mirror of
https://gitlab.gnome.org/GNOME/nautilus
synced 2024-11-05 16:04:31 +00:00
Use eel_str_replace_substring to replace the %s rather than using
* src/nautilus-sidebar.c: (add_command_buttons): Use eel_str_replace_substring to replace the %s rather than using g_strdup_printf. It's not safe to use a string from a data file as a strdup format string. * configure.in: Bump librsvg required verson.
This commit is contained in:
Darin Adler
parent
f4e01062fb
commit
37917988f4
4 changed files with 12 additions and 17 deletions
|
|
@ -1,3 +1,12 @@
|
|||
2002-02-28 Darin Adler <darin@bentspoon.com>
|
||||
|
||||
* src/nautilus-sidebar.c: (add_command_buttons): Use
|
||||
eel_str_replace_substring to replace the %s rather than using
|
||||
g_strdup_printf. It's not safe to use a string from a data
|
||||
file as a strdup format string.
|
||||
|
||||
* configure.in: Bump librsvg required verson.
|
||||
|
||||
2002-02-28 Josh Barrow <drleary@mac.com>
|
||||
|
||||
* icons/sierra/Makefile.am:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ GNOME_UI_REQUIRED=1.110.1
|
|||
GNOME_VFS_REQUIRED=1.1
|
||||
GTK_REQUIRED=1.3.10
|
||||
MEDUSA_REQUIRED=0.5.1
|
||||
RSVG_REQUIRED=1.1.4
|
||||
RSVG_REQUIRED=1.1.5
|
||||
XML_REQUIRED=2.4.7
|
||||
|
||||
AC_SUBST(EEL_REQUIRED)
|
||||
|
|
|
|||
|
|
@ -1366,13 +1366,6 @@ add_command_buttons (NautilusSidebar *sidebar, GList *application_list)
|
|||
FALSE, FALSE,
|
||||
0);
|
||||
|
||||
/* FIXME bugzilla.gnome.org 42510: Security hole?
|
||||
* Unsafe to use a string from the MIME file as a
|
||||
* printf format string without first checking it over
|
||||
* somehow. We can do a search and replace on the "%s"
|
||||
* part instead, which should work.
|
||||
*/
|
||||
|
||||
/* Get the local path, if there is one */
|
||||
file_path = gnome_vfs_get_local_path_from_uri (sidebar->details->uri);
|
||||
if (file_path == NULL) {
|
||||
|
|
@ -1380,7 +1373,7 @@ add_command_buttons (NautilusSidebar *sidebar, GList *application_list)
|
|||
}
|
||||
|
||||
temp_str = g_shell_quote (file_path);
|
||||
id_string = g_strdup_printf (application->id, temp_str);
|
||||
id_string = eel_str_replace_substring (application->id, "%s", temp_str);
|
||||
g_free (file_path);
|
||||
g_free (temp_str);
|
||||
|
||||
|
|
|
|||
|
|
@ -1366,13 +1366,6 @@ add_command_buttons (NautilusSidebar *sidebar, GList *application_list)
|
|||
FALSE, FALSE,
|
||||
0);
|
||||
|
||||
/* FIXME bugzilla.gnome.org 42510: Security hole?
|
||||
* Unsafe to use a string from the MIME file as a
|
||||
* printf format string without first checking it over
|
||||
* somehow. We can do a search and replace on the "%s"
|
||||
* part instead, which should work.
|
||||
*/
|
||||
|
||||
/* Get the local path, if there is one */
|
||||
file_path = gnome_vfs_get_local_path_from_uri (sidebar->details->uri);
|
||||
if (file_path == NULL) {
|
||||
|
|
@ -1380,7 +1373,7 @@ add_command_buttons (NautilusSidebar *sidebar, GList *application_list)
|
|||
}
|
||||
|
||||
temp_str = g_shell_quote (file_path);
|
||||
id_string = g_strdup_printf (application->id, temp_str);
|
||||
id_string = eel_str_replace_substring (application->id, "%s", temp_str);
|
||||
g_free (file_path);
|
||||
g_free (temp_str);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue