diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | src/bookmarks/ephy-bookmarks.c | 11 |
2 files changed, 17 insertions, 2 deletions
@@ -1,5 +1,13 @@ 2005-07-17 Christian Persch <chpe@cvs.gnome.org> + * src/bookmarks/ephy-bookmarks.c: (get_option), + (ephy_bookmarks_get_smart_bookmark_width): + + Only allow alphanumeric option arguments, and limit length to 32 + characters at most. Use g_ascii_strtoull. + +2005-07-17 Christian Persch <chpe@cvs.gnome.org> + A embed/mozilla/EphyAboutModule.cpp: A embed/mozilla/EphyAboutModule.h: R embed/mozilla/EphyProtocolHandler.cpp: diff --git a/src/bookmarks/ephy-bookmarks.c b/src/bookmarks/ephy-bookmarks.c index 25caad17f..e934cad9f 100644 --- a/src/bookmarks/ephy-bookmarks.c +++ b/src/bookmarks/ephy-bookmarks.c @@ -1286,7 +1286,7 @@ get_option (char *start, const char *name, char **optionsend) { - char *end; + char *end, *p; *optionsend = start; @@ -1305,6 +1305,13 @@ get_option (char *start, end = strstr (start, ","); if (end == NULL || end >= *optionsend) end = *optionsend - 1; + /* limit option length and sanity-check it */ + if (end - start > 32) return NULL; + for (p = start; p < end; ++p) + { + if (!g_ascii_isalnum (*p)) return NULL; + } + return g_strndup (start, end - start); } @@ -1382,7 +1389,7 @@ ephy_bookmarks_get_smart_bookmark_width (EphyNode *bookmark) number = get_option (option, "width=", &end); if (number == NULL) return 0; - width = atoi (number); + width = (guint) g_ascii_strtoull (number, NULL, 10); g_free (number); return CLAMP (width, 1, 64); |