这是indexloc提供的服务,不要输入任何密码
Skip to content

Added Sanitization for the input file for termux-open command #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added Sanitization for the input file for termux-open command #58

wants to merge 1 commit into from

Conversation

eternalfrustation
Copy link

@eternalfrustation eternalfrustation commented Oct 5, 2023
edited by twaik
Loading

The termux-open command had no sanitization for the input file, which prevented it from opening files containing % characters, this P.R. adds that sanitization.

termux/termux-app#3250

@agnostic-apollo
Copy link
Member

If you always do encoding, you will break paths if they were already encoded by user before passing to termux-open, so you need to add an -e and --encode option that conditionally does it.

Moreover, it's best not to encode yourself, encoding algorithms are very complex. You can use curl to encode. Add following after if [ -f "$FILE" ] condition.

if [ "$ENCODE" = "1" ]; then
    # Encode FILE with curl. sed replaced trailing newline and the "/?" prefix.
    # - https://stackoverflow.com/a/10797966
    FILE="$(printf "%s" "$FILE" | { curl -Gs -w %{url_effective} --data-urlencode @- ./ || :; } | sed -e "s/%0[aA]$//; s/^[^?]*?\(.*\)/\1/")"
fi

Also commit format must be as per repo git history. Use

termux-open: Add `-e` and `--encode` options to encode characters like `%` in file path

Closes termux/termux-app#3250

Abocram22

This comment was marked as spam.

Sign in to view

twaik
twaik requested changes May 27, 2025
View reviewed changes
scripts/termux-open.in
Comment on lines +44 to +59
string="$1"
length=$(echo "$string" | wc -c)
length=$((length - 1))
encoded=""

i=1
while [ "$i" -le "$length" ]; do
char=$(echo "$string" | cut -c "$i")
case "$char" in
[a-zA-Z0-9.~_-]) encoded="$encoded$char";;
*) encoded="$encoded%$(printf "%02X" "'$char")";;
esac
i=$((i + 1))
done

echo "$encoded"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be done much easier without invoking external commands lots of times.

Suggested change
string="$1"
length=$(echo "$string" | wc -c)
length=$((length - 1))
encoded=""
i=1
while [ "$i" -le "$length" ]; do
char=$(echo "$string" | cut -c "$i")
case "$char" in
[a-zA-Z0-9.~_-]) encoded="$encoded$char";;
*) encoded="$encoded%$(printf "%02X" "'$char")";;
esac
i=$((i + 1))
done
echo "$encoded"
for ((i=0; i<${#1}; i++)); do
case "${1:i:1}" in
[a-zA-Z0-9.~_-]) printf '%s' "${1:i:1}" ;;
*) printf '%%%02X' "'${1:i:1}" ;;
esac
done
echo

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, it is regular /bin/sh, not a bash. Right.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we switch to bash here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twaik twaik twaik requested changes

@Abocram22 Abocram22 Abocram22 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@eternalfrustation @agnostic-apollo @twaik @Abocram22