# HG changeset patch # User Sean Egan # Date 1029056612 0 # Node ID 2a34734f6a0dedd3ed63b7ff768d4a7f3ee5ad83 # Parent 5a5df7968b6ed0d37a77c3d381aacf6c25881d53 [gaim-migrate @ 3412] Fixed potential security vulnerability committer: Tailor Script diff -r 5a5df7968b6e -r 2a34734f6a0d src/browser.c --- a/src/browser.c Sun Aug 11 06:43:23 2002 +0000 +++ b/src/browser.c Sun Aug 11 09:03:32 2002 +0000 @@ -559,6 +559,58 @@ } +#if !GTK_CHECK_VERSION(1,3,0) +/* From Glib 2.0 */ +/** + * g_shell_quote: + * @unquoted_string: a literal string + * + * Quotes a string so that the shell (/bin/sh) will interpret the + * quoted string to mean @unquoted_string. If you pass a filename to + * the shell, for example, you should first quote it with this + * function. The return value must be freed with g_free(). The + * quoting style used is undefined (single or double quotes may be + * used). + * + * Return value: quoted string +**/ +gchar* +g_shell_quote (const gchar *unquoted_string) +{ + /* We always use single quotes, because the algorithm is cheesier. + * We could use double if we felt like it, that might be more + * human-readable. + */ + const gchar *p; + GString *dest; + + g_return_val_if_fail (unquoted_string != NULL, NULL); + + dest = g_string_new ("'"); + + p = unquoted_string; + + /* could speed this up a lot by appending chunks of text at a + * time. + */ + while (*p) + { + /* Replace literal ' with a close ', a \', and a open ' */ + if (*p == '\'') + g_string_append (dest, "'\\''"); + else + g_string_append_c (dest, *p); + ++p; + } + /* close the quote */ + g_string_append_c (dest, '\''); + + p = dest->str; + g_string_free (dest, FALSE); + return p; +} +#endif + void open_url(GtkWidget *w, char *url) { @@ -584,7 +636,7 @@ if (pid == 0) { char *args[4]; char command[1024]; - + if (web_browser == BROWSER_OPERA) { args[0] = "opera"; args[1] = "-newwindow"; @@ -610,7 +662,9 @@ args[1] = url; args[2] = NULL; } else if (web_browser == BROWSER_MANUAL) { - g_snprintf(command, sizeof(command), web_command, url); + char *quoted = g_shell_quote(command); + g_snprintf(command, sizeof(command), web_command, quoted); + g_free(quoted); args[0] = "sh"; args[1] = "-c"; args[2] = command; diff -r 5a5df7968b6e -r 2a34734f6a0d src/gaimrc.c --- a/src/gaimrc.c Sun Aug 11 06:43:23 2002 +0000 +++ b/src/gaimrc.c Sun Aug 11 09:03:32 2002 +0000 @@ -829,9 +829,7 @@ away_resend = 120; if (misc_options & OPT_MISC_BUDDY_TICKER) { - char *tickerplugin = g_build_filename(LIBDIR, "ticker.so", NULL); - load_plugin(tickerplugin); - g_free(tickerplugin); + load_plugin(LIBDIR "/ticker.so"); misc_options &= ~OPT_MISC_BUDDY_TICKER; } }