Mercurial > pidgin

changeset 3393:2a34734f6a0d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 3412] Fixed potential security vulnerability committer: Tailor Script <tailor@pidgin.im>
author Sean Egan <seanegan@gmail.com>
date Sun, 11 Aug 2002 09:03:32 +0000
parents 5a5df7968b6e
children bc71eb7428ef
files src/browser.c src/gaimrc.c
diffstat 2 files changed, 57 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/browser.c	Sun Aug 11 06:43:23 2002 +0000
+++ b/src/browser.c	Sun Aug 11 09:03:32 2002 +0000
@@ -559,6 +559,58 @@
 
 }
 
+#if !GTK_CHECK_VERSION(1,3,0)
+/* From Glib 2.0 */
+/**
+            * g_shell_quote:
+            * @unquoted_string: a literal string
+            * 
+            * Quotes a string so that the shell (/bin/sh) will interpret the
+            * quoted string to mean @unquoted_string. If you pass a filename to
+            * the shell, for example, you should first quote it with this
+            * function.  The return value must be freed with g_free(). The
+            * quoting style used is undefined (single or double quotes may be
+            * used).
+            * 
+            * Return value: quoted string
+**/
+gchar*
+g_shell_quote (const gchar *unquoted_string)
+{
+	/* We always use single quotes, because the algorithm is cheesier.
+	 * We could use double if we felt like it, that might be more
+	 * human-readable.
+	 */      
+	const gchar *p;
+	GString *dest;
+           
+	g_return_val_if_fail (unquoted_string != NULL, NULL);
+             
+	dest = g_string_new ("'");
+           
+	p = unquoted_string;
+           
+	/* could speed this up a lot by appending chunks of text at a
+	 * time.
+	 */
+	while (*p)
+		{
+			/* Replace literal ' with a close ', a \', and a open ' */
+			if (*p == '\'')
+				g_string_append (dest, "'\\''");
+			else
+				g_string_append_c (dest, *p);
+			++p;
+		}
+	/* close the quote */
+	g_string_append_c (dest, '\'');
+             
+	p = dest->str;
+	g_string_free (dest, FALSE);
+	return p;
+}
+#endif
+
 void open_url(GtkWidget *w, char *url)
 {
 
@@ -584,7 +636,7 @@
 		if (pid == 0) {
 			char *args[4];
 			char command[1024];
-
+			
 			if (web_browser == BROWSER_OPERA) {
 				args[0] = "opera";
 				args[1] = "-newwindow";
@@ -610,7 +662,9 @@
 				args[1] = url;
 				args[2] = NULL;
 			} else if (web_browser == BROWSER_MANUAL) {
-				g_snprintf(command, sizeof(command), web_command, url);
+				char *quoted = g_shell_quote(command);
+				g_snprintf(command, sizeof(command), web_command, quoted);
+				g_free(quoted);
 				args[0] = "sh";
 				args[1] = "-c";
 				args[2] = command;
--- a/src/gaimrc.c	Sun Aug 11 06:43:23 2002 +0000
+++ b/src/gaimrc.c	Sun Aug 11 09:03:32 2002 +0000
@@ -829,9 +829,7 @@
 		away_resend = 120;
 
 	if (misc_options & OPT_MISC_BUDDY_TICKER) {
-		char *tickerplugin = g_build_filename(LIBDIR, "ticker.so", NULL);
-		load_plugin(tickerplugin);
-		g_free(tickerplugin);
+		load_plugin(LIBDIR "/ticker.so");
 		misc_options &= ~OPT_MISC_BUDDY_TICKER;
 	} 
 }