Mercurial > pidgin
changeset 3418:0d1af9166119
[gaim-migrate @ 3440]
Life is unhappy when you click a link that says
<a href="http://127.0.0.1 && rm -rf /">pr0n!</a>
Please don't try this on your friends. Update CVS :)
committer: Tailor Script <tailor@pidgin.im>
author | Christian Hammond <chipx86@chipx86.com> |
---|---|
date | Fri, 23 Aug 2002 23:22:26 +0000 |
parents | 68fdee3dd3ef |
children | 284a0ad6a7f0 |
files | src/browser.c |
diffstat | 1 files changed, 6 insertions(+), 59 deletions(-) [+] |
line wrap: on
line diff
--- a/src/browser.c Thu Aug 22 03:13:39 2002 +0000 +++ b/src/browser.c Fri Aug 23 23:22:26 2002 +0000 @@ -559,58 +559,6 @@ } -#if !GTK_CHECK_VERSION(1,3,0) -/* From Glib 2.0 */ -/** - * g_shell_quote: - * @unquoted_string: a literal string - * - * Quotes a string so that the shell (/bin/sh) will interpret the - * quoted string to mean @unquoted_string. If you pass a filename to - * the shell, for example, you should first quote it with this - * function. The return value must be freed with g_free(). The - * quoting style used is undefined (single or double quotes may be - * used). - * - * Return value: quoted string -**/ -gchar* -g_shell_quote (const gchar *unquoted_string) -{ - /* We always use single quotes, because the algorithm is cheesier. - * We could use double if we felt like it, that might be more - * human-readable. - */ - const gchar *p; - GString *dest; - - g_return_val_if_fail (unquoted_string != NULL, NULL); - - dest = g_string_new ("'"); - - p = unquoted_string; - - /* could speed this up a lot by appending chunks of text at a - * time. - */ - while (*p) - { - /* Replace literal ' with a close ', a \', and a open ' */ - if (*p == '\'') - g_string_append (dest, "'\\''"); - else - g_string_append_c (dest, *p); - ++p; - } - /* close the quote */ - g_string_append_c (dest, '\''); - - p = dest->str; - g_string_free (dest, FALSE); - return p; -} -#endif - void open_url(GtkWidget *w, char *url) { @@ -634,7 +582,7 @@ pid = fork(); if (pid == 0) { - char *args[4]; + char **args; char command[1024]; char *quoted = NULL; @@ -663,12 +611,11 @@ args[1] = url; args[2] = NULL; } else if (web_browser == BROWSER_MANUAL) { - g_snprintf(command, sizeof(command), web_command, quoted); - quoted = g_shell_quote(command); - args[0] = "sh"; - args[1] = "-c"; - args[2] = quoted; - args[3] = NULL; + gchar *space_free_url; + space_free_url = g_strdelimit(url, " ", '+'); + g_snprintf(command, sizeof(command), web_command, space_free_url); + g_free(space_free_url); + args = g_strsplit(command, " ", 0); } execvp(args[0], args);