash escaped
 * to prevent them from being interpreted in a script.
 *
 * This is a security feature to prevent users from arbitarily setting
 * parameters to contain special sequences.
 */
static const char *default_escape_chars = "`|$<>&()#;";

/*--------------------------------------------------------- */
char *lub_string_decode(const char *string)
{
	const char *s = string;
	char *res, *p;
	int esc = 0;

	if (!string)
		return NULL;

	/* Allocate enough memory for result */
	p = res = malloc(strlen(string) + 1);

	while (*s) {
		if (!esc) {
			if ('\\' == *s)
				esc = 1;
			else
				*p = *s;
		} else {
			switch (*s) {
			case 'r':
			case 'n':
				*p = '\n';
				break;
			case 't':
				*p = '\t';
				break;
			default:
				*p = *s;
				break;
			}
			esc = 0;
		}
		if (!esc)
			p++;
		s++;
	}
	*p = '\0';

	/* Optimize the memory allocated for result */
	p = lub_string_dup(res);
	free(res);

	return p;
}

/*----------------------------------------------------------- */
/*
 * This needs to escape any dangerous characters within the command line
 * to prevent gaining access to the underlying system shell.
 */
char *lub_string_encode(const char *string, const char *escape_chars)
{
	char *result = NULL;
	const char *p;

	if (NULL == escape_chars) {
		escape_chars = default_escape_chars;
	}
	for (p = string; p && *p; p++) {
		/* find any special characters and prefix them with '\' */
		size_t len = strcspn(p, escape_chars);
		lub_string_catn(&result, p, len);
		p += len;
		if (*p) {
			lub_string_catn(&result, "\\", 1);
			lub_string_catn(&result, p, 1);
		} else {
			break;
		}
	}
	return result;
}

/*--------------------------------------------------------- */