1251881Speter/*
2251881Speter * validate.c:  validation routines
3251881Speter *
4251881Speter * ====================================================================
5251881Speter *    Licensed to the Apache Software Foundation (ASF) under one
6251881Speter *    or more contributor license agreements.  See the NOTICE file
7251881Speter *    distributed with this work for additional information
8251881Speter *    regarding copyright ownership.  The ASF licenses this file
9251881Speter *    to you under the Apache License, Version 2.0 (the
10251881Speter *    "License"); you may not use this file except in compliance
11251881Speter *    with the License.  You may obtain a copy of the License at
12251881Speter *
13251881Speter *      http://www.apache.org/licenses/LICENSE-2.0
14251881Speter *
15251881Speter *    Unless required by applicable law or agreed to in writing,
16251881Speter *    software distributed under the License is distributed on an
17251881Speter *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18251881Speter *    KIND, either express or implied.  See the License for the
19251881Speter *    specific language governing permissions and limitations
20251881Speter *    under the License.
21251881Speter * ====================================================================
22251881Speter */
23251881Speter
24251881Speter/* ==================================================================== */
25251881Speter
26251881Speter
27251881Speter
28251881Speter/*** Includes. ***/
29251881Speter
30251881Speter#define APR_WANT_STRFUNC
31251881Speter#include <apr_want.h>
32251881Speter
33251881Speter#include "svn_error.h"
34251881Speter#include "svn_ctype.h"
35251881Speter#include "svn_private_config.h"
36251881Speter
37251881Speter
38251881Speter
39251881Speter/*** Code. ***/
40251881Speter
41251881Spetersvn_error_t *
42251881Spetersvn_mime_type_validate(const char *mime_type, apr_pool_t *pool)
43251881Speter{
44251881Speter  /* Since svn:mime-type can actually contain a full content type
45251881Speter     specification, e.g., "text/html; charset=UTF-8", make sure we're
46251881Speter     only looking at the media type here. */
47251881Speter  const apr_size_t len = strcspn(mime_type, "; ");
48251881Speter  const apr_size_t len2 = strlen(mime_type);
49251881Speter  const char *const slash_pos = strchr(mime_type, '/');
50251881Speter  apr_size_t i;
51251881Speter  const char *tspecials = "()<>@,;:\\\"/[]?=";
52251881Speter
53251881Speter  if (len == 0)
54251881Speter    return svn_error_createf
55251881Speter      (SVN_ERR_BAD_MIME_TYPE, NULL,
56251881Speter       _("MIME type '%s' has empty media type"), mime_type);
57251881Speter
58251881Speter  if (slash_pos == NULL || slash_pos >= &mime_type[len])
59251881Speter    return svn_error_createf
60251881Speter      (SVN_ERR_BAD_MIME_TYPE, NULL,
61251881Speter       _("MIME type '%s' does not contain '/'"), mime_type);
62251881Speter
63251881Speter  /* Check the mime type for illegal characters. See RFC 1521. */
64251881Speter  for (i = 0; i < len; i++)
65251881Speter    {
66251881Speter      if (&mime_type[i] != slash_pos
67251881Speter         && (! svn_ctype_isascii(mime_type[i])
68251881Speter            || svn_ctype_iscntrl(mime_type[i])
69251881Speter            || svn_ctype_isspace(mime_type[i])
70251881Speter            || (strchr(tspecials, mime_type[i]) != NULL)))
71251881Speter        return svn_error_createf
72251881Speter          (SVN_ERR_BAD_MIME_TYPE, NULL,
73251881Speter           _("MIME type '%s' contains invalid character '%c' "
74251881Speter             "in media type"),
75251881Speter           mime_type, mime_type[i]);
76251881Speter    }
77251881Speter
78251881Speter  /* Check the whole string for unsafe characters. (issue #2872) */
79251881Speter  for (i = 0; i < len2; i++)
80251881Speter    {
81251881Speter      if (svn_ctype_iscntrl(mime_type[i]) && mime_type[i] != '\t')
82251881Speter        return svn_error_createf(
83251881Speter           SVN_ERR_BAD_MIME_TYPE, NULL,
84251881Speter           _("MIME type '%s' contains invalid character '0x%02x' "
85251881Speter             "in postfix"),
86251881Speter           mime_type, mime_type[i]);
87251881Speter    }
88251881Speter
89251881Speter  return SVN_NO_ERROR;
90251881Speter}
91251881Speter
92251881Speter
93251881Spetersvn_boolean_t
94251881Spetersvn_mime_type_is_binary(const char *mime_type)
95251881Speter{
96251881Speter  /* See comment in svn_mime_type_validate() above. */
97251881Speter  const apr_size_t len = strcspn(mime_type, "; ");
98251881Speter  return ((strncmp(mime_type, "text/", 5) != 0)
99251881Speter          && (len != 15 || strncmp(mime_type, "image/x-xbitmap", len) != 0)
100251881Speter          && (len != 15 || strncmp(mime_type, "image/x-xpixmap", len) != 0)
101251881Speter          );
102251881Speter}
103