C3MA/DD3-LoRa-Bridge-MultiSender
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden history device ID validation and SD download filename

Browse Source
This commit is contained in:
acidburns
2026-02-02 21:19:44 +01:00
parent 0e12b406de
commit a4d9be1903
4 changed files with 119 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/html_util.cpp
View File

@@ -47,3 +47,52 @@ String url_encode_component(const String &input) {
}
return out;
}
static bool is_hex_char(char c) {
return (c >= '0' && c <= '9') ||
(c >= 'a' && c <= 'f') ||
(c >= 'A' && c <= 'F');
}
static String to_upper_hex4(const String &input) {
String out = input;
out.toUpperCase();
return out;
}
bool sanitize_device_id(const String &input, String &out_device_id) {
String trimmed = input;
trimmed.trim();
if (trimmed.length() == 0) {
return false;
}
if (trimmed.indexOf('/') >= 0 || trimmed.indexOf('\\') >= 0 || trimmed.indexOf("..") >= 0) {
return false;
}
if (trimmed.indexOf('%') >= 0) {
return false;
}
if (trimmed.length() == 4) {
for (size_t i = 0; i < 4; ++i) {
if (!is_hex_char(trimmed[i])) {
return false;
}
}
out_device_id = String("dd3-") + to_upper_hex4(trimmed);
return true;
}
if (trimmed.length() == 8 && trimmed.startsWith("dd3-")) {
String hex = trimmed.substring(4);
for (size_t i = 0; i < 4; ++i) {
if (!is_hex_char(hex[i])) {
return false;
}
}
out_device_id = String("dd3-") + to_upper_hex4(hex);
return true;
}
return false;
}