# HG changeset patch # User Herman Bloggs # Date 1100895494 0 # Node ID 9e0b98c458b13a142c3d27b085044a5657193342 # Parent cbdce0acbbe6a89a21efb2695e51e3fcb9ba1110 [gaim-migrate @ 11331] gaim_notify_uri now needs trusted parameter to indicate whether the source of the uri is trusted. This helps us avoid the security risks involved in blindly executing untrusted local file URIs in windows. This fixes the MSN open mail bug on windows. committer: Tailor Script diff -r cbdce0acbbe6 -r 9e0b98c458b1 ChangeLog.win32 --- a/ChangeLog.win32 Fri Nov 19 16:42:07 2004 +0000 +++ b/ChangeLog.win32 Fri Nov 19 20:18:14 2004 +0000 @@ -1,3 +1,6 @@ +version 2.0.0: + * MSN open email bug fixed. + version 1.0.2 (10/20/2004): * Updated GTK+ to 2.4.10 (rev b) This revision updates glib to 2.4.7 and pango to 1.6.0, fixing the diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/gtkblist.c --- a/src/gtkblist.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/gtkblist.c Fri Nov 19 20:18:14 2004 +0000 @@ -601,7 +601,7 @@ static void gtk_blist_show_onlinehelp_cb() { - gaim_notify_uri(NULL, GAIM_WEBSITE "documentation.php"); + gaim_notify_uri(NULL, GAIM_WEBSITE "documentation.php", TRUE); } static void diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/gtknotify.c --- a/src/gtknotify.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/gtknotify.c Fri Nov 19 20:18:14 2004 +0000 @@ -62,7 +62,7 @@ email_response_cb(GtkDialog *dialog, gint id, GaimNotifyMailData *data) { if (id == 0) - gaim_notify_uri(NULL, data->url); + gaim_notify_uri(NULL, data->url, TRUE); gaim_notify_close(GAIM_NOTIFY_EMAILS, data); } @@ -454,7 +454,7 @@ #endif /* _WIN32 */ static void * -gaim_gtk_notify_uri(const char *uri) +gaim_gtk_notify_uri(const char *uri, gboolean trusted) { #ifndef _WIN32 char *command = NULL; @@ -599,19 +599,25 @@ #else /* !_WIN32 */ /** - * Since this could be potentially dangerous, - * allowing a URI to try to perform some sort of malicious operation, - * we only allow execution when the URI starts with - * "http://", "https://", "ftp://", "mailto:" + * If the URI is not trusted we limit ourselves to the following URI + * types (Execution of an untrusted local file URI could potentially + * be a security risk): + * http, https, ftp, mailto */ - if (g_ascii_strncasecmp(uri, "http://", 7) == 0 - || g_ascii_strncasecmp(uri, "mailto:", 7) == 0 - || g_ascii_strncasecmp(uri, "https://", 8) == 0 - || g_ascii_strncasecmp(uri, "ftp://", 6) == 0 - ) { - ShellExecute(NULL, NULL, uri, NULL, ".\\", 0); - } else { - gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri); + if(!trusted && + !(g_ascii_strncasecmp(uri, "http://", 7) == 0 || + g_ascii_strncasecmp(uri, "mailto:", 7) == 0 || + g_ascii_strncasecmp(uri, "https://", 8) == 0 || + g_ascii_strncasecmp(uri, "ftp://", 6) == 0)) { + gaim_debug_misc("gtknotify", + "Ignoring untrusted '%s' URI as it is not recognized as a secure URI.\n", + uri); + } + else { + int ret; + /* The URI is trusted */ + if((ret = ShellExecute(NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL)) <= 32) + gaim_debug_error("gtknotify", "Opening URI: '%s' ShellExecute failure: %d\n", uri, ret); } #endif /* !_WIN32 */ diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/gtkutils.c --- a/src/gtkutils.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/gtkutils.c Fri Nov 19 20:18:14 2004 +0000 @@ -61,7 +61,7 @@ static gboolean url_clicked_idle_cb(gpointer data) { - gaim_notify_uri(NULL, data); + gaim_notify_uri(NULL, data, FALSE); g_free(data); return FALSE; } diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/notify.c --- a/src/notify.