diff options
author | Christian Persch <chpe@cvs.gnome.org> | 2005-07-18 00:25:27 +0800 |
---|---|---|
committer | Christian Persch <chpe@src.gnome.org> | 2005-07-18 00:25:27 +0800 |
commit | c999186f5e8e01f7e254d40b93526e9b57378169 (patch) | |
tree | bcf433c9be51c4e4cee30b041588dee42b38a6b5 /src | |
parent | 056e78ca2904f2a8f7eaa200098f36f0029c4425 (diff) | |
download | gsoc2013-epiphany-c999186f5e8e01f7e254d40b93526e9b57378169.tar gsoc2013-epiphany-c999186f5e8e01f7e254d40b93526e9b57378169.tar.gz gsoc2013-epiphany-c999186f5e8e01f7e254d40b93526e9b57378169.tar.bz2 gsoc2013-epiphany-c999186f5e8e01f7e254d40b93526e9b57378169.tar.lz gsoc2013-epiphany-c999186f5e8e01f7e254d40b93526e9b57378169.tar.xz gsoc2013-epiphany-c999186f5e8e01f7e254d40b93526e9b57378169.tar.zst gsoc2013-epiphany-c999186f5e8e01f7e254d40b93526e9b57378169.zip |
Only allow alphanumeric option arguments, and limit length to 32
2005-07-17 Christian Persch <chpe@cvs.gnome.org>
* src/bookmarks/ephy-bookmarks.c: (get_option),
(ephy_bookmarks_get_smart_bookmark_width):
Only allow alphanumeric option arguments, and limit length to 32
characters at most. Use g_ascii_strtoull.
Diffstat (limited to 'src')
-rw-r--r-- | src/bookmarks/ephy-bookmarks.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/bookmarks/ephy-bookmarks.c b/src/bookmarks/ephy-bookmarks.c index 25caad17f..e934cad9f 100644 --- a/src/bookmarks/ephy-bookmarks.c +++ b/src/bookmarks/ephy-bookmarks.c @@ -1286,7 +1286,7 @@ get_option (char *start, const char *name, char **optionsend) { - char *end; + char *end, *p; *optionsend = start; @@ -1305,6 +1305,13 @@ get_option (char *start, end = strstr (start, ","); if (end == NULL || end >= *optionsend) end = *optionsend - 1; + /* limit option length and sanity-check it */ + if (end - start > 32) return NULL; + for (p = start; p < end; ++p) + { + if (!g_ascii_isalnum (*p)) return NULL; + } + return g_strndup (start, end - start); } @@ -1382,7 +1389,7 @@ ephy_bookmarks_get_smart_bookmark_width (EphyNode *bookmark) number = get_option (option, "width=", &end); if (number == NULL) return 0; - width = atoi (number); + width = (guint) g_ascii_strtoull (number, NULL, 10); g_free (number); return CLAMP (width, 1, 64); |