Mercurial > pidgin

changeset 10209:9e0b98c458b1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 11331] gaim_notify_uri now needs trusted parameter to indicate whether the source of the uri is trusted. This helps us avoid the security risks involved in blindly executing untrusted local file URIs in windows. This fixes the MSN open mail bug on windows. committer: Tailor Script <tailor@pidgin.im>
author Herman Bloggs <hermanator12002@yahoo.com>
date Fri, 19 Nov 2004 20:18:14 +0000
parents cbdce0acbbe6
children 4d3c2749deec
files ChangeLog.win32 src/gtkblist.c src/gtknotify.c src/gtkutils.c src/notify.c src/notify.h src/protocols/jabber/jabber.c src/protocols/oscar/oscar.c src/protocols/trepia/trepia.c src/protocols/yahoo/yahoo.c
diffstat 10 files changed, 38 insertions(+), 28 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog.win32	Fri Nov 19 16:42:07 2004 +0000
+++ b/ChangeLog.win32	Fri Nov 19 20:18:14 2004 +0000
@@ -1,3 +1,6 @@
+version 2.0.0:
+	* MSN open email bug fixed.
+
 version 1.0.2 (10/20/2004):
 	* Updated GTK+ to 2.4.10 (rev b)
 	  This revision updates glib to 2.4.7 and pango to 1.6.0, fixing the
--- a/src/gtkblist.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/gtkblist.c	Fri Nov 19 20:18:14 2004 +0000
@@ -601,7 +601,7 @@
 
 static void gtk_blist_show_onlinehelp_cb()
 {
-	gaim_notify_uri(NULL, GAIM_WEBSITE "documentation.php");
+	gaim_notify_uri(NULL, GAIM_WEBSITE "documentation.php", TRUE);
 }
 
 static void
--- a/src/gtknotify.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/gtknotify.c	Fri Nov 19 20:18:14 2004 +0000
@@ -62,7 +62,7 @@
 email_response_cb(GtkDialog *dialog, gint id, GaimNotifyMailData *data)
 {
 	if (id == 0)
-		gaim_notify_uri(NULL, data->url);
+		gaim_notify_uri(NULL, data->url, TRUE);
 
 	gaim_notify_close(GAIM_NOTIFY_EMAILS, data);
 }
@@ -454,7 +454,7 @@
 #endif /* _WIN32 */
 
 static void *
-gaim_gtk_notify_uri(const char *uri)
+gaim_gtk_notify_uri(const char *uri, gboolean trusted)
 {
 #ifndef _WIN32
 	char *command = NULL;
@@ -599,19 +599,25 @@
 
 #else /* !_WIN32 */
 	/**
-	 * Since this could be potentially dangerous,
-	 * allowing a URI to try to perform some sort of malicious operation,
-	 * we only allow execution when the URI starts with
-	 * "http://", "https://", "ftp://", "mailto:"
+	 * If the URI is not trusted we limit ourselves to the following URI
+	 * types (Execution of an untrusted local file URI could potentially
+	 * be a security risk):
+	 * http, https, ftp, mailto
 	 */
-	if (g_ascii_strncasecmp(uri, "http://", 7) == 0
-			|| g_ascii_strncasecmp(uri, "mailto:", 7) == 0
-			|| g_ascii_strncasecmp(uri, "https://", 8) == 0
-			|| g_ascii_strncasecmp(uri, "ftp://", 6) == 0
-		) {
-		ShellExecute(NULL, NULL, uri, NULL, ".\\", 0);
-	} else {
-		gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri);
+	if(!trusted &&
+	   !(g_ascii_strncasecmp(uri, "http://", 7) == 0 ||
+		 g_ascii_strncasecmp(uri, "mailto:", 7) == 0 ||
+		 g_ascii_strncasecmp(uri, "https://", 8) == 0 ||
+		 g_ascii_strncasecmp(uri, "ftp://", 6) == 0)) {
+		gaim_debug_misc("gtknotify",
+						"Ignoring untrusted '%s' URI as it is not recognized as a secure URI.\n",
+						uri);
+	}
+	else {
+		int ret;
+		/* The URI is trusted */
+		if((ret = ShellExecute(NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL)) <= 32)
+			gaim_debug_error("gtknotify", "Opening URI: '%s' ShellExecute failure: %d\n", uri, ret);
 	}
 #endif /* !_WIN32 */
 
--- a/src/gtkutils.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/gtkutils.c	Fri Nov 19 20:18:14 2004 +0000
@@ -61,7 +61,7 @@
 static gboolean
 url_clicked_idle_cb(gpointer data)
 {
-	gaim_notify_uri(NULL, data);
+	gaim_notify_uri(NULL, data, FALSE);
 	g_free(data);
 	return FALSE;
 }
--- a/src/notify.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/notify.c	Fri Nov 19 20:18:14 2004 +0000
@@ -183,7 +183,7 @@
 }
 
 void *
-gaim_notify_uri(void *handle, const char *uri)
+gaim_notify_uri(void *handle, const char *uri, gboolean trusted)
 {
 	GaimNotifyUiOps *ops;
 