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/notify.c Fri Nov 19 20:18:14 2004 +0000 @@ -183,7 +183,7 @@ } void * -gaim_notify_uri(void *handle, const char *uri) +gaim_notify_uri(void *handle, const char *uri, gboolean trusted) { GaimNotifyUiOps *ops; @@ -197,7 +197,7 @@ info = g_new0(GaimNotifyInfo, 1); info->type = GAIM_NOTIFY_URI; info->handle = handle; - info->ui_handle = ops->notify_uri(uri); + info->ui_handle = ops->notify_uri(uri, trusted); handles = g_list_append(handles, info); diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/notify.h --- a/src/notify.h Fri Nov 19 16:42:07 2004 +0000 +++ b/src/notify.h Fri Nov 19 20:18:14 2004 +0000 @@ -78,7 +78,7 @@ const char *title, const char *primary, const char *secondary, const char *text, GCallback cb, void *user_data); - void *(*notify_uri)(const char *uri); + void *(*notify_uri)(const char *uri, gboolean trusted); void (*close_notify)(GaimNotifyType type, void *ui_handle); @@ -202,14 +202,15 @@ /** * Opens a URI or somehow presents it to the user. * - * @param handle The plugin or connection handle. - * @param uri The URI to display or go to. + * @param handle The plugin or connection handle. + * @param uri The URI to display or go to. + * @param trusted The source of the URI is trusted. * * @return A UI-specific handle, if any. This may only be presented if * the UI code displays a dialog instead of a webpage, or something * similar. */ -void *gaim_notify_uri(void *handle, const char *uri); +void *gaim_notify_uri(void *handle, const char *uri, gboolean trusted); /** * Closes a notification. diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/protocols/jabber/jabber.c --- a/src/protocols/jabber/jabber.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/jabber/jabber.c Fri Nov 19 20:18:14 2004 +0000 @@ -571,7 +571,7 @@ if((url = xmlnode_get_child(x, "url"))) { char *href; if((href = xmlnode_get_data(url))) { - gaim_notify_uri(NULL, href); + gaim_notify_uri(NULL, href, TRUE); g_free(href); js->gc->wants_to_die = TRUE; jabber_connection_schedule_close(js); diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/protocols/oscar/oscar.c --- a/src/protocols/oscar/oscar.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/oscar/oscar.c Fri Nov 19 20:18:14 2004 +0000 @@ -7194,7 +7194,7 @@ static void oscar_show_set_info_icqurl(GaimPluginAction *action) { GaimConnection *gc = (GaimConnection *) action->context; - gaim_notify_uri(gc, "http://www.icq.com/whitepages/user_details.php"); + gaim_notify_uri(gc, "http://www.icq.com/whitepages/user_details.php", TRUE); } static void oscar_change_pass(GaimPluginAction *action) @@ -7208,14 +7208,14 @@ GaimConnection *gc = (GaimConnection *) action->context; OscarData *od = gc->proto_data; gchar *substituted = gaim_strreplace(od->sess->authinfo->chpassurl, "%s", gaim_account_get_username(gaim_connection_get_account(gc))); - gaim_notify_uri(gc, substituted); + gaim_notify_uri(gc, substituted, TRUE); g_free(substituted); } static void oscar_show_imforwardingurl(GaimPluginAction *action) { GaimConnection *gc = (GaimConnection *) action->context; - gaim_notify_uri(gc, "http://mymobile.aol.com/dbreg/register?action=imf&clientID=1"); + gaim_notify_uri(gc, "http://mymobile.aol.com/dbreg/register?action=imf&clientID=1", TRUE); } static void oscar_set_icon(GaimConnection *gc, const char *iconfile) diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/protocols/trepia/trepia.c --- a/src/protocols/trepia/trepia.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/trepia/trepia.c Fri Nov 19 20:18:14 2004 +0000 @@ -459,7 +459,7 @@ value = trepia_profile_get_homepage(profile); if (value != NULL) - gaim_notify_uri(gc, value); + gaim_notify_uri(gc, value, FALSE); } static GList * diff -r cbdce0acbbe6 -r 9e0b98c458b1 src/protocols/yahoo/yahoo.c --- a/src/protocols/yahoo/yahoo.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/yahoo/yahoo.c Fri Nov 19 20:18:14 2004 +0000 @@ -2713,7 +2713,7 @@ t++; *t = 0; g_snprintf(url, sizeof url, "http://games.yahoo.com/games/%s", game2); - gaim_notify_uri(gc, url); + gaim_notify_uri(gc, url, TRUE); g_free(game2); }