From e526b61813f7b7f443709d34819a9f1a5b1c08c2 Mon Sep 17 00:00:00 2001
From: Andrew Lindesay <apl@lindesay.co.nz>
Date: Fri, 27 Oct 2023 07:44:06 +1300
Subject: [PATCH] HaikuDepot: Avoid Corrupt Username (2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previous changes removed the ability to supply
control characters at the start and end of a
nickname; this change removes them from anywhere
in the nickname when supplied.

Change-Id: I0631fffa8aaf2c0e267c777892044c53faa4334e
Reviewed-on: https://review.haiku-os.org/c/haiku/+/7071
Tested-by: Commit checker robot <no-reply+buildbot@haiku-os.org>
Reviewed-by: Jérôme Duval <jerome.duval@gmail.com>
---
 .../server/AbstractServerProcess.cpp          | 18 ++++-----
 src/apps/haikudepot/ui/UserLoginWindow.cpp    |  2 +-
 src/apps/haikudepot/util/StringUtils.cpp      | 10 +++++
 src/apps/haikudepot/util/StringUtils.h        |  1 +
 src/tests/apps/haikudepot/StringUtilsTest.cpp | 38 +++++++++++++++++++
 src/tests/apps/haikudepot/StringUtilsTest.h   |  3 ++
 6 files changed, 60 insertions(+), 12 deletions(-)

diff --git a/src/apps/haikudepot/server/AbstractServerProcess.cpp b/src/apps/haikudepot/server/AbstractServerProcess.cpp
index cb788d4744..48cd3ed43a 100644
--- a/src/apps/haikudepot/server/AbstractServerProcess.cpp
+++ b/src/apps/haikudepot/server/AbstractServerProcess.cpp
@@ -383,11 +383,11 @@ AbstractServerProcess::DownloadToLocalFile(const BPath& targetFilePath,
 	fRequest = NULL;
 
 	if (BHttpRequest::IsSuccessStatusCode(statusCode)) {
-		HDINFO("[%s] did complete streaming data [%"
-			B_PRIdSSIZE " bytes]", Name(), listener.ContentLength());
+		HDINFO("[%s] did complete streaming data [%" B_PRIdSSIZE " bytes]", Name(),
+			listener.ContentLength());
 		return B_OK;
 	} else if (statusCode == B_HTTP_STATUS_NOT_MODIFIED) {
-		HDINFO("[%s] remote data has not changed since [%s]", Name(),
+		HDINFO("[%s] remote data has not changed since [%s] so was not downloaded", Name(),
 			ifModifiedSinceHeader.String());
 		return HD_ERR_NOT_MODIFIED;
 	} else if (statusCode == B_HTTP_STATUS_PRECONDITION_FAILED) {
@@ -396,20 +396,16 @@ AbstractServerProcess::DownloadToLocalFile(const BPath& targetFilePath,
 	} else if (BHttpRequest::IsRedirectionStatusCode(statusCode)) {
 		if (location.Length() != 0) {
 			BUrl redirectUrl(result.Url(), location);
-			HDINFO("[%s] will redirect to; %s",
-				Name(), redirectUrl.UrlString().String());
-			return DownloadToLocalFile(targetFilePath, redirectUrl,
-				redirects + 1, 0);
+			HDINFO("[%s] will redirect to; %s", Name(), redirectUrl.UrlString().String());
+			return DownloadToLocalFile(targetFilePath, redirectUrl, redirects + 1, 0);
 		}
 
 		HDERROR("[%s] unable to find 'Location' header for redirect", Name());
 		return B_IO_ERROR;
 	} else {
 		if (statusCode == 0 || (statusCode / 100) == 5) {
-			HDERROR("error response from server [%" B_PRId32 "] --> retry...",
-				statusCode);
-			return DownloadToLocalFile(targetFilePath, url, redirects,
-				failures + 1);
+			HDERROR("error response from server [%" B_PRId32 "] --> retry...", statusCode);
+			return DownloadToLocalFile(targetFilePath, url, redirects, failures + 1);
 		}
 
