template-parser: do not accept variables startins with numbers and _

author: Rafael G. Martins <rafael@rafaelmartins.eng.br> 2015-12-29 00:39:01 +0100
committer: Rafael G. Martins <rafael@rafaelmartins.eng.br> 2015-12-29 00:39:01 +0100
commit: e727bdcde63804a308103adeaa2637c5ee1ebdc8 (patch)
tree: dd4f7d84028f8ad822bea0697329c700d769dca0
parent: 8d96c02e5118cf7bd656fde9100570a67115d19a (diff)
download: blogc-e727bdcde63804a308103adeaa2637c5ee1ebdc8.tar.gz
blogc-e727bdcde63804a308103adeaa2637c5ee1ebdc8.tar.bz2
blogc-e727bdcde63804a308103adeaa2637c5ee1ebdc8.zip
2 files changed, 83 insertions, 10 deletions
diff --git a/src/template-parser.c b/src/template-parser.c
index e5c750e..030ecca 100644
--- a/src/template-parser.c
+++ b/src/template-parser.c
@@ -338,21 +338,22 @@ blogc_template_parse(const char *src, size_t src_len, blogc_error_t **err)
             case TEMPLATE_BLOCK_IF_OPERAND_START:
                 if (c == ' ')
                     break;
-                if ((c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '_') {
+                if (c >= 'A' && c <= 'Z') {
                     state = TEMPLATE_BLOCK_IF_VARIABLE_OPERAND;
                     start2 = current;
                     break;
                 }
-                if (c != '"') {
-                    op_start = 0;
-                    op_end = 0;
-                    *err = blogc_error_parser(BLOGC_ERROR_TEMPLATE_PARSER, src,
-                        src_len, current,
-                        "Invalid 'if' operand. Must be double-quoted static string.");
+                if (c == '"') {
+                    state = TEMPLATE_BLOCK_IF_STRING_OPERAND;
+                    start2 = current;
                     break;
                 }
-                state = TEMPLATE_BLOCK_IF_STRING_OPERAND;
-                start2 = current;
+                op_start = 0;
+                op_end = 0;
+                *err = blogc_error_parser(BLOGC_ERROR_TEMPLATE_PARSER, src,
+                    src_len, current,
+                    "Invalid 'if' operand. Must be double-quoted static "
+                    "string or variable.");
                 break;
 
             case TEMPLATE_BLOCK_IF_STRING_OPERAND:
diff --git a/tests/check_template_parser.c b/tests/check_template_parser.c
index 6aaceed..145a27e 100644
--- a/tests/check_template_parser.c
+++ b/tests/check_template_parser.c
@@ -570,6 +570,23 @@ test_template_parse_invalid_ifdef_variable(void **state)
 
 
 static void
+test_template_parse_invalid_ifdef_variable2(void **state)
+{
+    const char *a = "{% block entry %}{% ifdef 0123 %}\n";
+    blogc_error_t *err = NULL;
+    b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err);
+    assert_non_null(err);
+    assert_null(stmts);
+    assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER);
+    assert_string_equal(err->msg,
+        "Invalid variable name. Must begin with uppercase letter.\n"
+        "Error occurred near line 1, position 27: "
+        "{% block entry %}{% ifdef 0123 %}");
+    blogc_error_free(err);
+}
+
+
+static void
 test_template_parse_invalid_foreach_variable(void **state)
 {
     const char *a = "{% block entry %}{% foreach BoLA %}\n";
@@ -587,6 +604,23 @@ test_template_parse_invalid_foreach_variable(void **state)
 
