Mercurial > pidgin.yaz
comparison src/gtknotify.c @ 10209:9e0b98c458b1
[gaim-migrate @ 11331]
gaim_notify_uri now needs trusted parameter to indicate whether
the source of the uri is trusted. This helps us avoid the security risks
involved in blindly executing untrusted local file URIs in windows. This
fixes the MSN open mail bug on windows.
committer: Tailor Script <tailor@pidgin.im>
| author | Herman Bloggs <hermanator12002@yahoo.com> |
|---|---|
| date | Fri, 19 Nov 2004 20:18:14 +0000 |
| parents | 5b33637b69fd |
| children | 95ca0db2d01d |
comparison
equal
deleted
inserted
replaced
| 10208:cbdce0acbbe6 | 10209:9e0b98c458b1 |
|---|---|
| 60 | 60 |
| 61 static void | 61 static void |
| 62 email_response_cb(GtkDialog *dialog, gint id, GaimNotifyMailData *data) | 62 email_response_cb(GtkDialog *dialog, gint id, GaimNotifyMailData *data) |
| 63 { | 63 { |
| 64 if (id == 0) | 64 if (id == 0) |
| 65 gaim_notify_uri(NULL, data->url); | 65 gaim_notify_uri(NULL, data->url, TRUE); |
| 66 | 66 |
| 67 gaim_notify_close(GAIM_NOTIFY_EMAILS, data); | 67 gaim_notify_close(GAIM_NOTIFY_EMAILS, data); |
| 68 } | 68 } |
| 69 | 69 |
| 70 static void | 70 static void |
| 452 return ret; | 452 return ret; |
| 453 } | 453 } |
| 454 #endif /* _WIN32 */ | 454 #endif /* _WIN32 */ |
| 455 | 455 |
| 456 static void * | 456 static void * |
| 457 gaim_gtk_notify_uri(const char *uri) | 457 gaim_gtk_notify_uri(const char *uri, gboolean trusted) |
| 458 { | 458 { |
| 459 #ifndef _WIN32 | 459 #ifndef _WIN32 |
| 460 char *command = NULL; | 460 char *command = NULL; |
| 461 char *remote_command = NULL; | 461 char *remote_command = NULL; |
| 462 const char *web_browser; | 462 const char *web_browser; |
| 597 | 597 |
| 598 g_free(command); | 598 g_free(command); |
| 599 | 599 |
| 600 #else /* !_WIN32 */ | 600 #else /* !_WIN32 */ |
| 601 /** | 601 /** |
| 602 * Since this could be potentially dangerous, | 602 * If the URI is not trusted we limit ourselves to the following URI |
| 603 * allowing a URI to try to perform some sort of malicious operation, | 603 * types (Execution of an untrusted local file URI could potentially |
| 604 * we only allow execution when the URI starts with | 604 * be a security risk): |
| 605 * "http://", "https://", "ftp://", "mailto:" | 605 * http, https, ftp, mailto |
| 606 */ | 606 */ |
| 607 if (g_ascii_strncasecmp(uri, "http://", 7) == 0 | 607 if(!trusted && |
| 608 || g_ascii_strncasecmp(uri, "mailto:", 7) == 0 | 608 !(g_ascii_strncasecmp(uri, "http://", 7) == 0 || |
| 609 || g_ascii_strncasecmp(uri, "https://", 8) == 0 | 609 g_ascii_strncasecmp(uri, "mailto:", 7) == 0 || |
| 610 || g_ascii_strncasecmp(uri, "ftp://", 6) == 0 | 610 g_ascii_strncasecmp(uri, "https://", 8) == 0 || |
| 611 ) { | 611 g_ascii_strncasecmp(uri, "ftp://", 6) == 0)) { |
| 612 ShellExecute(NULL, NULL, uri, NULL, ".\\", 0); | 612 gaim_debug_misc("gtknotify", |
| 613 } else { | 613 "Ignoring untrusted '%s' URI as it is not recognized as a secure URI.\n", |
| 614 gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri); | 614 uri); |
| 615 } | |
| 616 else { | |
| 617 int ret; | |
| 618 /* The URI is trusted */ | |
| 619 if((ret = ShellExecute(NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL)) <= 32) | |
| 620 gaim_debug_error("gtknotify", "Opening URI: '%s' ShellExecute failure: %d\n", uri, ret); | |
| 615 } | 621 } |
| 616 #endif /* !_WIN32 */ | 622 #endif /* !_WIN32 */ |
| 617 | 623 |
| 618 return NULL; | 624 return NULL; |
| 619 } | 625 } |