debian/midori
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Protect speed dial against quoting in titles

Browse source
This commit is contained in:
Jean-François Guchens 2009-05-15 23:49:01 +02:00 committed by Christian Dywan
parent b6ea294189
commit 0717e42458
2 changed files with 38 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
midori/midori-browser.c
View file

@ -948,6 +948,18 @@ midori_browser_add_speed_dial (MidoriBrowser* browser)
gchar* title = g_strdup (midori_view_get_display_title (MIDORI_VIEW (view)));
gchar* slot_id = midori_browser_speed_dial_get_next_free_slot ();
GRegex* reg_quotes = g_regex_new ("'", 0, 0, NULL);
GRegex* reg_others = g_regex_new ("[\\\"\\\\]", 0, 0, NULL);
gchar* temp_title = g_regex_replace_literal (reg_others, title,
-1, 0, " ", 0, NULL);
g_free (title);
title = g_regex_replace_literal (reg_quotes, temp_title, -1, 0,
"\\\\'", 0, NULL);
g_free (temp_title);
g_regex_unref (reg_quotes);
g_regex_unref (reg_others);
if (slot_id == NULL)
{
g_free (uri);
@ -957,11 +969,27 @@ midori_browser_add_speed_dial (MidoriBrowser* browser)
if ((len = g_utf8_strlen (title, -1)) > 15)
{
gchar* ellipsized = g_malloc0 (len + 1);
/**
* The case when a quote was escaped with a backslash and the
* backslash becomes the last character of the ellipsized string.
* This causes JSON parsing to fail.
* For example: "My Foo Bar \'b\..."
**/
GRegex* reg_unsafe = g_regex_new ("([\\\\]+\\.)", 0, 0, NULL);
gchar* temp;
gchar* ellipsized = g_malloc0 ( len + 1);
g_utf8_strncpy (ellipsized, title, 15);
g_free (title);
title = g_strdup_printf ("%s...", ellipsized);
temp = g_strdup_printf ("%s...", ellipsized);
g_free (ellipsized);
title = g_regex_replace_literal (reg_unsafe, temp, -1, 0, ".", 0, NULL);
g_free (temp);
g_regex_unref (reg_unsafe);
}
folder = g_build_filename (g_get_user_cache_dir (), PACKAGE_NAME, "thumbs", NULL);
@ -999,6 +1027,7 @@ midori_browser_add_speed_dial (MidoriBrowser* browser)
regex = g_regex_new (replace_from, G_REGEX_MULTILINE, 0, NULL);
replace = g_regex_replace (regex, speed_dial_body, -1,
1, replace_by, 0, NULL);
g_file_set_contents (body_fname, replace, -1, NULL);
g_object_unref (img);

17
midori/midori-view.c
View file

@ -2021,7 +2021,6 @@ midori_view_set_uri (MidoriView* view,
gchar* speed_dial_head;
gchar* speed_dial_body;
gchar* body_fname;
gchar* location_entry_search;
gchar* stock_root;
katze_assign (view->uri, g_strdup (""));
@ -2047,18 +2046,11 @@ midori_view_set_uri (MidoriView* view,
else
g_file_get_contents (body_fname, &speed_dial_body, NULL, NULL);
g_object_get (view->settings, "location-entry-search",
&location_entry_search, NULL);
data = sokoke_replace_variables (speed_dial_head,
"{res}", res_root,
"{stock}", stock_root,
"{json_data}", speed_dial_body,
"{title}", _("Speed dial"),
"{search_uri}", location_entry_search,
"{search_title}", _("Search"),
"{search}", _("Search"),
"{click_to_add}", _("Click to add a shortcut"),
"{enter_shortcut_address}", _("Enter shortcut address"),
"{enter_shortcut_name}", _("Enter shortcut title"),
@ -2080,7 +2072,6 @@ midori_view_set_uri (MidoriView* view,
g_free (speed_dial_head);
g_free (speed_dial_body);
g_free (body_fname);
g_free (location_entry_search);
}
/* This is not prefectly elegant, but creating an
error page inline is the simplest solution. */
@ -3061,7 +3052,13 @@ midori_view_speed_dial_save (GtkWidget* web_view,
gchar* json = g_strdup (message + 15);
gchar* fname = g_build_filename (sokoke_set_config_dir (NULL),
"speeddial.json", NULL);
g_file_set_contents (fname, json, -1, NULL);
GRegex* reg_double = g_regex_new ("\\\\\"", 0, 0, NULL);
gchar* safe = g_regex_replace_literal (reg_double, json, -1, 0, "\\\\\"", 0, NULL);
g_file_set_contents (fname, safe, -1, NULL);
g_free (fname);
g_free (json);
g_free (safe);
g_regex_unref (reg_double);
}