Mercurial > pidgin
comparison src/browser.c @ 3393:2a34734f6a0d
[gaim-migrate @ 3412]
Fixed potential security vulnerability
committer: Tailor Script <tailor@pidgin.im>
author | Sean Egan <seanegan@gmail.com> |
---|---|
date | Sun, 11 Aug 2002 09:03:32 +0000 |
parents | 26130b6a04db |
children | 68fdee3dd3ef |
comparison
equal
deleted
inserted
replaced
3392:5a5df7968b6e | 3393:2a34734f6a0d |
---|---|
557 } | 557 } |
558 } | 558 } |
559 | 559 |
560 } | 560 } |
561 | 561 |
562 #if !GTK_CHECK_VERSION(1,3,0) | |
563 /* From Glib 2.0 */ | |
564 /** | |
565 * g_shell_quote: | |
566 * @unquoted_string: a literal string | |
567 * | |
568 * Quotes a string so that the shell (/bin/sh) will interpret the | |
569 * quoted string to mean @unquoted_string. If you pass a filename to | |
570 * the shell, for example, you should first quote it with this | |
571 * function. The return value must be freed with g_free(). The | |
572 * quoting style used is undefined (single or double quotes may be | |
573 * used). | |
574 * | |
575 * Return value: quoted string | |
576 **/ | |
577 gchar* | |
578 g_shell_quote (const gchar *unquoted_string) | |
579 { | |
580 /* We always use single quotes, because the algorithm is cheesier. | |
581 * We could use double if we felt like it, that might be more | |
582 * human-readable. | |
583 */ | |
584 const gchar *p; | |
585 GString *dest; | |
586 | |
587 g_return_val_if_fail (unquoted_string != NULL, NULL); | |
588 | |
589 dest = g_string_new ("'"); | |
590 | |
591 p = unquoted_string; | |
592 | |
593 /* could speed this up a lot by appending chunks of text at a | |
594 * time. | |
595 */ | |
596 while (*p) | |
597 { | |
598 /* Replace literal ' with a close ', a \', and a open ' */ | |
599 if (*p == '\'') | |
600 g_string_append (dest, "'\\''"); | |
601 else | |
602 g_string_append_c (dest, *p); | |
603 ++p; | |
604 } | |
605 /* close the quote */ | |
606 g_string_append_c (dest, '\''); | |
607 | |
608 p = dest->str; | |
609 g_string_free (dest, FALSE); | |
610 return p; | |
611 } | |
612 #endif | |
613 | |
562 void open_url(GtkWidget *w, char *url) | 614 void open_url(GtkWidget *w, char *url) |
563 { | 615 { |
564 | 616 |
565 if (web_browser == BROWSER_NETSCAPE) { | 617 if (web_browser == BROWSER_NETSCAPE) { |
566 char *command; | 618 char *command; |
582 pid = fork(); | 634 pid = fork(); |
583 | 635 |
584 if (pid == 0) { | 636 if (pid == 0) { |
585 char *args[4]; | 637 char *args[4]; |
586 char command[1024]; | 638 char command[1024]; |
587 | 639 |
588 if (web_browser == BROWSER_OPERA) { | 640 if (web_browser == BROWSER_OPERA) { |
589 args[0] = "opera"; | 641 args[0] = "opera"; |
590 args[1] = "-newwindow"; | 642 args[1] = "-newwindow"; |
591 args[2] = url; | 643 args[2] = url; |
592 args[3] = NULL; | 644 args[3] = NULL; |
608 } else if (web_browser == BROWSER_MOZILLA) { | 660 } else if (web_browser == BROWSER_MOZILLA) { |
609 args[0] = "mozilla"; | 661 args[0] = "mozilla"; |
610 args[1] = url; | 662 args[1] = url; |
611 args[2] = NULL; | 663 args[2] = NULL; |
612 } else if (web_browser == BROWSER_MANUAL) { | 664 } else if (web_browser == BROWSER_MANUAL) { |
613 g_snprintf(command, sizeof(command), web_command, url); | 665 char *quoted = g_shell_quote(command); |
666 g_snprintf(command, sizeof(command), web_command, quoted); | |
667 g_free(quoted); | |
614 args[0] = "sh"; | 668 args[0] = "sh"; |
615 args[1] = "-c"; | 669 args[1] = "-c"; |
616 args[2] = command; | 670 args[2] = command; |
617 args[3] = NULL; | 671 args[3] = NULL; |
618 } | 672 } |