Mercurial > pidgin.yaz
comparison src/gtknotify.c @ 9520:cb7f26f30d02
[gaim-migrate @ 10347]
"I can put you in Queens on the night of the robbery."
"Really? I live in Queens. You got a crack team of
monkeys working around the clock back there?"
Thanks to Daniel Atallah for fixing this and to
Nathan Walp for pointing it out.
committer: Tailor Script <tailor@pidgin.im>
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Tue, 13 Jul 2004 01:37:00 +0000 |
| parents | a88c8ca91518 |
| children | 7b3212aa698c |
comparison
equal
deleted
inserted
replaced
| 9519:8cd47267c5bd | 9520:cb7f26f30d02 |
|---|---|
| 607 uri_command(command, FALSE); | 607 uri_command(command, FALSE); |
| 608 | 608 |
| 609 g_free(command); | 609 g_free(command); |
| 610 | 610 |
| 611 #else /* !_WIN32 */ | 611 #else /* !_WIN32 */ |
| 612 ShellExecute(NULL, NULL, uri, NULL, ".\\", 0); | 612 /** |
| 613 * Since this could be potentially dangerous, | |
| 614 * allowing a URI to try to perform some sort of malicious operation, | |
| 615 * we only allow execution when the URI starts with | |
| 616 * "http://", "https://", "ftp://", "mailto:" | |
| 617 */ | |
| 618 if (g_ascii_strncasecmp(uri, "http://", 7) == 0 | |
| 619 || g_ascii_strncasecmp(uri, "mailto:", 7) == 0 | |
| 620 || g_ascii_strncasecmp(uri, "https://", 8) == 0 | |
| 621 || g_ascii_strncasecmp(uri, "ftp://", 6) == 0 | |
| 622 ) { | |
| 623 ShellExecute(NULL, NULL, uri, NULL, ".\\", 0); | |
| 624 } else { | |
| 625 gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri); | |
| 626 } | |
| 613 #endif /* !_WIN32 */ | 627 #endif /* !_WIN32 */ |
| 614 | 628 |
| 615 return NULL; | 629 return NULL; |
| 616 } | 630 } |
| 617 | 631 |