Mercurial > pidgin
changeset 10209:9e0b98c458b1
[gaim-migrate @ 11331]
gaim_notify_uri now needs trusted parameter to indicate whether
the source of the uri is trusted. This helps us avoid the security risks
involved in blindly executing untrusted local file URIs in windows. This
fixes the MSN open mail bug on windows.
committer: Tailor Script <tailor@pidgin.im>
author | Herman Bloggs <hermanator12002@yahoo.com> |
---|---|
date | Fri, 19 Nov 2004 20:18:14 +0000 |
parents | cbdce0acbbe6 |
children | 4d3c2749deec |
files | ChangeLog.win32 src/gtkblist.c src/gtknotify.c src/gtkutils.c src/notify.c src/notify.h src/protocols/jabber/jabber.c src/protocols/oscar/oscar.c src/protocols/trepia/trepia.c src/protocols/yahoo/yahoo.c |
diffstat | 10 files changed, 38 insertions(+), 28 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog.win32 Fri Nov 19 16:42:07 2004 +0000 +++ b/ChangeLog.win32 Fri Nov 19 20:18:14 2004 +0000 @@ -1,3 +1,6 @@ +version 2.0.0: + * MSN open email bug fixed. + version 1.0.2 (10/20/2004): * Updated GTK+ to 2.4.10 (rev b) This revision updates glib to 2.4.7 and pango to 1.6.0, fixing the
--- a/src/gtkblist.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/gtkblist.c Fri Nov 19 20:18:14 2004 +0000 @@ -601,7 +601,7 @@ static void gtk_blist_show_onlinehelp_cb() { - gaim_notify_uri(NULL, GAIM_WEBSITE "documentation.php"); + gaim_notify_uri(NULL, GAIM_WEBSITE "documentation.php", TRUE); } static void
--- a/src/gtknotify.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/gtknotify.c Fri Nov 19 20:18:14 2004 +0000 @@ -62,7 +62,7 @@ email_response_cb(GtkDialog *dialog, gint id, GaimNotifyMailData *data) { if (id == 0) - gaim_notify_uri(NULL, data->url); + gaim_notify_uri(NULL, data->url, TRUE); gaim_notify_close(GAIM_NOTIFY_EMAILS, data); } @@ -454,7 +454,7 @@ #endif /* _WIN32 */ static void * -gaim_gtk_notify_uri(const char *uri) +gaim_gtk_notify_uri(const char *uri, gboolean trusted) { #ifndef _WIN32 char *command = NULL; @@ -599,19 +599,25 @@ #else /* !_WIN32 */ /** - * Since this could be potentially dangerous, - * allowing a URI to try to perform some sort of malicious operation, - * we only allow execution when the URI starts with - * "http://", "https://", "ftp://", "mailto:" + * If the URI is not trusted we limit ourselves to the following URI + * types (Execution of an untrusted local file URI could potentially + * be a security risk): + * http, https, ftp, mailto */ - if (g_ascii_strncasecmp(uri, "http://", 7) == 0 - || g_ascii_strncasecmp(uri, "mailto:", 7) == 0 - || g_ascii_strncasecmp(uri, "https://", 8) == 0 - || g_ascii_strncasecmp(uri, "ftp://", 6) == 0 - ) { - ShellExecute(NULL, NULL, uri, NULL, ".\\", 0); - } else { - gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri); + if(!trusted && + !(g_ascii_strncasecmp(uri, "http://", 7) == 0 || + g_ascii_strncasecmp(uri, "mailto:", 7) == 0 || + g_ascii_strncasecmp(uri, "https://", 8) == 0 || + g_ascii_strncasecmp(uri, "ftp://", 6) == 0)) { + gaim_debug_misc("gtknotify", + "Ignoring untrusted '%s' URI as it is not recognized as a secure URI.\n", + uri); + } + else { + int ret; + /* The URI is trusted */ + if((ret = ShellExecute(NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL)) <= 32) + gaim_debug_error("gtknotify", "Opening URI: '%s' ShellExecute failure: %d\n", uri, ret); } #endif /* !_WIN32 */
--- a/src/gtkutils.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/gtkutils.c Fri Nov 19 20:18:14 2004 +0000 @@ -61,7 +61,7 @@ static gboolean url_clicked_idle_cb(gpointer data) { - gaim_notify_uri(NULL, data); + gaim_notify_uri(NULL, data, FALSE); g_free(data); return FALSE; }
