Mercurial > pidgin.yaz
changeset 12477:d90eae2387b5
[gaim-migrate @ 14788]
Add shell escaping to the browser command building. This seems safer and things still work for me.
committer: Tailor Script <tailor@pidgin.im>
author | Richard Laager <rlaager@wiktel.com> |
---|---|
date | Tue, 13 Dec 2005 19:47:38 +0000 |
parents | 18b16e801e6f |
children | 8489040cf97b |
files | src/gtknotify.c |
diffstat | 1 files changed, 27 insertions(+), 24 deletions(-) [+] |
line wrap: on
line diff
--- a/src/gtknotify.c Tue Dec 13 08:10:28 2005 +0000 +++ b/src/gtknotify.c Tue Dec 13 19:47:38 2005 +0000 @@ -721,6 +721,7 @@ gaim_gtk_notify_uri(const char *uri) { #ifndef _WIN32 + char *escaped = g_shell_quote(uri); char *command = NULL; char *remote_command = NULL; const char *web_browser; @@ -732,25 +733,25 @@ /* if they are running gnome, use the gnome web browser */ if (gaim_running_gnome() == TRUE) { - command = g_strdup_printf("gnome-open \"%s\"", uri); + command = g_strdup_printf("gnome-open %s", escaped); } else if (!strcmp(web_browser, "epiphany") || !strcmp(web_browser, "galeon")) { if (place == GAIM_BROWSER_NEW_WINDOW) - command = g_strdup_printf("%s -w \"%s\"", web_browser, uri); + command = g_strdup_printf("%s -w %s", web_browser, escaped); else if (place == GAIM_BROWSER_NEW_TAB) - command = g_strdup_printf("%s -n \"%s\"", web_browser, uri); + command = g_strdup_printf("%s -n %s", web_browser, escaped); else - command = g_strdup_printf("%s \"%s\"", web_browser, uri); + command = g_strdup_printf("%s %s", web_browser, escaped); } else if (!strcmp(web_browser, "gnome-open")) { - command = g_strdup_printf("gnome-open \"%s\"", uri); + command = g_strdup_printf("gnome-open %s", escaped); } else if (!strcmp(web_browser, "kfmclient")) { - command = g_strdup_printf("kfmclient openURL \"%s\"", uri); + command = g_strdup_printf("kfmclient openURL %s", escaped); /* * Does Konqueror have options to open in new tab * and/or current window? @@ -762,7 +763,7 @@ { char *args = ""; - command = g_strdup_printf("%s \"%s\"", web_browser, uri); + command = g_strdup_printf("%s %s", web_browser, escaped); /* * Firefox 0.9 and higher require a "-a firefox" option when @@ -778,47 +779,47 @@ if (place == GAIM_BROWSER_NEW_WINDOW) remote_command = g_strdup_printf("%s %s -remote " - "\"openURL(%s,new-window)\"", - web_browser, args, uri); + "openURL(%s,new-window)", + web_browser, args, escaped); else if (place == GAIM_BROWSER_NEW_TAB) remote_command = g_strdup_printf("%s %s -remote " - "\"openURL(%s,new-tab)\"", - web_browser, args, uri); + "openURL(%s,new-tab)", + web_browser, args, escaped); else if (place == GAIM_BROWSER_CURRENT) remote_command = g_strdup_printf("%s %s -remote " - "\"openURL(%s)\"", - web_browser, args, uri); + "openURL(%s)", + web_browser, args, escaped); } else if (!strcmp(web_browser, "netscape")) { - command = g_strdup_printf("netscape \"%s\"", uri); + command = g_strdup_printf("netscape %s", escaped); if (place == GAIM_BROWSER_NEW_WINDOW) { remote_command = g_strdup_printf("netscape -remote " - "\"openURL(%s,new-window)\"", - uri); + "openURL(%s,new-window)", + escaped); } else if (place == GAIM_BROWSER_CURRENT) { remote_command = g_strdup_printf("netscape -remote " - "\"openURL(%s)\"", uri); + "openURL(%s)", escaped); } } else if (!strcmp(web_browser, "opera")) { if (place == GAIM_BROWSER_NEW_WINDOW) - command = g_strdup_printf("opera -newwindow \"%s\"", uri); + command = g_strdup_printf("opera -newwindow %s", escaped); else if (place == GAIM_BROWSER_NEW_TAB) - command = g_strdup_printf("opera -newpage \"%s\"", uri); + command = g_strdup_printf("opera -newpage %s", escaped); else if (place == GAIM_BROWSER_CURRENT) { remote_command = g_strdup_printf("opera -remote " - "\"openURL(%s)\"", uri); - command = g_strdup_printf("opera \"%s\"", uri); + "openURL(%s)", escaped); + command = g_strdup_printf("opera %s", escaped); } else - command = g_strdup_printf("opera \"%s\"", uri); + command = g_strdup_printf("opera %s", escaped); } else if (!strcmp(web_browser, "custom")) @@ -836,17 +837,19 @@ } if (strstr(web_command, "%s")) - command = gaim_strreplace(web_command, "%s", uri); + command = gaim_strreplace(web_command, "%s", escaped); else { /* * There is no "%s" in the browser command. Assume the user * wanted the URL tacked on to the end of the command. */ - command = g_strdup_printf("%s %s", web_command, uri); + command = g_strdup_printf("%s %s", web_command, escaped); } } + g_free(escaped); + if (remote_command != NULL) { /* try the remote command first */