Mercurial > pidgin
comparison src/gtknotify.c @ 9520:cb7f26f30d02
[gaim-migrate @ 10347]
"I can put you in Queens on the night of the robbery."
"Really? I live in Queens. You got a crack team of
monkeys working around the clock back there?"
Thanks to Daniel Atallah for fixing this and to
Nathan Walp for pointing it out.
committer: Tailor Script <tailor@pidgin.im>
author | Mark Doliner <mark@kingant.net> |
---|---|
date | Tue, 13 Jul 2004 01:37:00 +0000 |
parents | a88c8ca91518 |
children | 7b3212aa698c |
comparison
equal
deleted
inserted
replaced
9519:8cd47267c5bd | 9520:cb7f26f30d02 |
---|---|
607 uri_command(command, FALSE); | 607 uri_command(command, FALSE); |
608 | 608 |
609 g_free(command); | 609 g_free(command); |
610 | 610 |
611 #else /* !_WIN32 */ | 611 #else /* !_WIN32 */ |
612 ShellExecute(NULL, NULL, uri, NULL, ".\\", 0); | 612 /** |
613 * Since this could be potentially dangerous, | |
614 * allowing a URI to try to perform some sort of malicious operation, | |
615 * we only allow execution when the URI starts with | |
616 * "http://", "https://", "ftp://", "mailto:" | |
617 */ | |
618 if (g_ascii_strncasecmp(uri, "http://", 7) == 0 | |
619 || g_ascii_strncasecmp(uri, "mailto:", 7) == 0 | |
620 || g_ascii_strncasecmp(uri, "https://", 8) == 0 | |
621 || g_ascii_strncasecmp(uri, "ftp://", 6) == 0 | |
622 ) { | |
623 ShellExecute(NULL, NULL, uri, NULL, ".\\", 0); | |
624 } else { | |
625 gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri); | |
626 } | |
613 #endif /* !_WIN32 */ | 627 #endif /* !_WIN32 */ |
614 | 628 |
615 return NULL; | 629 return NULL; |
616 } | 630 } |
617 | 631 |