# HG changeset patch
# User Mark Doliner <mark@kingant.net>
# Date 1089682620 0
# Node ID cb7f26f30d02011b2b5aa7a25e02c6e97d7fdce4
# Parent  8cd47267c5bd367ac9356e40d796f9c57bb7a9bd
[gaim-migrate @ 10347]
"I can put you in Queens on the night of the robbery."
"Really?  I live in Queens.  You got a crack team of
monkeys working around the clock back there?"

Thanks to Daniel Atallah for fixing this and to
Nathan Walp for pointing it out.

committer: Tailor Script <tailor@pidgin.im>

diff -r 8cd47267c5bd -r cb7f26f30d02 src/gtknotify.c
--- a/src/gtknotify.c	Mon Jul 12 19:47:46 2004 +0000
+++ b/src/gtknotify.c	Tue Jul 13 01:37:00 2004 +0000
@@ -609,7 +609,21 @@
 	g_free(command);
 
 #else /* !_WIN32 */
-	ShellExecute(NULL, NULL, uri, NULL, ".\\", 0);
+	/**
+	 * Since this could be potentially dangerous,
+	 * allowing a URI to try to perform some sort of malicious operation,
+	 * we only allow execution when the URI starts with
+	 * "http://", "https://", "ftp://", "mailto:"
+	 */
+	if (g_ascii_strncasecmp(uri, "http://", 7) == 0
+			|| g_ascii_strncasecmp(uri, "mailto:", 7) == 0
+			|| g_ascii_strncasecmp(uri, "https://", 8) == 0
+			|| g_ascii_strncasecmp(uri, "ftp://", 6) == 0
+		) {
+		ShellExecute(NULL, NULL, uri, NULL, ".\\", 0);
+	} else {
+		gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri);
+	}
 #endif /* !_WIN32 */
 
 	return NULL;