aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mail/ChangeLog17
-rw-r--r--mail/mail-display.c5
-rw-r--r--mail/mail-format.c33
3 files changed, 10 insertions, 45 deletions
diff --git a/mail/ChangeLog b/mail/ChangeLog
index a8be5524cc..ec8c9e200c 100644
--- a/mail/ChangeLog
+++ b/mail/ChangeLog
@@ -1,22 +1,5 @@
2003-03-12 Jeffrey Stedfast <fejj@ximian.com>
- Security vulnerability fixes.
-
- * mail-display.c (do_external_viewer): Make sure that we don't
- launch a bonobo control to view a mime-type that we handle
- internally, otherwise maliciously formed HTML mail using <object>
- tags could potentially launch a bonobo vontrol to view the mime
- part bypassing any checks that Evolution might do on the data
- normally.
-
- * mail-format.c (handle_text_html, attachment_header)
- (handle_image, handle_via_bonobo): Encode the result from
- get_cid() so that malicious Content-Id strings cannot bypass the
- user's preference to not load http images, force a bonobo control
- to load passing it arbitrary data, etc.
-
-2003-03-12 Jeffrey Stedfast <fejj@ximian.com>
-
* mail-signature-editor.c (menu_file_save_cb): Rewritten to do the
same as the composer's build_message() code.
diff --git a/mail/mail-display.c b/mail/mail-display.c
index 955de714ea..83387bde92 100644
--- a/mail/mail-display.c
+++ b/mail/mail-display.c
@@ -1081,11 +1081,6 @@ do_external_viewer (GtkHTML *html, GtkHTMLEmbedded *eb,
CORBA_Environment ev;
CamelStreamMem *cstream;
BonoboStream *bstream;
- MailMimeHandler *handler;
-
- handler = mail_lookup_handler (eb->type);
- if (!handler || handler->builtin)
- return FALSE;
component = gnome_vfs_mime_get_default_component (eb->type);
if (!component)
diff --git a/mail/mail-format.c b/mail/mail-format.c
index 9e24a1c065..67a4604b2c 100644
--- a/mail/mail-format.c
+++ b/mail/mail-format.c
@@ -613,7 +613,7 @@ static void
attachment_header (CamelMimePart *part, const char *mime_type, MailDisplay *md,
MailDisplayStream *stream)
{
- char *htmlinfo, *cid_html;
+ char *htmlinfo;
const char *info;
/* Start the table, create the pop-up object. */
@@ -622,10 +622,8 @@ attachment_header (CamelMimePart *part, const char *mime_type, MailDisplay *md,
"<tr><td></td></tr></table></td>");
if (!md->printing) {
- cid_html = camel_text_to_html (get_cid (part, md), 0, 0);
camel_stream_printf ((CamelStream *) stream, "<td><object classid=\"popup:%s\""
- "type=\"%s\"></object></td>", cid_html, mime_type);
- g_free (cid_html);
+ "type=\"%s\"></object></td>", get_cid (part, md), mime_type);
}
camel_stream_write_string ((CamelStream *) stream, "<td><table width=3 cellspacing=0 cellpadding=0>"
@@ -1281,7 +1279,6 @@ handle_text_html (CamelMimePart *part, const char *mime_type,
MailDisplay *md, MailDisplayStream *stream)
{
const char *location, *base;
- char *buf;
camel_stream_write_string ((CamelStream *) stream, "\n<!-- text/html -->\n");
@@ -1306,10 +1303,8 @@ handle_text_html (CamelMimePart *part, const char *mime_type,
if (!location)
location = get_cid (part, md);
- buf = camel_text_to_html (location, 0, 0);
camel_stream_printf ((CamelStream *) stream, "<iframe src=\"%s\" frameborder=0 "
- "scrolling=no>could not get %s</iframe>", buf, buf);
- g_free (buf);
+ "scrolling=no>could not get %s</iframe>", location, location);
return TRUE;
}
@@ -1317,12 +1312,8 @@ handle_text_html (CamelMimePart *part, const char *mime_type,
static gboolean
handle_image (CamelMimePart *part, const char *mime_type, MailDisplay *md, MailDisplayStream *stream)
{
- char *buf;
-
- buf = camel_text_to_html (get_cid (part, md), 0, 0);
- camel_stream_printf ((CamelStream *) stream, "<img hspace=10 vspace=10 src=\"%s\">", buf);
- g_free (buf);
-
+ camel_stream_printf ((CamelStream *) stream, "<img hspace=10 vspace=10 src=\"%s\">",
+ get_cid (part, md));
return TRUE;
}
@@ -1823,15 +1814,11 @@ static gboolean
handle_via_bonobo (CamelMimePart *part, const char *mime_type,
MailDisplay *md, MailDisplayStream *stream)
{
- char *buf;
-
- if (md->printing)
- return TRUE;
-
- buf = camel_text_to_html (get_cid (part, md), 0, 0);
- camel_stream_printf ((CamelStream *) stream, "<object classid=\"%s\" type=\"%s\"></object>",
- buf, mime_type);
- g_free (buf);
+ if (!md->printing) {
+ camel_stream_printf ((CamelStream *) stream,
+ "<object classid=\"%s\" type=\"%s\"></object>",
+ get_cid (part, md), mime_type);
+ }
return TRUE;
}