--- a/src/notify.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/notify.c Fri Nov 19 20:18:14 2004 +0000 @@ -183,7 +183,7 @@ } void * -gaim_notify_uri(void *handle, const char *uri) +gaim_notify_uri(void *handle, const char *uri, gboolean trusted) { GaimNotifyUiOps *ops; @@ -197,7 +197,7 @@ info = g_new0(GaimNotifyInfo, 1); info->type = GAIM_NOTIFY_URI; info->handle = handle; - info->ui_handle = ops->notify_uri(uri); + info->ui_handle = ops->notify_uri(uri, trusted); handles = g_list_append(handles, info);
--- a/src/notify.h Fri Nov 19 16:42:07 2004 +0000 +++ b/src/notify.h Fri Nov 19 20:18:14 2004 +0000 @@ -78,7 +78,7 @@ const char *title, const char *primary, const char *secondary, const char *text, GCallback cb, void *user_data); - void *(*notify_uri)(const char *uri); + void *(*notify_uri)(const char *uri, gboolean trusted); void (*close_notify)(GaimNotifyType type, void *ui_handle); @@ -202,14 +202,15 @@ /** * Opens a URI or somehow presents it to the user. * - * @param handle The plugin or connection handle. - * @param uri The URI to display or go to. + * @param handle The plugin or connection handle. + * @param uri The URI to display or go to. + * @param trusted The source of the URI is trusted. * * @return A UI-specific handle, if any. This may only be presented if * the UI code displays a dialog instead of a webpage, or something * similar. */ -void *gaim_notify_uri(void *handle, const char *uri); +void *gaim_notify_uri(void *handle, const char *uri, gboolean trusted); /** * Closes a notification.
--- a/src/protocols/jabber/jabber.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/jabber/jabber.c Fri Nov 19 20:18:14 2004 +0000 @@ -571,7 +571,7 @@ if((url = xmlnode_get_child(x, "url"))) { char *href; if((href = xmlnode_get_data(url))) { - gaim_notify_uri(NULL, href); + gaim_notify_uri(NULL, href, TRUE); g_free(href); js->gc->wants_to_die = TRUE; jabber_connection_schedule_close(js);
--- a/src/protocols/oscar/oscar.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/oscar/oscar.c Fri Nov 19 20:18:14 2004 +0000 @@ -7194,7 +7194,7 @@ static void oscar_show_set_info_icqurl(GaimPluginAction *action) { GaimConnection *gc = (GaimConnection *) action->context; - gaim_notify_uri(gc, "http://www.icq.com/whitepages/user_details.php"); + gaim_notify_uri(gc, "http://www.icq.com/whitepages/user_details.php", TRUE); } static void oscar_change_pass(GaimPluginAction *action) @@ -7208,14 +7208,14 @@ GaimConnection *gc = (GaimConnection *) action->context; OscarData *od = gc->proto_data; gchar *substituted = gaim_strreplace(od->sess->authinfo->chpassurl, "%s", gaim_account_get_username(gaim_connection_get_account(gc))); - gaim_notify_uri(gc, substituted); + gaim_notify_uri(gc, substituted, TRUE); g_free(substituted); } static void oscar_show_imforwardingurl(GaimPluginAction *action) { GaimConnection *gc = (GaimConnection *) action->context; - gaim_notify_uri(gc, "http://mymobile.aol.com/dbreg/register?action=imf&clientID=1"); + gaim_notify_uri(gc, "http://mymobile.aol.com/dbreg/register?action=imf&clientID=1", TRUE); } static void oscar_set_icon(GaimConnection *gc, const char *iconfile)
--- a/src/protocols/trepia/trepia.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/trepia/trepia.c Fri Nov 19 20:18:14 2004 +0000 @@ -459,7 +459,7 @@ value = trepia_profile_get_homepage(profile); if (value != NULL) - gaim_notify_uri(gc, value); + gaim_notify_uri(gc, value, FALSE); } static GList *
--- a/src/protocols/yahoo/yahoo.c Fri Nov 19 16:42:07 2004 +0000 +++ b/src/protocols/yahoo/yahoo.c Fri Nov 19 20:18:14 2004 +0000 @@ -2713,7 +2713,7 @@ t++; *t = 0; g_snprintf(url, sizeof url, "http://games.yahoo.com/games/%s", game2); - gaim_notify_uri(gc, url); + gaim_notify_uri(gc, url, TRUE); g_free(game2); }