# HG changeset patch
# User Olaf Wintermann <olaf.wintermann@gmail.com>
# Date 1501753121 -7200
# Node ID 2610eecfc5e5b2cbd0d7b896fd71aee7a751a05d
# Parent  171498cb2137dd5d5ff650be2c88b84fce7846e0
adds resource name validation

crypto-name could contain path separators

diff -r 171498cb2137 -r 2610eecfc5e5 libidav/resource.c
--- a/libidav/resource.c	Thu Aug 03 10:37:52 2017 +0200
+++ b/libidav/resource.c	Thu Aug 03 11:38:41 2017 +0200
@@ -79,15 +79,25 @@
 }
 
 DavResource* dav_resource_new_full(DavSession *sn, char *parent_path, char *name, char *href) {
+    sstr_t n = sstr(name);
+    // the name must not contain path separators
+    for(int i=0;i<n.length-1;i++) {
+        char c = n.ptr[i];
+        if(c == '/' || c == '\\') {
+            n = sstr(util_resource_name(href));
+            break;
+        }
+    }
+    // remove trailing '/'
+    if(n.length > 0 && n.ptr[n.length-1] == '/') {
+        n.length--;
+    }
+    
     DavResource *res = ucx_mempool_calloc(sn->mp, 1, sizeof(DavResource));
     res->session = sn;
     
     // set name, path and href
-    sstr_t n = sstr(name);
     res->name = sstrdup_a(sn->mp->allocator, n).ptr;
-    if(n.length > 0 && n.ptr[n.length-1] == '/') {
-        res->name[n.length-1] = '\0';
-    }
     
     char *path = util_concat_path(parent_path, name); 
     res->path = dav_session_strdup(sn, path);