Mercurial > pidgin
comparison src/browser.c @ 3393:2a34734f6a0d
[gaim-migrate @ 3412]
Fixed potential security vulnerability
committer: Tailor Script <tailor@pidgin.im>
| author | Sean Egan <seanegan@gmail.com> |
|---|---|
| date | Sun, 11 Aug 2002 09:03:32 +0000 |
| parents | 26130b6a04db |
| children | 68fdee3dd3ef |
comparison
equal
deleted
inserted
replaced
| 3392:5a5df7968b6e | 3393:2a34734f6a0d |
|---|---|
| 557 } | 557 } |
| 558 } | 558 } |
| 559 | 559 |
| 560 } | 560 } |
| 561 | 561 |
| 562 #if !GTK_CHECK_VERSION(1,3,0) | |
| 563 /* From Glib 2.0 */ | |
| 564 /** | |
| 565 * g_shell_quote: | |
| 566 * @unquoted_string: a literal string | |
| 567 * | |
| 568 * Quotes a string so that the shell (/bin/sh) will interpret the | |
| 569 * quoted string to mean @unquoted_string. If you pass a filename to | |
| 570 * the shell, for example, you should first quote it with this | |
| 571 * function. The return value must be freed with g_free(). The | |
| 572 * quoting style used is undefined (single or double quotes may be | |
| 573 * used). | |
| 574 * | |
| 575 * Return value: quoted string | |
| 576 **/ | |
| 577 gchar* | |
| 578 g_shell_quote (const gchar *unquoted_string) | |
| 579 { | |
| 580 /* We always use single quotes, because the algorithm is cheesier. | |
| 581 * We could use double if we felt like it, that might be more | |
| 582 * human-readable. | |
| 583 */ | |
| 584 const gchar *p; | |
| 585 GString *dest; | |
| 586 | |
| 587 g_return_val_if_fail (unquoted_string != NULL, NULL); | |
| 588 | |
| 589 dest = g_string_new ("'"); | |
| 590 | |
| 591 p = unquoted_string; | |
| 592 | |
| 593 /* could speed this up a lot by appending chunks of text at a | |
| 594 * time. | |
| 595 */ | |
| 596 while (*p) | |
| 597 { | |
| 598 /* Replace literal ' with a close ', a \', and a open ' */ | |
| 599 if (*p == '\'') | |
| 600 g_string_append (dest, "'\\''"); | |
| 601 else | |
| 602 g_string_append_c (dest, *p); | |
| 603 ++p; | |
| 604 } | |
| 605 /* close the quote */ | |
| 606 g_string_append_c (dest, '\''); | |
| 607 | |
| 608 p = dest->str; | |
| 609 g_string_free (dest, FALSE); | |
| 610 return p; | |
| 611 } | |
| 612 #endif | |
| 613 | |
| 562 void open_url(GtkWidget *w, char *url) | 614 void open_url(GtkWidget *w, char *url) |
| 563 { | 615 { |
| 564 | 616 |
| 565 if (web_browser == BROWSER_NETSCAPE) { | 617 if (web_browser == BROWSER_NETSCAPE) { |
| 566 char *command; | 618 char *command; |
| 582 pid = fork(); | 634 pid = fork(); |
| 583 | 635 |
| 584 if (pid == 0) { | 636 if (pid == 0) { |
| 585 char *args[4]; | 637 char *args[4]; |
| 586 char command[1024]; | 638 char command[1024]; |
| 587 | 639 |
| 588 if (web_browser == BROWSER_OPERA) { | 640 if (web_browser == BROWSER_OPERA) { |
| 589 args[0] = "opera"; | 641 args[0] = "opera"; |
| 590 args[1] = "-newwindow"; | 642 args[1] = "-newwindow"; |
| 591 args[2] = url; | 643 args[2] = url; |
| 592 args[3] = NULL; | 644 args[3] = NULL; |
| 608 } else if (web_browser == BROWSER_MOZILLA) { | 660 } else if (web_browser == BROWSER_MOZILLA) { |
| 609 args[0] = "mozilla"; | 661 args[0] = "mozilla"; |
| 610 args[1] = url; | 662 args[1] = url; |
| 611 args[2] = NULL; | 663 args[2] = NULL; |
| 612 } else if (web_browser == BROWSER_MANUAL) { | 664 } else if (web_browser == BROWSER_MANUAL) { |
| 613 g_snprintf(command, sizeof(command), web_command, url); | 665 char *quoted = g_shell_quote(command); |
| 666 g_snprintf(command, sizeof(command), web_command, quoted); | |
| 667 g_free(quoted); | |
| 614 args[0] = "sh"; | 668 args[0] = "sh"; |
| 615 args[1] = "-c"; | 669 args[1] = "-c"; |
| 616 args[2] = command; | 670 args[2] = command; |
| 617 args[3] = NULL; | 671 args[3] = NULL; |
| 618 } | 672 } |