Mercurial Mercurial > prosody > prosody / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
util/format.lua
author Jonas Schäfer <jonas@wielicki.name>
Mon, 10 Jan 2022 18:23:54 +0100
branch0.11
changeset 12185 783056b4e448
parent 8420 e88db5668cfb
child 9660 3da6cc927ee6
permissions -rw-r--r--
util.xml: Do not allow doctypes, comments or processing instructions Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
8228
70cb72f46a3b util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset 
     1
 
--
70cb72f46a3b util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset 
     2
 
-- A string.format wrapper that gracefully handles invalid arguments
70cb72f46a3b util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset 
     3
 
--
70cb72f46a3b util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset 
     4
 












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




     5


local tostring = tostring;












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




     6


local select = select;







8420






e88db5668cfb
util.format: Import unpack from table lib in Lua 5.2+



Kim Alvefur <zash@zash.se>


parents: 
8386

diff
changeset




     7


local unpack = table.unpack or unpack; -- luacheck: ignore 113/unpack







8228






70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




     8


local type = type;












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




     9









8385






e5d00bf4a4d5
util: Various minor changes to please [luacheck]



Kim Alvefur <zash@zash.se>


parents: 
8228

diff
changeset




    10


local function format(formatstring, ...)







8228






70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    11


	local args, args_length = { ... }, select('#', ...);












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    12














70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    13


	-- format specifier spec:












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    14


	-- 1. Start: '%%'












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    15


	-- 2. Flags: '[%-%+ #0]'












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    16


	-- 3. Width: '%d?%d?'












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    17


	-- 4. Precision: '%.?%d?%d?'












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    18


	-- 5. Option: '[cdiouxXaAeEfgGqs%%]'












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    19


	--












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    20


	-- The options c, d, E, e, f, g, G, i, o, u, X, and x all expect a number as argument, whereas q and s expect a string.












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    21


	-- This function does not accept string values containing embedded zeros, except as arguments to the q option.












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    22


	-- a and A are only in Lua 5.2+












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    23














70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    24














70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    25


	-- process each format specifier












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    26


	local i = 0;







8385






e5d00bf4a4d5
util: Various minor changes to please [luacheck]



Kim Alvefur <zash@zash.se>


parents: 
8228

diff
changeset




    27


	formatstring = formatstring:gsub("%%[^cdiouxXaAeEfgGqs%%]*[cdiouxXaAeEfgGqs%%]", function(spec)







8228






70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    28


		if spec ~= "%%" then












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    29


			i = i + 1;












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    30


			local arg = args[i];












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    31


			if arg == nil then -- special handling for nil












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    32


				arg = "<nil>"












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    33


				args[i] = "<nil>";












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    34


			end












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    35














70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    36


			local option = spec:sub(-1);












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    37


			if option == "q" or option == "s" then -- arg should be string












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    38


				args[i] = tostring(arg);












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    39


			elseif type(arg) ~= "number" then -- arg isn't number as expected?












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    40


				args[i] = tostring(arg);












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    41


				spec = "[%s]";












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    42


			end












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    43


		end












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    44


		return spec;












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    45


	end);












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    46














70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    47


	-- process extra args












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    48


	while i < args_length do












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    49


		i = i + 1;












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    50


		local arg = args[i];












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    51


		if arg == nil then












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    52


			args[i] = "<nil>";












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    53


		else












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    54


			args[i] = tostring(arg);












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    55


		end







8385






e5d00bf4a4d5
util: Various minor changes to please [luacheck]



Kim Alvefur <zash@zash.se>


parents: 
8228

diff
changeset




    56


		formatstring = formatstring .. " [%s]"







8228






70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    57


	end












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    58









8385






e5d00bf4a4d5
util: Various minor changes to please [luacheck]



Kim Alvefur <zash@zash.se>


parents: 
8228

diff
changeset




    59


	return formatstring:format(unpack(args));







8228






70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    60


end












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    61














70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    62


return {












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    63


	format = format;












70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments



Waqas Hussain <waqas20@gmail.com>


parents: 

diff
changeset




    64


};














prosody