 		HDERROR("[%s] unexpected response from server [%" B_PRId32 "]",
diff --git a/src/apps/haikudepot/ui/UserLoginWindow.cpp b/src/apps/haikudepot/ui/UserLoginWindow.cpp
index 35fc49b69e..6abcefc57b 100644
--- a/src/apps/haikudepot/ui/UserLoginWindow.cpp
+++ b/src/apps/haikudepot/ui/UserLoginWindow.cpp
@@ -480,7 +480,7 @@ void
 UserLoginWindow::_Authenticate()
 {
 	BString username = fNicknameField->Text();
-	StringUtils::InSituTrimSpaceAndControl(username);
+	StringUtils::InSituStripSpaceAndControl(username);
 	_Authenticate(UserCredentials(username, fPasswordField->Text()));
 }
 
diff --git a/src/apps/haikudepot/util/StringUtils.cpp b/src/apps/haikudepot/util/StringUtils.cpp
index 9c996f6943..d7f30e9d38 100644
--- a/src/apps/haikudepot/util/StringUtils.cpp
+++ b/src/apps/haikudepot/util/StringUtils.cpp
@@ -29,6 +29,16 @@ StringUtils::InSituTrimSpaceAndControl(BString& value)
 }
 
 
+/*static*/ void
+StringUtils::InSituStripSpaceAndControl(BString& value)
+{
+	for (int i = value.Length() - 1; i >= 0; i--) {
+		if (_IsSpaceOrControl(value.ByteAt(i)))
+			value.Remove(i, 1);
+	}
+}
+
+
 /*static*/ bool
 StringUtils::_IsSpaceOrControl(char ch)
 {
diff --git a/src/apps/haikudepot/util/StringUtils.h b/src/apps/haikudepot/util/StringUtils.h
index 3e447a2ed1..a160dddb68 100644
--- a/src/apps/haikudepot/util/StringUtils.h
+++ b/src/apps/haikudepot/util/StringUtils.h
@@ -13,6 +13,7 @@ class StringUtils {
 
 public:
 	static void				InSituTrimSpaceAndControl(BString& value);
+	static void				InSituStripSpaceAndControl(BString& value);
 
 private:
 	static bool				_IsSpaceOrControl(char ch);
diff --git a/src/tests/apps/haikudepot/StringUtilsTest.cpp b/src/tests/apps/haikudepot/StringUtilsTest.cpp
index 8774e610f6..76b55995d5 100644
--- a/src/tests/apps/haikudepot/StringUtilsTest.cpp
+++ b/src/tests/apps/haikudepot/StringUtilsTest.cpp
@@ -78,6 +78,35 @@ StringUtilsTest::TestNoTrimInSituTrimSpaceAndControl()
 }
 
 
+void
+StringUtilsTest::TestInSituStripSpaceAndControl()
+{
+	BString string = "\x01 To\tnic Wa\nter  ";
+
+// ----------------------
+	StringUtils::InSituTrimSpaceAndControl(string);
+// ----------------------
+
+	const BString expected = "TonicWater";
+		// note intervening space also removed
+	CPPUNIT_ASSERT_EQUAL(expected, string);
+}
+
+
+void
+StringUtilsTest::TestNoInSituStripSpaceAndControl()
+{
+	BString string = "Tonic Water";
+
+// ----------------------
+	StringUtils::InSituStripSpaceAndControl(string);
+// ----------------------
+
+	const BString expected = "Tonic Water";
+	CPPUNIT_ASSERT_EQUAL(expected, string);
+}
+
+
 /*static*/ void
 StringUtilsTest::AddTests(BTestSuite& parent)
 {
@@ -100,5 +129,14 @@ StringUtilsTest::AddTests(BTestSuite& parent)
 			"StringUtilsTest::TestNoTrimInSituTrimSpaceAndControl",
 			&StringUtilsTest::TestNoTrimInSituTrimSpaceAndControl));
 
+	suite.addTest(
+		new CppUnit::TestCaller<StringUtilsTest>(
+			"StringUtilsTest::TestNoInSituStripSpaceAndControl",
+			&StringUtilsTest::TestNoInSituStripSpaceAndControl));
+	suite.addTest(
+		new CppUnit::TestCaller<StringUtilsTest>(
+			"StringUtilsTest::TestInSituStripSpaceAndControl",
+			&StringUtilsTest::TestInSituStripSpaceAndControl));
+
 	parent.addTest("StringUtilsTest", &suite);
 }
\ No newline at end of file
diff --git a/src/tests/apps/haikudepot/StringUtilsTest.h b/src/tests/apps/haikudepot/StringUtilsTest.h
index 71beb6bd9f..b725003618 100644
--- a/src/tests/apps/haikudepot/StringUtilsTest.h
+++ b/src/tests/apps/haikudepot/StringUtilsTest.h
@@ -19,6 +19,9 @@ public:
 			void				TestStartAndEndInSituTrimSpaceAndControl();
 			void				TestNoTrimInSituTrimSpaceAndControl();
 
+			void				TestInSituStripSpaceAndControl();
+			void				TestNoInSituStripSpaceAndControl();
+
 	static	void				AddTests(BTestSuite& suite);
 };