@@ -197,7 +197,7 @@
 		info            = g_new0(GaimNotifyInfo, 1);
 		info->type      = GAIM_NOTIFY_URI;
 		info->handle    = handle;
-		info->ui_handle = ops->notify_uri(uri);
+		info->ui_handle = ops->notify_uri(uri, trusted);
 
 		handles = g_list_append(handles, info);
 
--- a/src/notify.h	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/notify.h	Fri Nov 19 20:18:14 2004 +0000
@@ -78,7 +78,7 @@
 							  const char *title, const char *primary,
 							  const char *secondary, const char *text,
 							  GCallback cb, void *user_data);
-	void *(*notify_uri)(const char *uri);
+	void *(*notify_uri)(const char *uri, gboolean trusted);
 
 	void (*close_notify)(GaimNotifyType type, void *ui_handle);
 
@@ -202,14 +202,15 @@
 /**
  * Opens a URI or somehow presents it to the user.
  *
- * @param handle The plugin or connection handle.
- * @param uri    The URI to display or go to.
+ * @param handle  The plugin or connection handle.
+ * @param uri     The URI to display or go to.
+ * @param trusted The source of the URI is trusted.
  *
  * @return A UI-specific handle, if any. This may only be presented if
  *         the UI code displays a dialog instead of a webpage, or something
  *         similar.
  */
-void *gaim_notify_uri(void *handle, const char *uri);
+void *gaim_notify_uri(void *handle, const char *uri, gboolean trusted);
 
 /**
  * Closes a notification.
--- a/src/protocols/jabber/jabber.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/protocols/jabber/jabber.c	Fri Nov 19 20:18:14 2004 +0000
@@ -571,7 +571,7 @@
 			if((url = xmlnode_get_child(x, "url"))) {
 				char *href;
 				if((href = xmlnode_get_data(url))) {
-					gaim_notify_uri(NULL, href);
+					gaim_notify_uri(NULL, href, TRUE);
 					g_free(href);
 					js->gc->wants_to_die = TRUE;
 					jabber_connection_schedule_close(js);
--- a/src/protocols/oscar/oscar.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/protocols/oscar/oscar.c	Fri Nov 19 20:18:14 2004 +0000
@@ -7194,7 +7194,7 @@
 static void oscar_show_set_info_icqurl(GaimPluginAction *action)
 {
 	GaimConnection *gc = (GaimConnection *) action->context;
-	gaim_notify_uri(gc, "http://www.icq.com/whitepages/user_details.php");
+	gaim_notify_uri(gc, "http://www.icq.com/whitepages/user_details.php", TRUE);
 }
 
 static void oscar_change_pass(GaimPluginAction *action)
@@ -7208,14 +7208,14 @@
 	GaimConnection *gc = (GaimConnection *) action->context;
 	OscarData *od = gc->proto_data;
 	gchar *substituted = gaim_strreplace(od->sess->authinfo->chpassurl, "%s", gaim_account_get_username(gaim_connection_get_account(gc)));
-	gaim_notify_uri(gc, substituted);
+	gaim_notify_uri(gc, substituted, TRUE);
 	g_free(substituted);
 }
 
 static void oscar_show_imforwardingurl(GaimPluginAction *action)
 {
 	GaimConnection *gc = (GaimConnection *) action->context;
-	gaim_notify_uri(gc, "http://mymobile.aol.com/dbreg/register?action=imf&clientID=1");
+	gaim_notify_uri(gc, "http://mymobile.aol.com/dbreg/register?action=imf&clientID=1", TRUE);
 }
 
 static void oscar_set_icon(GaimConnection *gc, const char *iconfile)
--- a/src/protocols/trepia/trepia.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/protocols/trepia/trepia.c	Fri Nov 19 20:18:14 2004 +0000
@@ -459,7 +459,7 @@
 	value = trepia_profile_get_homepage(profile);
 
 	if (value != NULL)
-		gaim_notify_uri(gc, value);
+		gaim_notify_uri(gc, value, FALSE);
 }
 
 static GList *
--- a/src/protocols/yahoo/yahoo.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/protocols/yahoo/yahoo.c	Fri Nov 19 20:18:14 2004 +0000
@@ -2713,7 +2713,7 @@
 		t++;
 	*t = 0;
 	g_snprintf(url, sizeof url, "http://games.yahoo.com/games/%s", game2);
-	gaim_notify_uri(gc, url);
+	gaim_notify_uri(gc, url, TRUE);
 	g_free(game2);
 }