From b52817301cc0f805a648ea7dfb8d47ace42bc719 Mon Sep 17 00:00:00 2001 From: tao wang Date: Mon, 19 Feb 2024 16:17:56 +0800 Subject: [PATCH] ENH:add protection for importing to Studio jira:[STUDIO-6155] Change-Id: Ie8faea6ca333de560e5fa2f66764ec2d3e264def --- src/slic3r/GUI/GUI_App.cpp | 11 ++++++++++- src/slic3r/GUI/Plater.cpp | 32 +++++++++++++++++++++++++++++--- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/src/slic3r/GUI/GUI_App.cpp b/src/slic3r/GUI/GUI_App.cpp index 117f68fb0..c8100636f 100644 --- a/src/slic3r/GUI/GUI_App.cpp +++ b/src/slic3r/GUI/GUI_App.cpp @@ -1079,16 +1079,25 @@ void GUI_App::post_init() std::string download_url; for (auto input_str : input_str_arr) { - if ( boost::starts_with(input_str, "http://") || boost::starts_with(input_str, "https://")) { + if ( boost::starts_with(input_str, "http://makerworld") || boost::starts_with(input_str, "https://makerworld")) { download_url = input_str; } } + try + { + //filter relative directories + std::regex pattern("\\.\\.[\\/\\\\]|\\.\\.[\\/\\\\][\\/\\\\]|\\.\\/[\\/\\\\]|\\.[\\/\\\\]"); + download_url = std::regex_replace(download_url, pattern, ""); + } + catch (...){} + BOOST_LOG_TRIVIAL(info) << __FUNCTION__ << boost::format(", download_url %1%") % download_url; if (!download_url.empty()) { m_download_file_url = from_u8(download_url); } + m_open_method = "makerworld"; } else { diff --git a/src/slic3r/GUI/Plater.cpp b/src/slic3r/GUI/Plater.cpp index faeb688c3..a7115fb15 100644 --- a/src/slic3r/GUI/Plater.cpp +++ b/src/slic3r/GUI/Plater.cpp @@ -8814,6 +8814,14 @@ void Plater::import_model_id(wxString download_info) { vecFiles.clear(); wxString extension = fs::path(filename.wx_str()).extension().c_str(); + + + //check file suffix + if (!extension.Contains(".3mf")) { + msg = _L("Download failed, unknown file format."); + return; + } + auto name = filename.substr(0, filename.length() - extension.length() - 1); for (const auto& iter : boost::filesystem::directory_iterator(target_path)) @@ -8861,17 +8869,35 @@ void Plater::import_model_id(wxString download_info) fs::path tmp_path = target_path; tmp_path += format(".%1%", ".download"); - + auto filesize = 0; + bool size_limit = false; auto http = Http::get(download_url.ToStdString()); while (cont && retry_count < max_retries) { retry_count++; - http.on_progress([&percent, &cont, &msg](Http::Progress progress, bool& cancel) { + http.on_progress([&percent, &cont, &msg, &filesize, &size_limit](Http::Progress progress, bool& cancel) { + if (!cont) cancel = true; if (progress.dltotal != 0) { + + if (filesize == 0) { + filesize = progress.dltotal; + double megabytes = static_cast(progress.dltotal) / (1024 * 1024); + //The maximum size of a 3mf file is 500mb + if (megabytes > 500) { + cont = false; + size_limit = true; + } + } percent = progress.dlnow * 100 / progress.dltotal; } - msg = wxString::Format(_L("Project downloaded %d%%"), percent); + + if (size_limit) { + msg = _L("Download failed, File size exception."); + } + else { + msg = wxString::Format(_L("Project downloaded %d%%"), percent); + } }) .on_error([&msg, &cont, &retry_count, max_retries](std::string body, std::string error, unsigned http_status) { (void)body;