 
 static void
+test_template_parse_invalid_foreach_variable2(void **state)
+{
+    const char *a = "{% block entry %}{% foreach 0123 %}\n";
+    blogc_error_t *err = NULL;
+    b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err);
+    assert_non_null(err);
+    assert_null(stmts);
+    assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER);
+    assert_string_equal(err->msg,
+        "Invalid foreach variable name. Must begin with uppercase letter.\n"
+        "Error occurred near line 1, position 29: {% block entry %}"
+        "{% foreach 0123 %}");
+    blogc_error_free(err);
+}
+
+
+static void
 test_template_parse_invalid_if_operator(void **state)
 {
     const char *a = "{% block entry %}{% if BOLA = \"asd\" %}\n";
@@ -613,7 +647,7 @@ test_template_parse_invalid_if_operand(void **state)
     assert_null(stmts);
     assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER);
     assert_string_equal(err->msg,
-        "Invalid 'if' operand. Must be double-quoted static string.\n"
+        "Invalid 'if' operand. Must be double-quoted static string or variable.\n"
         "Error occurred near line 1, position 32: "
         "{% block entry %}{% if BOLA == asd %}");
     blogc_error_free(err);
@@ -638,6 +672,23 @@ test_template_parse_invalid_if_operand2(void **state)
 
 
 static void
+test_template_parse_invalid_if_operand3(void **state)
+{
+    const char *a = "{% block entry %}{% if BOLA == 0123 %}\n";
+    blogc_error_t *err = NULL;
+    b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err);
+    assert_non_null(err);
+    assert_null(stmts);
+    assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER);
+    assert_string_equal(err->msg,
+        "Invalid 'if' operand. Must be double-quoted static string or variable.\n"
+        "Error occurred near line 1, position 32: "
+        "{% block entry %}{% if BOLA == 0123 %}");
+    blogc_error_free(err);
+}
+
+
+static void
 test_template_parse_invalid_block_end(void **state)
 {
     const char *a = "{% block entry }}\n";
@@ -688,6 +739,23 @@ test_template_parse_invalid_variable_name2(void **state)
 
 
 static void
+test_template_parse_invalid_variable_name3(void **state)
+{
+    const char *a = "{% block entry %}{{ 0123 }}{% endblock %}\n";
+    blogc_error_t *err = NULL;
+    b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err);
+    assert_non_null(err);
+    assert_null(stmts);
+    assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER);
+    assert_string_equal(err->msg,
+        "Invalid variable name. Must begin with uppercase letter.\n"
+        "Error occurred near line 1, position 21: {% block entry %}{{ 0123 }}"
+        "{% endblock %}");
+    blogc_error_free(err);
+}
+
+
+static void
 test_template_parse_invalid_variable_end(void **state)
 {
     const char *a = "{% block entry %}{{ BOLA %}{% endblock %}\n";
@@ -800,13 +868,17 @@ main(void)
         unit_test(test_template_parse_invalid_ifdef_start),
         unit_test(test_template_parse_invalid_foreach_start),
         unit_test(test_template_parse_invalid_ifdef_variable),
+        unit_test(test_template_parse_invalid_ifdef_variable2),
         unit_test(test_template_parse_invalid_foreach_variable),
+        unit_test(test_template_parse_invalid_foreach_variable2),
         unit_test(test_template_parse_invalid_if_operator),
         unit_test(test_template_parse_invalid_if_operand),
         unit_test(test_template_parse_invalid_if_operand2),
+        unit_test(test_template_parse_invalid_if_operand3),
         unit_test(test_template_parse_invalid_block_end),
         unit_test(test_template_parse_invalid_variable_name),
         unit_test(test_template_parse_invalid_variable_name2),
+        unit_test(test_template_parse_invalid_variable_name3),
         unit_test(test_template_parse_invalid_variable_end),
         unit_test(test_template_parse_invalid_close),
         unit_test(test_template_parse_invalid_close2),
author	Rafael G. Martins <rafael@rafaelmartins.eng.br>	2015-12-29 00:39:01 +0100
committer	Rafael G. Martins <rafael@rafaelmartins.eng.br>	2015-12-29 00:39:01 +0100
commit	e727bdcde63804a308103adeaa2637c5ee1ebdc8 (patch)
tree	dd4f7d84028f8ad822bea0697329c700d769dca0
parent	8d96c02e5118cf7bd656fde9100570a67115d19a (diff)
download	blogc-e727bdcde63804a308103adeaa2637c5ee1ebdc8.tar.gz blogc-e727bdcde63804a308103adeaa2637c5ee1ebdc8.tar.bz2 blogc-e727bdcde63804a308103adeaa2637c5ee1ebdc8.zip